Thanks so much for helping me with this.
I did not see the askbar in add/remove programs or any where??? But I don't want it so if I can find it I will definitly remove it.
Here is the logs from the ComboFix and a new hijackthis log:
ComboFix 08-03-30.4 - Rachel 2008-03-31 19:27:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511 [GMT -4:00]
Running from: C:\Documents and Settings\Rachel\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.
2008-03-30 15:25 . 2008-03-30 15:25 110,592 --a------ C:\WINDOWS\system32\fkfwvcfu.exe
2008-03-30 15:16 . 2008-03-30 15:16 <DIR> d-------- C:\_OTMoveIt
2008-03-30 14:50 . 2008-03-30 14:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 14:21 . 2008-03-30 14:21 <DIR> d-------- C:\Deckard
2008-03-30 14:13 . 2008-03-30 14:13 <DIR> d-------- C:\Documents and Settings\Rachel\Application Data\Grisoft
2008-03-30 14:12 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-30 13:56 . 2008-03-30 13:56 <DIR> d-------- C:\Documents and Settings\Rachel\Application Data\Malwarebytes
2008-03-30 13:54 . 2008-03-30 13:57 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-03-30 13:52 . 2008-03-30 13:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-30 13:52 . 2008-03-30 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-30 10:24 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-03-30 10:22 . 2008-03-30 10:22 114,688 --a------ C:\WINDOWS\system32\ijkrozed.exe
2008-03-30 07:42 . 2008-03-30 19:41 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-30 07:42 . 2008-03-30 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-29 23:03 . 2008-03-29 23:03 106,496 --a------ C:\WINDOWS\system32\gnctctsh.exe
2008-03-29 22:47 . 2008-03-29 23:05 <DIR> d-------- C:\ComboFix[1]
2008-03-29 22:38 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-29 22:38 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-29 22:38 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-29 22:38 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-29 22:38 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-29 22:38 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-29 21:30 . 2008-03-29 21:30 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-29 21:30 . 2008-03-29 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-29 21:29 . 2008-03-29 21:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 17:08 . 2008-03-29 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-29 15:54 . 2008-03-30 08:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-03-29 15:04 . 2008-03-29 22:43 5,152 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-29 12:41 . 2008-03-29 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 12:40 . 2008-03-29 16:58 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-29 10:03 . 2008-03-29 10:03 0 --a------ C:\WINDOWS\TPTray.INI
2008-03-29 10:03 . 2008-03-29 10:03 0 --a------ C:\WINDOWS\CeEKey.INI
2008-03-29 09:43 . 2008-03-29 09:43 164 --a------ C:\install.dat
2008-03-29 08:34 . 2008-03-29 08:34 94,208 --a------ C:\WINDOWS\system32\cxixqxkn.exe
2008-03-29 00:44 . 2008-03-29 00:44 268,288 --------- C:\WINDOWS\system32\qoMfefee.dll_old
2008-03-26 00:10 . 2008-03-26 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\khqrotoh
2008-03-26 00:10 . 2008-03-26 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iyvswdjm
2008-03-23 19:02 . 2008-03-23 19:53 <DIR> d-------- C:\Program Files\PhotoScape
2008-03-02 20:05 . 2008-03-02 20:05 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-03-02 20:05 . 2008-03-02 20:05 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-03-02 19:58 . 2008-03-02 19:58 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-03-02 19:58 . 2004-08-04 08:52 413,696 -ra------ C:\WINDOWS\system32\msvcd883.rra
2008-03-02 19:58 . 2006-10-20 17:11 126,976 --a------ C:\WINDOWS\system32\PhotoImpression Slideshow.scr
2008-03-02 19:58 . 2006-11-10 16:05 18,688 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-03-02 19:57 . 2008-03-02 19:58 <DIR> d-------- C:\WINDOWS\system32\PhotoImpression Slideshow
2008-02-28 00:20 . 2008-03-02 21:39 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-28 00:08 . 2008-02-28 00:08 31,361 --a------ C:\WINDOWS\3DSTATE_logo.jpg
2008-02-27 23:55 . 2008-03-29 22:17 <DIR> d-------- C:\Program Files\EA SPORTS
2008-02-27 23:09 . 2008-02-27 23:09 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-02-15 02:06 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-02-15 01:45 . 2007-02-02 17:57 49,377 --a------ C:\WINDOWS\system32\drivers\mamotou.sys
2008-02-15 01:27 . 2008-02-15 