[Sumbunny]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:14 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fujitsupc.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: johnqtv1 Toolbar - {e413a417-d00b-4a3b-9c17-19048046f1ce} - C:\Program Files\johnqtv1\tbjoh0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: johnqtv1 Toolbar - {e413a417-d00b-4a3b-9c17-19048046f1ce} - C:\Program Files\johnqtv1\tbjoh0.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTSyncU.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?61bff3b6a8f1403da23827e008924b8f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?61bff3b6a8f1403da23827e008924b8f
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190501929148
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: wvututt - wvututt.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

--
End of file - 7900 bytes


Uninstall List

913D Camera
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 7.0
ATI Control Panel
ATI Display Driver
AudibleManager
avast! Antivirus
AVG Anti-Spyware 7.5
CCScore
Creative Software AutoUpdate
Creative System Information
Creative ZEN
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
EPSON Printer Software
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Eye Candy 4000
fflink
FileVOoM Pro 2.5
Form Fill (Windows Live Toolbar)
Fujitsu Hotkey Utility
Fujitsu Service Assistant
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iConcepts Music Express
J2SE Runtime Environment 5.0 Update 3
Java™ 6 Update 3
Java™ 6 Update 5
johnqtv1 Toolbar
Kaspersky Online Scanner
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LifeBook Application Panel
LimeWire 4.14.10
Map Button (Windows Live Toolbar)
Maxtor Manager
Maxtor Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Pro Step by Step Interactive
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NCH Toolbox
netbrdg
Netflix Movie Viewer
Netscape 6 (6.1)
Next Generation Visualisations
OfotoXMI
OneCare Advisor (Windows Live Toolbar)
PC-Doctor for Windows
PC-Doctor WINDSAPI SDK
PhoTags Express
Popup Blocker (Windows Live Toolbar)
Quicken 2003 New User Edition
QuickTime
RegCure 1.4.0.4
Rhapsody Player Engine
RTLSetup for Realtek RTL8139/810x Family NIC 3.00
Sansa Updater
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SFR
SHASTA
SigmaTel AC97 Audio Drivers
skin0001
SKINXSDK
Smart Menus (Windows Live Toolbar)
staticcr
SUPERAntiSpyware Free Edition
Tabbed Browsing (Windows Live Toolbar)
tooltips
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VPRINTOL
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WIRELESS
Yahoo! Music Jukebox
Yahoo! Toolbar
ZEN Media Explorer
ZENcast Organizer


This is the report from the
KASPERSKY ONLINE SCANNER REPORT
Tuesday, March 11, 2008 5:29:48 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/03/2008
Kaspersky Anti-Virus database records: 624691
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Scan Statistics
Total number of scanned objects 97052
Number of viruses found 4
Number of infected objects 34
Number of suspicious objects 0
Duration of the scan process 03:04:42

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\82kozdtp.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\82kozdtp.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\82kozdtp.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\82kozdtp.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\82kozdtp.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\82kozdtp.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\82kozdtp.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\82kozdtp.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-541466c1/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-541466c1 ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-54b10eb4/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-54b10eb4 ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-11-2008( 13-45-12 ).LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\82kozdtp.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\82kozdtp.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\82kozdtp.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\82kozdtp.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bdhopyox.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bdhqtixx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bmlnigbs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cpyiehvm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dfqyrsxc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\elrmuikt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gihjafmt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hejkpblx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hemgwyla.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hgewvblh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hrasntts.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iwvgcgqa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ljhrvsnm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\metbtvmt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oddhovab.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ovqddqyj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jxa skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qendkbkj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ramdqyfb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rqqhycpo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rupdfkbe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rxqjewmk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uvkbcbnc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wlbqxekd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xlwscqfn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ykcehfju.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-10_140400.65.zip/efefc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-10_140400.65.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9CE2FCC1-4059-4363-A3E7-752E455FE990}\RP319\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{FAA14843-2347-4F49-B74E-7468BA1A70DD}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\L36B1.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.aev skipped
C:\WINDOWS\system32\L36B1.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.aev skipped
C:\WINDOWS\system32\L36B1.tmp NSIS: infected - 2 skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_c0.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{9CE2FCC1-4059-4363-A3E7-752E455FE990}\RP321\change.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{9CE2FCC1-4059-4363-A3E7-752E455FE990}\RP321\change.log Object is locked skipped
Scan process completed.


Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-11 19:53:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-03-12 02:54:22 UTC - RP324 - Deckard's System Scanner Restore Point
9: 2008-03-12 00:58:42 UTC - RP323 - Software Distribution Service 3.0
8: 2008-03-12 00:31:08 UTC - RP322 - Removed Java™ 6 Update 5
7: 2008-03-11 23:54:41 UTC - RP321 - Removed Java™ 6 Update 3
6: 2008-03-11 23:51:58 UTC - RP320 - Removed J2SE Runtime Environment 5.0 Update 3


-- First Restore Point --
1: 2008-03-10 23:19:15 UTC - RP315 - CLEAN


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:20 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fujitsupc.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: johnqtv1 Toolbar - {e413a417-d00b-4a3b-9c17-19048046f1ce} - C:\Program Files\johnqtv1\tbjoh0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: johnqtv1 Toolbar - {e413a417-d00b-4a3b-9c17-19048046f1ce} - C:\Program Files\johnqtv1\tbjoh0.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTSyncU.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?61bff3b6a8f1403da23827e008924b8f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?61bff3b6a8f1403da23827e008924b8f
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190501929148
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: wvututt - wvututt.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

--
End of file - 7594 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 BtnHnd - c:\program files\fujitsu\btnhnd\btnhnd.sys <Not Verified; FUJITSU LIMITED; Button handler>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 LHidUsbK (Logitech SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys (file missing)
S3 LMouKE (Logitech SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
S3 SQTECH913D (913D Camera) - c:\windows\system32\drivers\capt913d.sys <Not Verified; Service & Quality Technology.; SQ913D>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-11 19:29:03 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-03-11 18:05:39 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-03-03 22:31:09 436 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job
2008-01-25 10:08:23 372 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2008-02-11 and 2008-03-11 -----------------------------

2008-03-11 17:53:20 0 d-------- C:\ie-spyad
2008-03-11 17:52:55 0 d-------- C:\Program Files\SpywareBlaster
2008-03-11 17:51:39 0 d-------- C:\Program Files\SpywareGuard
2008-03-11 14:01:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-11 14:01:21 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-11 13:55:23 0 d-------- C:\Program Files\Panda Security
2008-03-11 07:58:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 22:21:56 0 d-------- C:\Program Files\Trend Micro
2008-03-10 21:32:12 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-10 21:31:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-10 21:31:53 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-03-10 16:25:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-03-10 16:25:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-10 13:47:12 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-10 13:47:12 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-10 13:47:12 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-10 13:47:12 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-09 09:44:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2008-03-08 22:58:10 0 d-------- C:\Program Files\SanDisk
2008-03-07 22:05:57 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-03-03 16:17:54 0 d-------- C:\Program Files\Spybot - Search & Destroy2
2008-03-03 13:33:07 0 d-------- C:\Program Files\Reference Assemblies
2008-03-03 13:18:37 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-02-14 20:32:21 64 --a------ C:\WINDOWS\tsiwinfile.dat
2008-02-14 20:32:14 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-02-12 14:29:30 0 d-------- C:\PCDRSDK
2008-02-12 14:22:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-12 08:19:32 0 d-------- C:\Documents and Settings\Default User\Application Data\Talkback
2008-02-12 08:18:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Mozilla
2008-02-11 22:49:53 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-02-11 22:47:49 0 d-------- C:\Program Files\Common Files\iS3
2008-02-11 22:47:44 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-11 22:46:56 13369344 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-02-11 22:21:17 53248 --a------ C:\WINDOWS\system32\ArmAccess.dll
2008-02-11 22:21:16 494352 --a------ C:\WINDOWS\system32\SHDOC401.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-03-11 17:32:14 0 d-------- C:\Program Files\Java
2008-03-11 17:32:14 0 d-------- C:\Program Files\Common Files
2008-03-11 13:57:29 12026 --a------ C:\WINDOWS\mozver.dat
2008-03-08 22:57:52 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-01 11:17:23 0 d-------- C:\Program Files\NCH Swift Sound
2008-02-28 14:40:13 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-28 10:08:05 51367 --a------ C:\logfile
2008-02-28 09:32:58 0 d-------- C:\Documents and Settings\Owner\Application Data\FileVOoM
2008-02-19 00:11:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Creative
2008-02-18 23:59:58 0 d-------- C:\Program Files\NCH Software
2008-02-14 21:48:31 0 d-------- C:\Program Files\Apoint2K
2008-02-12 14:29:36 0 d-------- C:\Program Files\PC Doctor for Windows NT
2008-02-12 14:22:44 0 d-------- C:\Program Files\Creative
2008-02-12 14:22:34 0 d--h----- C:\Program Files\Creative Installation Information
2008-02-05 23:33:12 0 d-------- C:\Program Files\Maxtor
2008-02-03 19:50:58 0 d-------- C:\Program Files\Audible
2008-02-03 19:37:52 0 d-------- C:\Program Files\Common Files\Creative
2008-02-03 19:34:31 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-02 21:01:40 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2008-01-25 11:28:36 0 d-------- C:\Program Files\Lifetime
2008-01-25 10:40:53 0 d-------- C:\Program Files\Microsoft Interactive Training
2008-01-25 10:29:43 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-25 10:09:25 0 d-------- C:\Program Files\RegCure
2008-01-19 14:07:28 0 d-------- C:\Program Files\DivX
2008-01-17 11:41:47 1028 --a------ C:\Documents and Settings\Owner\Application Data\AVIEncoder.wff
2008-01-13 14:18:39 0 d-------- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-01-11 23:20:53 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-01-04 14:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 14:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 14:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 14:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 14:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-26 02:33:03 7168 --ahs---- C:\Program Files\Thumbs.db


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e413a417-d00b-4a3b-9c17-19048046f1ce}]
12/08/2007 10:39 AM 1502232 --a------ C:\Program Files\johnqtv1\tbjoh0.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E413A417-D00B-4A3B-9C17-19048046F1CE}"= C:\Program Files\johnqtv1\tbjoh0.dll [12/08/2007 10:39 AM 1502232]

[-HKEY_CLASSES_ROOT\CLSID\{E413A417-D00B-4A3B-9C17-19048046F1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 12:24 AM C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [10/28/2002 10:00 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 04:57 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/11/2008 01:44 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 03/11/2008 01:44 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvututt]
wvututt.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccfb9ff5]
rundll32.exe "C:\WINDOWS\system32\wflfkuyw.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck




-- End of Deckard's System Scanner: finished at 2008-03-11 19:57:44 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Pentium® 4 - M CPU 2.20GHz
Percentage of Memory in Use: 75%
Physical Memory (total/avail): 446.98 MiB / 107.71 MiB
Pagefile Memory (total/avail): 1057.59 MiB / 655.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.99 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 46.13 GiB total, 7.92 GiB free.
D: is Fixed (FAT32) - 9.75 GiB total, 2.58 GiB free.
E: is CDROM (No Media)
F: is Fixed (NTFS) - 465.76 GiB total, 410.07 GiB free.
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK6021GAS - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 46.13 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 9.76 GiB - D:

\\.\PHYSICALDRIVE1 - EPSON Stylus Storage USB Device

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE6 - Maxtor OneTouch USB Device - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.76 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.7.1098 [VPS 080311-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!&

Edited by Sumbunny, 12 March 2008 - 05:00 PM.

[Advertisements]

Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-11 19:53:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-03-12 02:54:22 UTC - RP324 - Deckard's System Scanner Restore Point
9: 2008-03-12 00:58:42 UTC - RP323 - Software Distribution Service 3.0
8: 2008-03-12 00:31:08 UTC - RP322 - Removed Java™ 6 Update 5
7: 2008-03-11 23:54:41 UTC - RP321 - Removed Java™ 6 Update 3
6: 2008-03-11 23:51:58 UTC - RP320 - Removed J2SE Runtime Environment 5.0 Update 3


-- First Restore Point --
1: 2008-03-10 23:19:15 UTC - RP315 - CLEAN


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:20 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fujitsupc.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: johnqtv1 Toolbar - {e413a417-d00b-4a3b-9c17-19048046f1ce} - C:\Program Files\johnqtv1\tbjoh0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: johnqtv1 Toolbar - {e413a417-d00b-4a3b-9c17-19048046f1ce} - C:\Program Files\johnqtv1\tbjoh0.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTSyncU.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?61bff3b6a8f1403da23827e008924b8f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?61bff3b6a8f1403da23827e008924b8f
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190501929148
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: wvututt - wvututt.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

--
End of file - 7594 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 BtnHnd - c:\program files\fujitsu\btnhnd\btnhnd.sys <Not Verified; FUJITSU LIMITED; Button handler>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 LHidUsbK (Logitech SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys (file missing)
S3 LMouKE (Logitech SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
S3 SQTECH913D (913D Camera) - c:\windows\system32\drivers\capt913d.sys <Not Verified; Service & Quality Technology.; SQ913D>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-11 19:29:03 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-03-11 18:05:39 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-03-03 22:31:09 436 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job
2008-01-25 10:08:23 372 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2008-02-11 and 2008-03-11 -----------------------------

2008-03-11 17:53:20 0 d-------- C:\ie-spyad
2008-03-11 17:52:55 0 d-------- C:\Program Files\SpywareBlaster
2008-03-11 17:51:39 0 d-------- C:\Program Files\SpywareGuard
2008-03-11 14:01:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-11 14:01:21 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-11 13:55:23 0 d-------- C:\Program Files\Panda Security
2008-03-11 07:58:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 22:21:56 0 d-------- C:\Program Files\Trend Micro
2008-03-10 21:32:12 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-10 21:31:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-10 21:31:53 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-03-10 16:25:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-03-10 16:25:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-10 13:47:12 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-10 13:47:12 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-10 13:47:12 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-10 13:47:12 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-09 09:44:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2008-03-08 22:58:10 0 d-------- C:\Program Files\SanDisk
2008-03-07 22:05:57 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-03-03 16:17:54 0 d-------- C:\Program Files\Spybot - Search & Destroy2
2008-03-03 13:33:07 0 d-------- C:\Program Files\Reference Assemblies
2008-03-03 13:18:37 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-02-14 20:32:21 64 --a------ C:\WINDOWS\tsiwinfile.dat
2008-02-14 20:32:14 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-02-12 14:29:30 0 d-------- C:\PCDRSDK
2008-02-12 14:22:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-12 08:19:32 0 d-------- C:\Documents and Settings\Default User\Application Data\Talkback
2008-02-12 08:18:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Mozilla
2008-02-11 22:49:53 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-02-11 22:47:49 0 d-------- C:\Program Files\Common Files\iS3
2008-02-11 22:47:44 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-11 22:46:56 13369344 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-02-11 22:21:17 53248 --a------ C:\WINDOWS\system32\ArmAccess.dll
2008-02-11 22:21:16 494352 --a------ C:\WINDOWS\system32\SHDOC401.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-03-11 17:32:14 0 d-------- C:\Program Files\Java
2008-03-11 17:32:14 0 d-------- C:\Program Files\Common Files
2008-03-11 13:57:29 12026 --a------ C:\WINDOWS\mozver.dat
2008-03-08 22:57:52 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-01 11:17:23 0 d-------- C:\Program Files\NCH Swift Sound
2008-02-28 14:40:13 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-28 10:08:05 51367 --a------ C:\logfile
2008-02-28 09:32:58 0 d-------- C:\Documents and Settings\Owner\Application Data\FileVOoM
2008-02-19 00:11:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Creative
2008-02-18 23:59:58 0 d-------- C:\Program Files\NCH Software
2008-02-14 21:48:31 0 d-------- C:\Program Files\Apoint2K
2008-02-12 14:29:36 0 d-------- C:\Program Files\PC Doctor for Windows NT
2008-02-12 14:22:44 0 d-------- C:\Program Files\Creative
2008-02-12 14:22:34 0 d--h----- C:\Program Files\Creative Installation Information
2008-02-05 23:33:12 0 d-------- C:\Program Files\Maxtor
2008-02-03 19:50:58 0 d-------- C:\Program Files\Audible
2008-02-03 19:37:52 0 d-------- C:\Program Files\Common Files\Creative
2008-02-03 19:34:31 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-02 21:01:40 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2008-01-25 11:28:36 0 d-------- C:\Program Files\Lifetime
2008-01-25 10:40:53 0 d-------- C:\Program Files\Microsoft Interactive Training
2008-01-25 10:29:43 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-25 10:09:25 0 d-------- C:\Program Files\RegCure
2008-01-19 14:07:28 0 d-------- C:\Program Files\DivX
2008-01-17 11:41:47 1028 --a------ C:\Documents and Settings\Owner\Application Data\AVIEncoder.wff
2008-01-13 14:18:39 0 d-------- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-01-11 23:20:53 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-01-04 14:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 14:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 14:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 14:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 14:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-26 02:33:03 7168 --ahs---- C:\Program Files\Thumbs.db


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e413a417-d00b-4a3b-9c17-19048046f1ce}]
12/08/2007 10:39 AM 1502232 --a------ C:\Program Files\johnqtv1\tbjoh0.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E413A417-D00B-4A3B-9C17-19048046F1CE}"= C:\Program Files\johnqtv1\tbjoh0.dll [12/08/2007 10:39 AM 1502232]

[-HKEY_CLASSES_ROOT\CLSID\{E413A417-D00B-4A3B-9C17-19048046F1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 12:24 AM C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [10/28/2002 10:00 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 04:57 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/11/2008 01:44 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 03/11/2008 01:44 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvututt]
wvututt.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccfb9ff5]
rundll32.exe "C:\WINDOWS\system32\wflfkuyw.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck




-- End of Deckard's System Scanner: finished at 2008-03-11 19:57:44 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Pentium® 4 - M CPU 2.20GHz
Percentage of Memory in Use: 75%
Physical Memory (total/avail): 446.98 MiB / 107.71 MiB
Pagefile Memory (total/avail): 1057.59 MiB / 655.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.99 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 46.13 GiB total, 7.92 GiB free.
D: is Fixed (FAT32) - 9.75 GiB total, 2.58 GiB free.
E: is CDROM (No Media)
F: is Fixed (NTFS) - 465.76 GiB total, 410.07 GiB free.
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK6021GAS - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 46.13 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 9.76 GiB - D:

\\.\PHYSICALDRIVE1 - EPSON Stylus Storage USB Device

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE6 - Maxtor OneTouch USB Device - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.76 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.7.1098 [VPS 080311-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Program Files\\FileVOoM Pro\\IeEmbed.exe"="C:\\Program Files\\FileVOoM Pro\\IeEmbed.exe:*:Disabled:JDesktop Integration Components binary"
"C:\\Program Files\\FileVOoM Pro\\FileVOoM.exe"="C:\\Program Files\\FileVOoM Pro\\FileVOoM.exe:*:Enabled:FileVOoM Pro"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe"="C:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe:*:Enabled:Yahoo! UPnP AV Media Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\Owner\\Desktop\\Misc. Folders\\Magnetic Prog Screensavers\\magentic_install.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Misc. Folders\\Magnetic Prog Screensavers\\magentic_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LIFEBOOK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\LIFEBOOK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PCDRSDK\WINDSAPI\bin;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=LIFEBOOK
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /nolog/l0x0009
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
913D Camera --> C:\Program Files\InstallShield Installation Information\{3F927DF0-D056-466F-B4B8-61804D5B6351}\setup.exe -runfromtemp -l0x0009 -removeonly
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0x9 /remove
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Eye Candy 4000 --> C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\Effects\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\Effects\EYECAN~1\INSTALL.LOG
fflink --> MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
FileVOoM Pro 2.5 --> "C:\Program Files\FileVOoM Pro\unins000.exe"
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
Fujitsu Hotkey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED9C7B9B-E694-416A-A0F6-E1D786A6BE99}\setup.exe"
Fujitsu Service Assistant --> C:\PROGRA~1\FUJITS~1\UNINST~1.EXE FujitsuPC
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iConcepts Music Express --> C:\PROGRA~1\ICONCE~1\Setup.exe /remove /q0
johnqtv1 Toolbar --> C:\PROGRA~1\johnqtv1\UNWISE.EXE C:\PROGRA~1\johnqtv1\INSTALL.LOG
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_50dfb0f\Setup.exe /APR-REMOVE
LifeBook Application Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2518A8B-FACA-11D6-B1F2-00000E5F1C10}\setup.exe"
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Maxtor Manager --> "C:\Program Files\InstallShield Installation Information\{B8281D46-D846-4BB9-BC84-F1115A7BF820}\setup.exe" -runfromtemp -l0x0409 -removeonly
Maxtor Manager --> MsiExec.exe /I{B8281D46-D846-4BB9-BC84-F1115A7BF820}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Pro Step by Step Interactive --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FC7D8E1-F14F-11D4-943A-00E02950B496}\setup.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NCH Toolbox --> C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Netscape 6 (6.1) --> C:\WINDOWS\N6Uninst.exe /ua "6.1 (en)"
Next Generation Visualisations --> MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
PC-Doctor for Windows --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\PCDOCT~1\INSTALL.LOG
PC-Doctor WINDSAPI SDK --> C:\WINDOWS\UNWISE.EXE C:\PCDRSDK\WINDSAPI\INSTALL.LOG
PhoTags Express --> C:\PROGRA~1\PHOTAG~1\Setup.exe /remove /q0
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
Quicken 2003 New User Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6247A653-067B-4117-A88B-764B16329DC5} anything
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RegCure 1.4.0.4 --> C:\Program Files\RegCure\uninst.exe
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
RTLSetup for Realtek RTL8139/810x Family NIC 3.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\setup.exe" -l0x9 REMOVE
Sansa Updater --> C:\Program Files\InstallShield Installation Information\{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SigmaTel AC97 Audio Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZEN Media Explorer --> "C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /nolog/l0x0009
ZENcast Organizer --> "C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /nolog/l0x0009


-- Application Event Log -------------------------------------------------------

Event Record #/Type5884 / Warning
Event Submitted/Written: 03/11/2008 05:57:06 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type5874 / Error
Event Submitted/Written: 03/11/2008 01:08:59 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.20121, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type5870 / Error
Event Submitted/Written: 03/10/2008 10:43:05 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 648227794.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type5869 / Error
Event Submitted/Written: 03/10/2008 10:43:00 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module firefox.exe, version 1.8.20080.20121, fault address 0x00184e61.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type5868 / Error
Event Submitted/Written: 03/10/2008 10:41:35 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module firefox.exe, version 1.8.20080.20121, fault address 0x00184e61.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type51245 / Warning
Event Submitted/Written: 03/11/2008 07:53:57 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk6\D during a paging operation.

Event Record #/Type51215 / Error
Event Submitted/Written: 03/11/2008 06:05:53 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2

Event Record #/Type51209 / Error
Event Submitted/Written: 03/11/2008 05:58:56 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework, Version 2.0 (KB928365).

Event Record #/Type51203 / Error
Event Submitted/Written: 03/11/2008 05:32:38 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type51200 / Error
Event Submitted/Written: 03/11/2008 05:32:38 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2008-03-11 19:57:44 ------------

Edited by Sumbunny, 14 March 2008 - 02:50 PM.

[Sumbunny]

Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-11 19:53:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-03-12 02:54:22 UTC - RP324 - Deckard's System Scanner Restore Point
9: 2008-03-12 00:58:42 UTC - RP323 - Software Distribution Service 3.0
8: 2008-03-12 00:31:08 UTC - RP322 - Removed Java™ 6 Update 5
7: 2008-03-11 23:54:41 UTC - RP321 - Removed Java™ 6 Update 3
6: 2008-03-11 23:51:58 UTC - RP320 - Removed J2SE Runtime Environment 5.0 Update 3


-- First Restore Point --
1: 2008-03-10 23:19:15 UTC - RP315 - CLEAN


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:20 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fujitsupc.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: johnqtv1 Toolbar - {e413a417-d00b-4a3b-9c17-19048046f1ce} - C:\Program Files\johnqtv1\tbjoh0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: johnqtv1 Toolbar - {e413a417-d00b-4a3b-9c17-19048046f1ce} - C:\Program Files\johnqtv1\tbjoh0.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTSyncU.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?61bff3b6a8f1403da23827e008924b8f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?61bff3b6a8f1403da23827e008924b8f
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190501929148
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: wvututt - wvututt.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

--
End of file - 7594 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 BtnHnd - c:\program files\fujitsu\btnhnd\btnhnd.sys <Not Verified; FUJITSU LIMITED; Button handler>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 LHidUsbK (Logitech SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys (file missing)
S3 LMouKE (Logitech SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
S3 SQTECH913D (913D Camera) - c:\windows\system32\drivers\capt913d.sys <Not Verified; Service & Quality Technology.; SQ913D>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-11 19:29:03 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-03-11 18:05:39 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-03-03 22:31:09 436 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job
2008-01-25 10:08:23 372 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2008-02-11 and 2008-03-11 -----------------------------

2008-03-11 17:53:20 0 d-------- C:\ie-spyad
2008-03-11 17:52:55 0 d-------- C:\Program Files\SpywareBlaster
2008-03-11 17:51:39 0 d-------- C:\Program Files\SpywareGuard
2008-03-11 14:01:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-11 14:01:21 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-11 13:55:23 0 d-------- C:\Program Files\Panda Security
2008-03-11 07:58:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 22:21:56 0 d-------- C:\Program Files\Trend Micro
2008-03-10 21:32:12 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-10 21:31:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-10 21:31:53 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-03-10 16:25:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-03-10 16:25:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-10 13:47:12 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-10 13:47:12 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-10 13:47:12 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-10 13:47:12 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-09 09:44:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2008-03-08 22:58:10 0 d-------- C:\Program Files\SanDisk
2008-03-07 22:05:57 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-03-03 16:17:54 0 d-------- C:\Program Files\Spybot - Search & Destroy2
2008-03-03 13:33:07 0 d-------- C:\Program Files\Reference Assemblies
2008-03-03 13:18:37 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-02-14 20:32:21 64 --a------ C:\WINDOWS\tsiwinfile.dat
2008-02-14 20:32:14 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-02-12 14:29:30 0 d-------- C:\PCDRSDK
2008-02-12 14:22:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-12 08:19:32 0 d-------- C:\Documents and Settings\Default User\Application Data\Talkback
2008-02-12 08:18:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Mozilla
2008-02-11 22:49:53 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-02-11 22:47:49 0 d-------- C:\Program Files\Common Files\iS3
2008-02-11 22:47:44 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-11 22:46:56 13369344 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-02-11 22:21:17 53248 --a------ C:\WINDOWS\system32\ArmAccess.dll
2008-02-11 22:21:16 494352 --a------ C:\WINDOWS\system32\SHDOC401.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-03-11 17:32:14 0 d-------- C:\Program Files\Java
2008-03-11 17:32:14 0 d-------- C:\Program Files\Common Files
2008-03-11 13:57:29 12026 --a------ C:\WINDOWS\mozver.dat
2008-03-08 22:57:52 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-01 11:17:23 0 d-------- C:\Program Files\NCH Swift Sound
2008-02-28 14:40:13 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-28 10:08:05 51367 --a------ C:\logfile
2008-02-28 09:32:58 0 d-------- C:\Documents and Settings\Owner\Application Data\FileVOoM
2008-02-19 00:11:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Creative
2008-02-18 23:59:58 0 d-------- C:\Program Files\NCH Software
2008-02-14 21:48:31 0 d-------- C:\Program Files\Apoint2K
2008-02-12 14:29:36 0 d-------- C:\Program Files\PC Doctor for Windows NT
2008-02-12 14:22:44 0 d-------- C:\Program Files\Creative
2008-02-12 14:22:34 0 d--h----- C:\Program Files\Creative Installation Information
2008-02-05 23:33:12 0 d-------- C:\Program Files\Maxtor
2008-02-03 19:50:58 0 d-------- C:\Program Files\Audible
2008-02-03 19:37:52 0 d-------- C:\Program Files\Common Files\Creative
2008-02-03 19:34:31 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-02 21:01:40 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2008-01-25 11:28:36 0 d-------- C:\Program Files\Lifetime
2008-01-25 10:40:53 0 d-------- C:\Program Files\Microsoft Interactive Training
2008-01-25 10:29:43 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-25 10:09:25 0 d-------- C:\Program Files\RegCure
2008-01-19 14:07:28 0 d-------- C:\Program Files\DivX
2008-01-17 11:41:47 1028 --a------ C:\Documents and Settings\Owner\Application Data\AVIEncoder.wff
2008-01-13 14:18:39 0 d-------- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-01-11 23:20:53 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-01-04 14:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 14:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 14:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 14:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 14:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-26 02:33:03 7168 --ahs---- C:\Program Files\Thumbs.db


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e413a417-d00b-4a3b-9c17-19048046f1ce}]
12/08/2007 10:39 AM 1502232 --a------ C:\Program Files\johnqtv1\tbjoh0.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E413A417-D00B-4A3B-9C17-19048046F1CE}"= C:\Program Files\johnqtv1\tbjoh0.dll [12/08/2007 10:39 AM 1502232]

[-HKEY_CLASSES_ROOT\CLSID\{E413A417-D00B-4A3B-9C17-19048046F1CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 12:24 AM C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [10/28/2002 10:00 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 04:57 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/11/2008 01:44 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 03/11/2008 01:44 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvututt]
wvututt.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccfb9ff5]
rundll32.exe "C:\WINDOWS\system32\wflfkuyw.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck




-- End of Deckard's System Scanner: finished at 2008-03-11 19:57:44 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Pentium® 4 - M CPU 2.20GHz
Percentage of Memory in Use: 75%
Physical Memory (total/avail): 446.98 MiB / 107.71 MiB
Pagefile Memory (total/avail): 1057.59 MiB / 655.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.99 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 46.13 GiB total, 7.92 GiB free.
D: is Fixed (FAT32) - 9.75 GiB total, 2.58 GiB free.
E: is CDROM (No Media)
F: is Fixed (NTFS) - 465.76 GiB total, 410.07 GiB free.
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK6021GAS - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 46.13 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 9.76 GiB - D:

\\.\PHYSICALDRIVE1 - EPSON Stylus Storage USB Device

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE6 - Maxtor OneTouch USB Device - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.76 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.7.1098 [VPS 080311-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Program Files\\FileVOoM Pro\\IeEmbed.exe"="C:\\Program Files\\FileVOoM Pro\\IeEmbed.exe:*:Disabled:JDesktop Integration Components binary"
"C:\\Program Files\\FileVOoM Pro\\FileVOoM.exe"="C:\\Program Files\\FileVOoM Pro\\FileVOoM.exe:*:Enabled:FileVOoM Pro"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe"="C:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe:*:Enabled:Yahoo! UPnP AV Media Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\Owner\\Desktop\\Misc. Folders\\Magnetic Prog Screensavers\\magentic_install.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Misc. Folders\\Magnetic Prog Screensavers\\magentic_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LIFEBOOK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\LIFEBOOK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PCDRSDK\WINDSAPI\bin;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=LIFEBOOK
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /nolog/l0x0009
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
913D Camera --> C:\Program Files\InstallShield Installation Information\{3F927DF0-D056-466F-B4B8-61804D5B6351}\setup.exe -runfromtemp -l0x0009 -removeonly
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0x9 /remove
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Eye Candy 4000 --> C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\Effects\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\Effects\EYECAN~1\INSTALL.LOG
fflink --> MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
FileVOoM Pro 2.5 --> "C:\Program Files\FileVOoM Pro\unins000.exe"
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
Fujitsu Hotkey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED9C7B9B-E694-416A-A0F6-E1D786A6BE99}\setup.exe"
Fujitsu Service Assistant --> C:\PROGRA~1\FUJITS~1\UNINST~1.EXE FujitsuPC
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iConcepts Music Express --> C:\PROGRA~1\ICONCE~1\Setup.exe /remove /q0
johnqtv1 Toolbar --> C:\PROGRA~1\johnqtv1\UNWISE.EXE C:\PROGRA~1\johnqtv1\INSTALL.LOG
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_50dfb0f\Setup.exe /APR-REMOVE
LifeBook Application Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2518A8B-FACA-11D6-B1F2-00000E5F1C10}\setup.exe"
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Maxtor Manager --> "C:\Program Files\InstallShield Installation Information\{B8281D46-D846-4BB9-BC84-F1115A7BF820}\setup.exe" -runfromtemp -l0x0409 -removeonly
Maxtor Manager --> MsiExec.exe /I{B8281D46-D846-4BB9-BC84-F1115A7BF820}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Pro Step by Step Interactive --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FC7D8E1-F14F-11D4-943A-00E02950B496}\setup.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NCH Toolbox --> C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Netscape 6 (6.1) --> C:\WINDOWS\N6Uninst.exe /ua "6.1 (en)"
Next Generation Visualisations --> MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
PC-Doctor for Windows --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\PCDOCT~1\INSTALL.LOG
PC-Doctor WINDSAPI SDK --> C:\WINDOWS\UNWISE.EXE C:\PCDRSDK\WINDSAPI\INSTALL.LOG
PhoTags Express --> C:\PROGRA~1\PHOTAG~1\Setup.exe /remove /q0
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
Quicken 2003 New User Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6247A653-067B-4117-A88B-764B16329DC5} anything
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RegCure 1.4.0.4 --> C:\Program Files\RegCure\uninst.exe
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
RTLSetup for Realtek RTL8139/810x Family NIC 3.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\setup.exe" -l0x9 REMOVE
Sansa Updater --> C:\Program Files\InstallShield Installation Information\{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SigmaTel AC97 Audio Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZEN Media Explorer --> "C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /nolog/l0x0009
ZENcast Organizer --> "C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /nolog/l0x0009


-- Application Event Log -------------------------------------------------------

Event Record #/Type5884 / Warning
Event Submitted/Written: 03/11/2008 05:57:06 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type5874 / Error
Event Submitted/Written: 03/11/2008 01:08:59 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.20121, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type5870 / Error
Event Submitted/Written: 03/10/2008 10:43:05 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 648227794.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type5869 / Error
Event Submitted/Written: 03/10/2008 10:43:00 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module firefox.exe, version 1.8.20080.20121, fault address 0x00184e61.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type5868 / Error
Event Submitted/Written: 03/10/2008 10:41:35 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module firefox.exe, version 1.8.20080.20121, fault address 0x00184e61.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type51245 / Warning
Event Submitted/Written: 03/11/2008 07:53:57 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk6\D during a paging operation.

Event Record #/Type51215 / Error
Event Submitted/Written: 03/11/2008 06:05:53 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2

Event Record #/Type51209 / Error
Event Submitted/Written: 03/11/2008 05:58:56 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework, Version 2.0 (KB928365).

Event Record #/Type51203 / Error
Event Submitted/Written: 03/11/2008 05:32:38 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type51200 / Error
Event Submitted/Written: 03/11/2008 05:32:38 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2008-03-11 19:57:44 ------------

Edited by Sumbunny, 14 March 2008 - 02:50 PM.

[Essexboy]

Hi there if you answer yourself your post will get bypassed as we look for ZERO replies

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O20 - Winlogon Notify: wvututt - wvututt.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java™ 6 Update 3


Please note any other programs that you dont recognize in that list in your next response

THEN

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

FINALLY FOR NOW

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

• Close ALL OTHER PROGRAMS.
• Open the OTScanit folder and double-click on OTScanit.exe to start the program.
• Check the box that says Scan All User Accounts
• Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
• Under Additional Scans check the following:
  • Reg - BotCheck
  • File - Additional Folder Scans
  • File - Purity Scan
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Could you also let me know of any problems you are experiencing

[Sumbunny]

 OTScanIt.Txt   213.64KB   82 downloads

My boot scan from avast pulls up an enormous amount of problems that supposable cannot be fixed. I have the above three trj on my system and lots of malware, however they are all quarantined. My computer is a desktop laptop and most of the time it runs rough, sounding like its going to blow up. I have squares that appear on my screen that take away from what ever it is that I am viewing at the time. Also every time I get on the internet I tend to have major problems, spy bot search and destroy always pick up spy ware on a daily basis and sometimes it can fix it and other times it cannot. My computer running very loud sounding like it is going to blow, I would think that that has to do with processes running in the background that shouldn't be running. But when it comes to computers I really have no idea how to fix very much. When I logged on this time my computer was so loud, just about 30 seconds ago it stopped and it is so peaceful know. The other thing is that I have done some spy ware scans and scans with my avast anti virus, ooh I spoke to soon the loud noise is back, and the scans have found numerous things wrong, however, the programs just quarantined the files that where infected. Are they going to stay in there forever, or is there a way to fix them or delete them if there not necessary. Also the only firewall I am running is the windows one that came with windows xp, is that enough protection or not. I want to fix this problem I have had for some time know, with out reformatting if at all possible, that is a big project.
I greatly appreciate your help, I really need some one that knows about these gadgets and whom is available to couch me on fixing it, adding the best possible protection once fixed so that I can enjoy my computer to the fullest without having to worry about anything.

Help, Thank You So Much

[Essexboy]

Once I have got rid of the malware I will give your system a spring clean.. As for the fans it sounds as though you may have dust bunnies - I will go through the cleanup for that later

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-1309390283-1124677847-1242383764-1003\] > -> HKEY_USERS\S-1-5-21-1309390283-1124677847-1242383764-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {0D555BC6-E331-48b3-A60E-AAC0DF79438A}:{93F764AC-24D1-484F-92EA-3C84E31CDF72} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Popup Blocker]
< Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 115 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
NY -> @Alternate Data Stream - 135 bytes -> %AllUsersProfile%\Application Data\TEMP:810FAD5F
[Files/Folders - Modified Within 90 days]
NY -> everybodybets.32x32.4.ico -> %SystemRoot%\System32\everybodybets.32x32.4.ico
NY -> @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 115 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
NY -> @Alternate Data Stream - 135 bytes -> %AllUsersProfile%\Application Data\TEMP:810FAD5F
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

THEN

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Logs required : OTScanit report and Combofix

[Sumbunny]

Sorry, these items arent uploaded it said that I wasn't athorized to upload these type of files. When I ran the programs you recomminded I had the following problems when I cut and pasted the regrestry keys for them to be fixed. It did not give me the option to save it instead said that the computer had to reboot to fix some of the registry. Upon shutting down the error message for Explorer.exe wouldn't shut down on its own. I received the sqaures on my screen.

I hope I did this right, look forward to hearing from you soon
Thanks


ComboFix 08-03-14.2 - Owner 2008-03-14 15:03:49.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.137 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.

2008-03-13 10:28 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-13 10:25 . 2008-03-13 10:25 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-13 08:41 . 2008-03-13 08:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-13 08:41 . 2008-03-13 08:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-03-13 08:41 . 2008-03-13 08:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-11 19:53 . 2008-03-11 19:53 <DIR> d-------- C:\Deckard
2008-03-11 17:53 . 2008-03-11 17:53 <DIR> d-------- C:\ie-spyad
2008-03-11 17:52 . 2008-03-14 10:22 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-11 17:51 . 2008-03-14 14:54 <DIR> d-------- C:\Program Files\SpywareGuard
2008-03-11 14:01 . 2008-03-11 14:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-11 14:01 . 2008-03-11 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-11 13:55 . 2008-03-11 13:55 <DIR> d-------- C:\Program Files\Panda Security
2008-03-11 07:58 . 2008-03-11 07:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 22:51 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-10 22:21 . 2008-03-10 22:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-10 21:32 . 2008-03-10 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-10 21:31 . 2008-03-12 19:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-10 21:31 . 2008-03-11 07:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-03-10 16:25 . 2008-03-10 16:25 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-03-10 16:25 . 2008-03-10 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-09 09:44 . 2008-03-09 09:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2008-03-08 22:58 . 2008-03-08 23:40 <DIR> d-------- C:\Program Files\SanDisk
2008-03-07 22:05 . 2008-03-07 22:46 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-03-03 17:59 . 2008-03-03 17:59 94 --a------ C:\WINDOWS\wininit.ini
2008-03-03 16:17 . 2008-03-07 21:30 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy2
2008-03-03 13:33 . 2008-03-03 13:33 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-03-03 13:30 . 2006-06-29 14:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-03-03 13:18 . 2008-03-03 13:18 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-02-22 22:27 . 2008-02-24 23:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-22 22:27 . 2008-02-24 23:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-14 20:32 . 2004-08-04 00:56 54,784 --a------ C:\WINDOWS\system32\msvcirt.dll.bak
2008-02-14 20:32 . 2008-02-14 20:32 64 --a------ C:\WINDOWS\tsiwinfile.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 20:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-13 17:28 --------- d-----w C:\Program Files\Java
2008-03-13 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-13 00:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-09 05:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 18:17 --------- d-----w C:\Program Files\NCH Swift Sound
2008-02-28 21:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-28 16:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\FileVOoM
2008-02-19 07:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\Creative
2008-02-19 06:59 --------- d-----w C:\Program Files\NCH Software
2008-02-15 04:48 --------- d-----w C:\Program Files\Apoint2K
2008-02-12 21:29 --------- d-----w C:\Program Files\PC Doctor for Windows NT
2008-02-12 21:22 --------- d--h--w C:\Program Files\Creative Installation Information
2008-02-12 21:22 --------- d-----w C:\Program Files\Creative
2008-02-12 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-02-12 09:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-12 07:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\SITEguard
2008-02-12 05:47 --------- d-----w C:\Program Files\Common Files\iS3
2008-02-06 07:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Maxtor
2008-02-06 06:33 --------- d-----w C:\Program Files\Maxtor
2008-02-04 02:50 --------- d-----w C:\Program Files\Audible
2008-02-04 02:37 --------- d-----w C:\Program Files\Common Files\Creative
2008-02-04 02:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-03 07:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-01-27 17:43 270,698 ----a-w C:\WINDOWS\system32\L36B1.tmp
2008-01-25 18:28 --------- d-----w C:\Program Files\Lifetime
2008-01-25 17:40 --------- d-----w C:\Program Files\Microsoft Interactive Training
2008-01-25 17:29 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-25 17:09 --------- d-----w C:\Program Files\RegCure
2008-01-19 21:07 --------- d-----w C:\Program Files\DivX
2008-01-17 03:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-26 09:33 7,168 --sha-w C:\Program Files\Thumbs.db
2007-12-20 00:12 53,248 ----a-w C:\WINDOWS\system32\ArmAccess.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-10_14.09.01.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-13 20:19:12 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-03-12 03:20:15 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-02-13 20:19:13 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2008-03-12 03:20:15 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2008-02-13 20:19:12 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-03-12 03:20:15 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-02-13 20:19:13 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-03-12 03:20:15 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-02-13 20:19:13 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-03-12 03:20:15 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-02-13 20:19:13 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-03-12 03:20:15 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-02-13 20:19:12 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-03-12 03:20:15 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-02-13 20:19:12 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-03-12 03:20:15 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-02-13 20:19:13 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-03-12 03:20:15 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-02-13 20:19:12 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-03-12 03:20:15 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-02-13 20:19:11 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-03-12 03:20:14 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-03-11 14:59:27 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-03-11 14:59:27 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-03-11 14:59:27 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2007-09-25 01:19:20 10,509 ----a-w C:\WINDOWS\mozver.dat
+ 2008-03-11 20:57:29 12,026 ----a-w C:\WINDOWS\mozver.dat
+ 2005-05-24 19:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 22:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 22:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-02-04 23:09:48 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-14 21:36:29 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_10c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e413a417-d00b-4a3b-9c17-19048046f1ce}]
2007-12-08 10:39 1502232 --a------ C:\Program Files\johnqtv1\tbjoh0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E413A417-D00B-4A3B-9C17-19048046F1CE}"= "C:\Program Files\johnqtv1\tbjoh0.dll" [2007-12-08 10:39 1502232]

[HKEY_CLASSES_ROOT\clsid\{e413a417-d00b-4a3b-9c17-19048046f1ce}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E413A417-D00B-4A3B-9C17-19048046F1CE}"= C:\Program Files\johnqtv1\tbjoh0.dll [2007-12-08 10:39 1502232]

[HKEY_CLASSES_ROOT\clsid\{e413a417-d00b-4a3b-9c17-19048046f1ce}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-11 13:44 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 00:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-28 22:00 294912]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-11 13:44 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccfb9ff5]
C:\WINDOWS\system32\wflfkuyw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
--------- 2007-11-06 12:08 397312 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
-ra------ 2001-12-16 23:50 32768 C:\WINDOWS\LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
--a------ 2007-10-22 13:52 75584 C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
-rahs---- 2008-01-28 11:43 5146448 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\FileVOoM Pro\\IeEmbed.exe"=
"C:\\Program Files\\FileVOoM Pro\\FileVOoM.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\Misc. Folders\\Magnetic Prog Screensavers\\magentic_install.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R2 Maxtor Sync Service;Maxtor Service;"C:\Program Files\Maxtor\Sync\SyncServices.exe" [2007-09-28 13:24]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 22:38]
R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 06:49]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2002-09-26 00:43]
R3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2001-12-18 01:42]
R3 PRISM;Intersil PRISM Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\PRISMNDS.sys [2002-06-16 18:26]
S3 SQTECH913D;913D Camera;C:\WINDOWS\system32\Drivers\Capt913D.sys [2007-06-21 10:45]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 21:29:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-04 05:31:09 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-03-14 21:36:54 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-25 17:08:23 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 15:08:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-14 15:11:15
ComboFix-quarantined-files.txt 2008-03-14 22:10:51
ComboFix2.txt 2008-03-10 21:45:58
ComboFix3.txt 2008-03-10 21:09:29
.
2008-03-14 22:02:19 --- E O F ---


[Registry - Non-Microsoft Only]
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_USERS\S-1-5-21-1309390283-1124677847-1242383764-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93F764AC-24D1-484F-92EA-3C84E31CDF72}\ not found.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:810FAD5F deleted successfully.
[Files/Folders - Modified Within 90 days]
C:\WINDOWS\System32\everybodybets.32x32.4.ico moved successfully.
ADS C:\WINDOWS\Thumbs.db:encryptable deleted successfully.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:810FAD5F .
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\~DFE19C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\~DFFA3B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_228.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.5.2 fix logfile created on 03142008_143150


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:12 PM, on 3/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fujitsupc.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: johnqtv1 Toolbar - {e413a417-d00b-4a3b-9c17-19048046f1ce} - C:\Program Files\johnqtv1\tbjoh0.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?61bff3b6a8f1403da23827e008924b8f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?61bff3b6a8f1403da23827e008924b8f
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190501929148
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

--
End of file - 7642 bytes

Attached Files

•  ComboFix.txt   17KB   117 downloads

[Essexboy]

Sorry, these items arent uploaded it said that I wasn't athorized to upload these type of files

OTScanit is the only one to upload as it is quite large the rest can just be pasted

But we are getting there If this run turns out as I think we will then look at speeding your system up

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\wflfkuyw.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccfb9ff5]

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.





THEN

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log
• Malwarebytes log.

[Sumbunny]

Malwarebytes' Anti-Malware 1.08
Database version: 493

Scan type: Quick Scan
Objects scanned: 26580
Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f3777260-7308-464a-baa2-cc492c0ce7d2} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:19:33 PM, on 3/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fujitsupc.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?61bff3b6a8f1403da23827e008924b8f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?61bff3b6a8f1403da23827e008924b8f
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190501929148
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

--
End of file - 7552 bytes

ComboFix 08-03-14.2 - Owner 2008-03-14 16:55:16.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.112 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\wflfkuyw.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.

2008-03-14 15:17 . 2008-03-14 15:17 <DIR> d-------- C:\Program Files\Microsoft Outlook
2008-03-13 10:28 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-13 10:25 . 2008-03-13 10:25 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-13 08:41 . 2008-03-13 08:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-13 08:41 . 2008-03-13 08:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-03-13 08:41 . 2008-03-13 08:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-11 19:53 . 2008-03-11 19:53 <DIR> d-------- C:\Deckard
2008-03-11 17:53 . 2008-03-11 17:53 <DIR> d-------- C:\ie-spyad
2008-03-11 17:52 . 2008-03-14 10:22 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-11 17:51 . 2008-03-14 14:54 <DIR> d-------- C:\Program Files\SpywareGuard
2008-03-11 14:01 . 2008-03-11 14:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-11 14:01 . 2008-03-11 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-11 13:55 . 2008-03-11 13:55 <DIR> d-------- C:\Program Files\Panda Security
2008-03-11 07:58 . 2008-03-11 07:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 22:51 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-10 22:21 . 2008-03-10 22:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-10 21:32 . 2008-03-10 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-10 21:31 . 2008-03-12 19:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-10 21:31 . 2008-03-11 07:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-03-10 16:25 . 2008-03-10 16:25 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-03-10 16:25 . 2008-03-10 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-09 09:44 . 2008-03-09 09:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2008-03-08 22:58 . 2008-03-08 23:40 <DIR> d-------- C:\Program Files\SanDisk
2008-03-07 22:05 . 2008-03-07 22:46 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-03-03 17:59 . 2008-03-03 17:59 94 --a------ C:\WINDOWS\wininit.ini
2008-03-03 16:17 . 2008-03-07 21:30 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy2
2008-03-03 13:33 . 2008-03-03 13:33 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-03-03 13:30 . 2006-06-29 14:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-03-03 13:18 . 2008-03-03 13:18 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-02-22 22:27 . 2008-02-24 23:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-22 22:27 . 2008-02-24 23:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-14 20:32 . 2004-08-04 00:56 54,784 --a------ C:\WINDOWS\system32\msvcirt.dll.bak
2008-02-14 20:32 . 2008-02-14 20:32 64 --a------ C:\WINDOWS\tsiwinfile.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 22:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-13 17:28 --------- d-----w C:\Program Files\Java
2008-03-13 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-13 00:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-09 05:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 18:17 --------- d-----w C:\Program Files\NCH Swift Sound
2008-02-28 21:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-28 16:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\FileVOoM
2008-02-19 07:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\Creative
2008-02-19 06:59 --------- d-----w C:\Program Files\NCH Software
2008-02-15 04:48 --------- d-----w C:\Program Files\Apoint2K
2008-02-12 21:29 --------- d-----w C:\Program Files\PC Doctor for Windows NT
2008-02-12 21:22 --------- d--h--w C:\Program Files\Creative Installation Information
2008-02-12 21:22 --------- d-----w C:\Program Files\Creative
2008-02-12 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-02-12 09:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-12 07:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\SITEguard
2008-02-12 05:47 --------- d-----w C:\Program Files\Common Files\iS3
2008-02-06 07:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Maxtor
2008-02-06 06:33 --------- d-----w C:\Program Files\Maxtor
2008-02-04 02:50 --------- d-----w C:\Program Files\Audible
2008-02-04 02:37 --------- d-----w C:\Program Files\Common Files\Creative
2008-02-04 02:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-03 07:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-01-27 17:43 270,698 ----a-w C:\WINDOWS\system32\L36B1.tmp
2008-01-25 18:28 --------- d-----w C:\Program Files\Lifetime
2008-01-25 17:40 --------- d-----w C:\Program Files\Microsoft Interactive Training
2008-01-25 17:29 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-25 17:09 --------- d-----w C:\Program Files\RegCure
2008-01-19 21:07 --------- d-----w C:\Program Files\DivX
2008-01-17 03:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-26 09:33 7,168 --sha-w C:\Program Files\Thumbs.db
2007-12-20 00:12 53,248 ----a-w C:\WINDOWS\system32\ArmAccess.dll
.

((((((((((((((((((((((((((((( snapshot_2008-03-14_15.10.30.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-11 14:59:27 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-03-14 22:25:09 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
- 2008-03-11 14:59:27 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-03-14 22:25:09 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2008-03-11 14:59:27 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-03-14 22:25:09 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-03-14 22:59:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-11 13:44 1481968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 00:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-28 22:00 294912]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-11 13:44 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
--------- 2007-11-06 12:08 397312 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
-ra------ 2001-12-16 23:50 32768 C:\WINDOWS\LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
--a------ 2007-10-22 13:52 75584 C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
-rahs---- 2008-01-28 11:43 5146448 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\FileVOoM Pro\\IeEmbed.exe"=
"C:\\Program Files\\FileVOoM Pro\\FileVOoM.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\Misc. Folders\\Magnetic Prog Screensavers\\magentic_install.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R2 Maxtor Sync Service;Maxtor Service;"C:\Program Files\Maxtor\Sync\SyncServices.exe" [2007-09-28 13:24]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 22:38]
R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 06:49]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2002-09-26 00:43]
R3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2001-12-18 01:42]
R3 PRISM;Intersil PRISM Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\PRISMNDS.sys [2002-06-16 18:26]
S3 SQTECH913D;913D Camera;C:\WINDOWS\system32\Drivers\Capt913D.sys [2007-06-21 10:45]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 23:29:06 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-04 05:31:09 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-03-15 00:00:35 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-25 17:08:23 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 17:00:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-14 17:04:58
ComboFix-quarantined-files.txt 2008-03-15 00:04:43
ComboFix2.txt 2008-03-10 21:45:58
ComboFix3.txt 2008-03-10 21:09:29
.
2008-03-14 22:02:19 --- E O F ---



The other question I have is all the items that the malware program found can they be deleted from quarenteen or do they just stay in there. The same with my antivirus program I have a major amount of files in that quaranteen folder. Should I keep them there or can I delete them. Also I deleted all of my java files and downloaded Java 6 update 5 from the web site. Knowing nothing about Java I just want to make sure that this is the proper one. Ok where do we go from here.



Ok so I did everything that you requested that I do. I notice that my computer runs quite a bit smoother. As for the viruses, I am still rather confused because my logs read clean, but when Avast Anti virus runs a boot scan it picks up numerous files that are infected with that Win32:TratBHO(Trj). Is there a way to fix that without re formating my computer. Maybe a program made to delete that virus and to fix the problems it has created. I downloaded the Zone Alarm Fireway, Spyblaster, Spywareguard, I have Avast Anti-Virus and Spybot search and destroy, AVG Anti-Spyware, and Malwarebytes' Anti-Malware. A few other problems I am experiencing is my Automatic Windows Update keeps trying to install Microsoft Security Update Net Framwork, Version 2.0 and it fails everytime. I have tried to install it 6 or more times. How do I correct that problem. I also believe that I have many exe files that are not necessary. Could you recommend a program that will clean up all the exe's on my computer and delete ones that are bad or not necessary. Expecially on my Task manager as exe's that are running all of the time. I believe that there are many unnecessary ones
that are constantly running up my computer. Hopefully this isn't asking you to help me with to much. I greatly appreciate your time and assistance. Hear from you soon. Oh and I hope that you enjoyed your weekend.

The only problem I experienced with the last steps you recommended was that upon reboot my explorer.exe will not close by its self. The little error message comes up stating that it would not respond.

Edited by Sumbunny, 17 March 2008 - 12:05 AM.

[Essexboy]

Ok where do we go from here.

We get rid of all the quarantined files and the programmes I had you download and then go for a spring clean. MBAM just found orphan registry entries

Now the best part of the day ----- Your log now appears clean

Double click OTScanit once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTScanit wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself. MBAM will need to be uninstalled from add/remove


Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe

OK that is out of the way and now for the clean

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

FOLLOWED BY

Download, install and run Tuneup Utilities 2008

Select Free up disk space

Select Unneccesary files and backups then clean

Select Maintain Windows

Run Drive Defrag

Run Tune Up registry clean up

Then run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Select Increase performance

Run the internet Optimiser to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click Increase performance then system optimizer to run system advisor

Let me know how that goes

[Sumbunny]

Ok so I did everything that you requested that I do. I notice that my computer runs quite a bit smoother. As for the viruses, I am still rather confused because my logs read clean, but when Avast Anti virus runs a boot scan it picks up numerous files that are infected with that Win32:TratBHO(Trj). Is there a way to fix that without re formating my computer. Maybe a program made to delete that virus and to fix the problems it has created. I downloaded the Zone Alarm Fire way, Spy blaster, Spy ware guard, I have Avast Anti-Virus and Spybot search and destroy, AVG Anti-Spy ware, and Mal ware bytes' Anti-Mal ware. A few other problems I am experiencing is my Automatic Windows Update keeps trying to install Microsoft Security Update Net Framework, Version 2.0 and it fails every time. I have tried to install it 6 or more times. How do I correct that problem. I also believe that I have many exe files that are not necessary. Could you recommend a program that will clean up all the exe files on my computer and delete ones that are bad or not necessary. Especially on my Task manager as exe files that are running all of the time. I believe that there are many unnecessary ones
that are constantly running up my computer. Hopefully this isn't asking you to help me with to much. I greatly appreciate your time and assistance. Hear from you soon. Oh and I hope that you enjoyed your weekend.

The only problem I experienced with the last steps you recommended was that upon reboot my explorer.exe will not close by its self. The little error message comes up stating that it would not respond.

I am also trying to install a Firewall other than the windows firewall that I have on my computer. However I'm not sure if I download the program with 32 bits or 64 bits

Edited by Sumbunny, 17 March 2008 - 05:12 PM.

[Essexboy]

Could you post the Avast log. To get this right click the Avast icon and select Log Viewer then select the warning button
Could you copy and paste the text from there as it will tell where this miscreant is hiding. I suspect it may be system restore - did you clean it ?

Also if you post a new Hijackthis log I will help slim down your startups

Re the firewall I have just started using the free Comodo and it looks reasonable

[Sumbunny]

avast log


3/18/2008 5:48:33 PM SYSTEM 268 An error has occured while attempting to update. Please check the logs.
3/18/2008 5:48:32 PM SYSTEM 268 Function setifaceUpdatePackages() has failed. Return code is 0x00000426, dwRes is 00000005.
3/18/2008 1:43:58 PM SYSTEM 268 Function setifaceUpdatePackages() has failed. Return code is 0x00000426, dwRes is 00000005.
3/18/2008 1:43:58 PM SYSTEM 268 Function setifaceUpdatePackages() has failed. Return code is 0x00000426, dwRes is 00000005.
3/18/2008 1:43:58 PM SYSTEM 268 An error has occured while attempting to update. Please check the logs.
3/18/2008 3:53:30 AM SYSTEM 268 An error has occured while attempting to update. Please check the logs.
3/18/2008 3:53:30 AM SYSTEM 268 Function setifaceUpdatePackages() has failed. Return code is 0x00000426, dwRes is 00000005.
3/18/2008 3:53:30 AM SYSTEM 268 Function setifaceUpdatePackages() has failed. Return code is 0x00000426, dwRes is 00000005.
3/17/2008 11:49:49 PM SYSTEM 268 An error has occured while attempting to update. Please check the logs.
3/17/2008 11:49:48 PM SYSTEM 268 Function setifaceUpdatePackages() has failed. Return code is 0x00000426, dwRes is 00000005.
3/17/2008 11:49:48 PM SYSTEM 268 Function setifaceUpdatePackages() has failed. Return code is 0x00000426, dwRes is 00000005.
3/17/2008 6:53:48 PM SYSTEM 268 An error has occured while attempting to update. Please check the logs.
3/17/2008 6:51:47 PM SYSTEM 268 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
3/17/2008 9:53:11 AM SYSTEM 1440 An error has occured while attempting to update. Please check the logs.
3/17/2008 9:53:03 AM SYSTEM 1440 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
3/9/2008 7:45:29 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yayyw.dll" file.
3/9/2008 7:45:29 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yayya.dll" file.
3/9/2008 7:45:29 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yayww.dll" file.
3/9/2008 7:45:29 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yayax.dll" file.
3/9/2008 7:45:28 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yayaa.dll" file.
3/9/2008 7:45:28 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabyv.dll" file.
3/9/2008 7:45:28 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabcd.dll" file.
3/9/2008 7:45:28 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabcb.dll" file.
3/9/2008 7:45:28 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabba.dll" file.
3/9/2008 7:45:27 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxywx.dll" file.
3/9/2008 7:45:27 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxyax.dll" file.
3/9/2008 7:45:27 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabay.dll" file.
3/9/2008 7:45:27 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabab.dll" file.
3/9/2008 7:45:27 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxyxx.dll" file.
3/9/2008 7:45:26 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxwvs.dll" file.
3/9/2008 7:45:26 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxwtq.dll" file.
3/9/2008 7:45:26 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxwwx.dll" file.
3/9/2008 7:45:26 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxwvw.dll" file.
3/9/2008 7:45:26 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxwvv.dll" file.
3/9/2008 7:45:25 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwwt.dll" file.
3/9/2008 7:45:25 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwvv.dll" file.
3/9/2008 7:45:24 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwus.dll" file.
3/9/2008 7:45:24 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwtt.dll" file.
3/9/2008 7:45:24 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwtq.dll" file.
3/9/2008 7:45:24 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvuvv.dll" file.
3/9/2008 7:45:24 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwtu.dll" file.
3/9/2008 7:45:23 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvuvu.dll" file.
3/9/2008 7:45:23 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvuro.dll" file.
3/9/2008 7:45:18 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtuvv.dll" file.
3/9/2008 7:45:18 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtuut.dll" file.
3/9/2008 7:45:17 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtsqo.dll" file.
3/9/2008 7:45:17 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtuus.dll" file.
3/9/2008 7:45:17 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtust.dll" file.
3/9/2008 7:45:17 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtusr.dll" file.
3/9/2008 7:45:16 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtspp.dll" file.
3/9/2008 7:45:16 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtspn.dll" file.
3/9/2008 7:45:15 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ursrr.dll" file.
3/9/2008 7:45:15 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\urstr.dll" file.
3/9/2008 7:45:14 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ursqq.dll" file.
3/9/2008 7:45:14 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\urspq.dll" file.
3/9/2008 7:45:14 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\urqro.dll" file.
3/9/2008 7:45:14 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\urqoo.dll" file.
3/9/2008 7:45:14 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\urqnl.dll" file.
3/9/2008 7:45:13 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tuvvv.dll" file.
3/9/2008 7:45:13 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tuvvu.dll" file.
3/9/2008 7:45:12 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tuvuv.dll" file.
3/9/2008 7:45:12 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tuvuu.dll" file.
3/9/2008 7:45:12 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tuvtt.dll" file.
3/9/2008 7:45:12 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tuvst.dll" file.
3/9/2008 7:45:11 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tusst.dll" file.
3/9/2008 7:45:11 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tussp.dll" file.
3/9/2008 7:45:11 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tusrq.dll" file.
3/9/2008 7:45:11 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tusqr.dll" file.
3/9/2008 7:45:10 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tuspm.dll" file.
3/9/2008 7:45:08 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstqn.dll" file.
3/9/2008 7:45:08 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssqqn.dll" file.
3/9/2008 7:45:08 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssqpo.dll" file.
3/9/2008 7:45:08 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstrs.dll" file.
3/9/2008 7:45:08 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstts.dll" file.
3/9/2008 7:45:08 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstrp.dll" file.
3/9/2008 7:45:07 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssqop.dll" file.
3/9/2008 7:45:07 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssqoo.dll" file.
3/9/2008 7:45:03 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\rqrss.dll" file.
3/9/2008 7:45:02 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\rqrpm.dll" file.
3/9/2008 7:45:02 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\rqron.dll" file.
3/9/2008 7:45:02 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\rqopp.dll" file.
3/9/2008 7:45:02 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\rqomn.dll" file.
3/9/2008 7:45:02 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\rqoom.dll" file.
3/9/2008 7:45:00 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\qopqn.dll" file.
3/9/2008 7:45:00 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\qopon.dll" file.
3/9/2008 7:44:59 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\qomnm.dll" file.
3/9/2008 7:44:59 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\qomml.dll" file.
3/9/2008 7:44:59 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\qommj.dll" file.
3/9/2008 7:44:58 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\qomlm.dll" file.
3/9/2008 7:44:58 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\qomkk.dll" file.
3/9/2008 7:44:56 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmnkj.dll" file.
3/9/2008 7:44:56 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmnlj.dll" file.
3/9/2008 7:44:55 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmkjg.dll" file.
3/9/2008 7:44:55 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmkki.dll" file.
3/9/2008 7:44:55 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmkjk.dll" file.
3/9/2008 7:44:54 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\oppqq.dll" file.
3/9/2008 7:44:54 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\oppqo.dll" file.
3/9/2008 7:44:53 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\opppq.dll" file.
3/9/2008 7:44:53 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\oppnm.dll" file.
3/9/2008 7:44:53 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\oppml.dll" file.
3/9/2008 7:44:53 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\opnon.dll" file.
3/9/2008 7:44:52 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\opnmn.dll" file.
3/9/2008 7:44:50 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\nnnoo.dll" file.
3/9/2008 7:44:50 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\nnnnl.dll" file.
3/9/2008 7:44:49 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\nnnmn.dll" file.
3/9/2008 7:44:49 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\nnnml.dll" file.
3/9/2008 7:44:49 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\nnnkk.dll" file.
3/9/2008 7:44:48 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\nnnki.dll" file.
3/9/2008 7:44:48 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\nnlll.dll" file.
3/9/2008 7:44:40 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mllmm.dll" file.
3/9/2008 7:44:39 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mllmj.dll" file.
3/9/2008 7:44:39 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mljkj.dll" file.
3/9/2008 7:44:38 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mljkh.dll" file.
3/9/2008 7:44:38 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mljjg.dll" file.
3/9/2008 7:44:38 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mljhi.dll" file.
3/9/2008 7:44:37 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ljhgf.dll" file.
3/9/2008 7:44:37 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ljjgg.dll" file.
3/9/2008 7:44:36 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ljhge.dll" file.
3/9/2008 7:44:36 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\khhig.dll" file.
3/9/2008 7:44:35 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\khfgh.dll" file.
3/9/2008 7:44:35 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\khfge.dll" file.
3/9/2008 7:44:35 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\khfcb.dll" file.
3/9/2008 7:44:35 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\khhhh.dll" file.
3/9/2008 7:44:34 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkklm.dll" file.
3/9/2008 7:44:34 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkkjj.dll" file.
3/9/2008 7:44:34 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkkjg.dll" file.
3/9/2008 7:44:34 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhge.dll" file.
3/9/2008 7:44:34 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhgf.dll" file.
3/9/2008 7:44:33 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhfd.dll" file.
3/9/2008 7:44:30 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\iiijj.dll" file.
3/9/2008 7:44:30 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\iiiij.dll" file.
3/9/2008 7:44:30 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\iiiih.dll" file.
3/9/2008 7:44:29 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\iifge.dll" file.
3/9/2008 7:44:29 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\iifef.dll" file.
3/9/2008 7:44:26 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hgged.dll" file.
3/9/2008 7:44:26 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hggdd.dll" file.
3/9/2008 7:44:26 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hgdef.dll" file.
3/9/2008 7:44:26 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hgggf.dll" file.
3/9/2008 7:44:26 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hggfg.dll" file.
3/9/2008 7:44:26 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hggef.dll" file.
3/9/2008 7:44:25 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hgdby.dll" file.
3/9/2008 7:44:25 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hgdaa.dll" file.
3/9/2008 7:44:25 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geefd.dll" file.
3/9/2008 7:44:25 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geeed.dll" file.
3/9/2008 7:44:25 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hgddd.dll" file.
3/9/2008 7:44:25 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hgddc.dll" file.
3/9/2008 7:44:25 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hgdcc.dll" file.
3/9/2008 7:44:24 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geede.dll" file.
3/9/2008 7:44:24 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geeby.dll" file.
3/9/2008 7:44:24 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\gebya.dll" file.
3/9/2008 7:44:24 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\gebxw.dll" file.
3/9/2008 7:44:24 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\gebcc.dll" file.
3/9/2008 7:44:24 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\gebbc.dll" file.
3/9/2008 7:44:22 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\fcyyy.dll" file.
3/9/2008 7:44:22 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\fcyyw.dll" file.
3/9/2008 7:44:22 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\fcyvu.dll" file.
3/9/2008 7:44:21 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\fccyx.dll" file.
3/9/2008 7:44:21 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\fccda.dll" file.
3/9/2008 7:44:21 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\fcyaa.dll" file.
3/9/2008 7:44:20 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\fccby.dll" file.
3/9/2008 7:44:20 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\fccbx.dll" file.
3/9/2008 7:44:18 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\efefe.dll" file.
3/9/2008 7:44:18 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\efecy.dll" file.
3/9/2008 7:44:18 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\efecc.dll" file.
3/9/2008 7:44:17 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\efebb.dll" file.
3/9/2008 7:44:17 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\efcde.dll" file.
3/9/2008 7:44:12 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcde.dll" file.
3/9/2008 7:44:12 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcya.dll" file.
3/9/2008 7:44:11 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcba.dll" file.
3/9/2008 7:44:11 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddayx.dll" file.
3/9/2008 7:44:11 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddayw.dll" file.
3/9/2008 7:44:11 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcbc.dll" file.
3/9/2008 7:44:10 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddaxv.dll" file.
3/9/2008 7:44:10 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddawt.dll" file.
3/9/2008 7:44:10 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddabc.dll" file.
3/9/2008 7:44:10 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddaba.dll" file.
3/9/2008 7:44:06 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\cbxvt.dll" file.
3/9/2008 7:44:06 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\cbxyy.dll" file.
3/9/2008 7:44:06 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\cbxxw.dll" file.
3/9/2008 7:44:06 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\cbxwx.dll" file.
3/9/2008 7:44:05 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\cbaxw.dll" file.
3/9/2008 7:44:05 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\cbabb.dll" file.
3/9/2008 7:44:05 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\cbxvs.dll" file.
3/9/2008 7:44:04 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byxxx.dll" file.
3/9/2008 7:44:04 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byxuu.dll" file.
3/9/2008 7:44:04 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byxut.dll" file.
3/9/2008 7:44:04 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byxus.dll" file.
3/9/2008 7:44:04 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byvwx.dll" file.
3/9/2008 7:44:04 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byvvv.dll" file.
3/9/2008 7:44:03 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byvvt.dll" file.
3/9/2008 7:44:03 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byvuu.dll" file.
3/9/2008 7:44:03 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byvtt.dll" file.
3/9/2008 7:44:03 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byvtr.dll" file.
3/9/2008 7:44:03 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byvsr.dll" file.
3/9/2008 7:44:02 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvww.dll" file.
3/9/2008 7:44:02 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvwu.dll" file.
3/9/2008 7:44:02 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvur.dll" file.
3/9/2008 7:44:02 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvtq.dll" file.
3/9/2008 7:44:02 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtur.dll" file.
3/9/2008 7:44:01 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtsp.dll" file.
3/9/2008 7:44:01 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtqn.dll" file.
3/9/2008 7:29:27 PM Owner 284 Sign of "Win32:Agent-SND [Trj]" has been found in "C:\WINDOWS\b116.exe" file.
3/9/2008 11:21:35 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yayax.dll" file.
3/9/2008 11:21:35 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yayaa.dll" file.
3/9/2008 11:21:35 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yayyw.dll" file.
3/9/2008 11:21:35 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yayya.dll" file.
3/9/2008 11:21:35 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yayww.dll" file.
3/9/2008 11:21:34 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabba.dll" file.
3/9/2008 11:21:34 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabay.dll" file.
3/9/2008 11:21:34 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabab.dll" file.
3/9/2008 11:21:34 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabyv.dll" file.
3/9/2008 11:21:34 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabcd.dll" file.
3/9/2008 11:21:34 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabcb.dll" file.
3/9/2008 11:21:33 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxyxx.dll" file.
3/9/2008 11:21:33 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxyax.dll" file.
3/9/2008 11:21:33 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxwwx.dll" file.
3/9/2008 11:21:33 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxywx.dll" file.
3/9/2008 11:21:32 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxwvw.dll" file.
3/9/2008 11:21:32 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxwvv.dll" file.
3/9/2008 11:21:32 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxwtq.dll" file.
3/9/2008 11:21:32 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxwvs.dll" file.
3/9/2008 11:21:31 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwwt.dll" file.
3/9/2008 11:21:30 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwtt.dll" file.
3/9/2008 11:21:30 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwvv.dll" file.
3/9/2008 11:21:30 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwus.dll" file.
3/9/2008 11:21:30 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwtu.dll" file.
3/9/2008 11:21:29 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvuro.dll" file.
3/9/2008 11:21:29 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwtq.dll" file.
3/9/2008 11:21:29 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvuvv.dll" file.
3/9/2008 11:21:29 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvuvu.dll" file.
3/9/2008 11:21:24 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtuvv.dll" file.
3/9/2008 11:21:24 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtuut.dll" file.
3/9/2008 11:21:24 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtuus.dll" file.
3/9/2008 11:21:24 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtust.dll" file.
3/9/2008 11:21:23 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtusr.dll" file.
3/9/2008 11:21:23 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtsqo.dll" file.
3/9/2008 11:21:23 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtspp.dll" file.
3/9/2008 11:21:22 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtspn.dll" file.
3/9/2008 11:21:21 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\urstr.dll" file.
3/9/2008 11:21:21 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ursrr.dll" file.
3/9/2008 11:21:21 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ursqq.dll" file.
3/9/2008 11:21:20 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\urspq.dll" file.
3/9/2008 11:21:20 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\urqro.dll" file.
3/9/2008 11:21:20 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\urqoo.dll" file.
3/9/2008 11:21:20 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\urqnl.dll" file.
3/9/2008 11:21:18 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tuvuu.dll" file.
3/9/2008 11:21:18 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tuvvu.dll" file.
3/9/2008 11:21:18 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tuvvv.dll" file.
3/9/2008 11:21:18 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tuvuv.dll" file.
3/9/2008 11:21:17 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tussp.dll" file.
3/9/2008 11:21:17 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tusrq.dll" file.
3/9/2008 11:21:17 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tuvtt.dll" file.
3/9/2008 11:21:17 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tuvst.dll" file.
3/9/2008 11:21:17 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tusst.dll" file.
3/9/2008 11:21:16 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tusqr.dll" file.
3/9/2008 11:21:16 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\tuspm.dll" file.
3/9/2008 11:21:15 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstrs.dll" file.
3/9/2008 11:21:15 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstts.dll" file.
3/9/2008 11:21:14 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstrp.dll" file.
3/9/2008 11:21:14 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstqn.dll" file.
3/9/2008 11:21:14 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssqqn.dll" file.
3/9/2008 11:21:14 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssqpo.dll" file.
3/9/2008 11:21:13 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssqop.dll" file.
3/9/2008 11:21:13 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssqoo.dll" file.
3/9/2008 11:21:08 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\rqopp.dll" file.
3/9/2008 11:21:08 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\rqoom.dll" file.
3/9/2008 11:21:08 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\rqrss.dll" file.
3/9/2008 11:21:08 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\rqrpm.dll" file.
3/9/2008 11:21:08 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\rqron.dll" file.
3/9/2008 11:21:07 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\rqomn.dll" file.
3/9/2008 11:21:06 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\qopon.dll" file.
3/9/2008 11:21:06 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\qopqn.dll" file.
3/9/2008 11:21:05 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\qomnm.dll" file.
3/9/2008 11:21:05 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\qomml.dll" file.
3/9/2008 11:21:05 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\qommj.dll" file.
3/9/2008 11:21:05 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\qomlm.dll" file.
3/9/2008 11:21:05 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\qomkk.dll" file.
3/9/2008 11:21:02 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmnlj.dll" file.
3/9/2008 11:21:02 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmnkj.dll" file.
3/9/2008 11:21:02 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmkki.dll" file.
3/9/2008 11:21:01 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmkjk.dll" file.
3/9/2008 11:21:01 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmkjg.dll" file.
3/9/2008 11:21:00 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\oppqq.dll" file.
3/9/2008 11:21:00 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\oppqo.dll" file.
3/9/2008 11:20:59 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\opppq.dll" file.
3/9/2008 11:20:59 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\oppnm.dll" file.
3/9/2008 11:20:59 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\oppml.dll" file.
3/9/2008 11:20:59 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\opnon.dll" file.
3/9/2008 11:20:59 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\opnmn.dll" file.
3/9/2008 11:20:55 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\nnnml.dll" file.
3/9/2008 11:20:55 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\nnnkk.dll" file.
3/9/2008 11:20:55 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\nnnoo.dll" file.
3/9/2008 11:20:55 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\nnnnl.dll" file.
3/9/2008 11:20:55 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\nnnmn.dll" file.
3/9/2008 11:20:54 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\nnnki.dll" file.
3/9/2008 11:20:54 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\nnlll.dll" file.
3/9/2008 11:20:46 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mllmj.dll" file.
3/9/2008 11:20:46 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mljkj.dll" file.
3/9/2008 11:20:46 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mljkh.dll" file.
3/9/2008 11:20:46 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mljjg.dll" file.
3/9/2008 11:20:46 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mllmm.dll" file.
3/9/2008 11:20:45 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mljhi.dll" file.
3/9/2008 11:20:44 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ljjgg.dll" file.
3/9/2008 11:20:44 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ljhge.dll" file.
3/9/2008 11:20:44 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ljhgf.dll" file.
3/9/2008 11:20:43 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\khhig.dll" file.
3/9/2008 11:20:43 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\khhhh.dll" file.
3/9/2008 11:20:43 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\khfgh.dll" file.
3/9/2008 11:20:42 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\khfcb.dll" file.
3/9/2008 11:20:42 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkklm.dll" file.
3/9/2008 11:20:42 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\khfge.dll" file.
3/9/2008 11:20:41 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkkjj.dll" file.
3/9/2008 11:20:41 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkkjg.dll" file.
3/9/2008 11:20:41 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhgf.dll" file.
3/9/2008 11:20:40 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhge.dll" file.
3/9/2008 11:20:40 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhfd.dll" file.
3/9/2008 11:20:37 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\iiiij.dll" file.
3/9/2008 11:20:37 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\iiijj.dll" file.
3/9/2008 11:20:36 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\iiiih.dll" file.
3/9/2008 11:20:36 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\iifge.dll" file.
3/9/2008 11:20:36 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\iifef.dll" file.
3/9/2008 11:20:33 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hgggf.dll" file.
3/9/2008 11:20:33 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hggfg.dll" file.
3/9/2008 11:20:33 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hggef.dll" file.
3/9/2008 11:20:33 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hgged.dll" file.
3/9/2008 11:20:33 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hggdd.dll" file.
3/9/2008 11:20:32 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hgdef.dll" file.
3/9/2008 11:20:32 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hgddd.dll" file.
3/9/2008 11:20:32 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hgddc.dll" file.
3/9/2008 11:20:32 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hgdby.dll" file.
3/9/2008 11:20:32 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hgdaa.dll" file.
3/9/2008 11:20:32 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\hgdcc.dll" file.
3/9/2008 11:20:31 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geefd.dll" file.
3/9/2008 11:20:31 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geeed.dll" file.
3/9/2008 11:20:31 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geede.dll" file.
3/9/2008 11:20:30 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\gebcc.dll" file.
3/9/2008 11:20:30 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\gebbc.dll" file.
3/9/2008 11:20:30 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geeby.dll" file.
3/9/2008 11:20:30 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\gebya.dll" file.
3/9/2008 11:20:30 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\gebxw.dll" file.
3/9/2008 11:20:28 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\fcyyy.dll" file.
3/9/2008 11:20:28 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\fcyvu.dll" file.
3/9/2008 11:20:28 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\fcyyw.dll" file.
3/9/2008 11:20:27 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\fcyaa.dll" file.
3/9/2008 11:20:27 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\fccyx.dll" file.
3/9/2008 11:20:27 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\fccda.dll" file.
3/9/2008 11:20:27 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\fccby.dll" file.
3/9/2008 11:20:26 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\fccbx.dll" file.
3/9/2008 11:20:25 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\efebb.dll" file.
3/9/2008 11:20:25 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\efefe.dll" file.
3/9/2008 11:20:25 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\efecy.dll" file.
3/9/2008 11:20:25 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\efecc.dll" file.
3/9/2008 11:20:24 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\efcde.dll" file.
3/9/2008 11:20:19 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcya.dll" file.
3/9/2008 11:20:19 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcde.dll" file.
3/9/2008 11:20:18 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcbc.dll" file.
3/9/2008 11:20:18 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcba.dll" file.
3/9/2008 11:20:18 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddayx.dll" file.
3/9/2008 11:20:18 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddayw.dll" file.
3/9/2008 11:20:17 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddaxv.dll" file.
3/9/2008 11:20:17 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddawt.dll" file.
3/9/2008 11:20:17 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddabc.dll" file.
3/9/2008 11:20:17 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddaba.dll" file.
3/9/2008 11:20:14 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\cbxyy.dll" file.
3/9/2008 11:20:14 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\cbxxw.dll" file.
3/9/2008 11:20:13 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\cbxwx.dll" file.
3/9/2008 11:20:13 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\cbxvt.dll" file.
3/9/2008 11:20:13 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\cbxvs.dll" file.
3/9/2008 11:20:13 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\cbaxw.dll" file.
3/9/2008 11:20:13 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\cbabb.dll" file.
3/9/2008 11:20:12 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byxxx.dll" file.
3/9/2008 11:20:12 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byxuu.dll" file.
3/9/2008 11:20:12 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byxut.dll" file.
3/9/2008 11:20:11 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byxus.dll" file.
3/9/2008 11:20:11 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byvwx.dll" file.
3/9/2008 11:20:11 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byvvv.dll" file.
3/9/2008 11:20:11 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byvvt.dll" file.
3/9/2008 11:20:10 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byvsr.dll" file.
3/9/2008 11:20:10 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byvuu.dll" file.
3/9/2008 11:20:10 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byvtt.dll" file.
3/9/2008 11:20:10 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\byvtr.dll" file.
3/9/2008 11:20:09 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvww.dll" file.
3/9/2008 11:20:09 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvwu.dll" file.
3/9/2008 11:20:09 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvur.dll" file.
3/9/2008 11:20:08 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvtq.dll" file.
3/9/2008 11:20:08 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtur.dll" file.
3/9/2008 11:20:08 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtsp.dll" file.
3/9/2008 11:20:08 AM Owner 644 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtqn.dll" file.
3/9/2008 11:06:05 AM Owner 644 Sign of "Win32:Agent-SND [Trj]" has been found in "C:\WINDOWS\b116.exe" file.
3/7/2008 11:07:06 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yayyw.dll" file.
3/7/2008 11:07:06 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yayya.dll" file.
3/7/2008 11:07:05 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yayax.dll" file.
3/7/2008 11:07:05 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yayaa.dll" file.
3/7/2008 11:07:05 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yayww.dll" file.
3/7/2008 11:07:04 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabyv.dll" file.
3/7/2008 11:07:04 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabcd.dll" file.
3/7/2008 11:07:04 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabba.dll" file.
3/7/2008 11:07:04 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabay.dll" file.
3/7/2008 11:07:04 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabcb.dll" file.
3/7/2008 11:07:03 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxyxx.dll" file.
3/7/2008 11:07:03 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yabab.dll" file.
3/7/2008 11:07:02 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxywx.dll" file.
3/7/2008 11:07:02 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxyax.dll" file.
3/7/2008 11:07:01 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxwvw.dll" file.
3/7/2008 11:07:01 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxwvv.dll" file.
3/7/2008 11:07:01 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxwwx.dll" file.
3/7/2008 11:07:00 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxwvs.dll" file.
3/7/2008 11:07:00 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\xxwtq.dll" file.
3/7/2008 11:06:59 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwwt.dll" file.
3/7/2008 11:06:58 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwvv.dll" file.
3/7/2008 11:06:58 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwus.dll" file.
3/7/2008 11:06:58 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwtu.dll" file.
3/7/2008 11:06:58 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwtt.dll" file.
3/7/2008 11:06:57 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvwtq.dll" file.
3/7/2008 11:06:57 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvuvv.dll" file.
3/7/2008 11:06:57 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\wvuvu.dll" file.
3/7/2008 11:06:56 PM Owner 244 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WIN

Edited by Sumbunny, 18 March 2008 - 11:31 PM.

[Sumbunny]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:36 PM, on 3/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fujitsupc.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTSyncU.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: avast! service GUI component.lnk = C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190501929148
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

--
End of file - 6944 bytes


Also I have a windows update icon in the right hand corner. It says that it is a critical update for windows net 2.0 and I cannot get it to install. I have tried 5 or more times with no luck. Help

[Essexboy]

3/9/2008 7:45:29 PM Owner 284 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\yayyw.dll" file.

This was the last detection of a virus by Avast on 9th March

One final file to delete which I appear to have missed

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Then Double click OTMoveit once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveit wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

OK now lets look at the startup files problem

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

These programmes can safely be stopped from starting

Now the update problem

Do you get any warnings or reports when you try to install the update. There is a way around this, if there are no warnings I just need to research the right one

[Sumbunny]

OTMoveIt2 by OldTimer.

File/Folder C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03192008_182734



MICROSOFT AUTOMATIC CRITICAL UPDATES

Some Updates could not be installed
Security Update for Microsoft .NET Framework, Version 2.0 (KB928365) Failed
However it says that the initialization was successful, but the update failed.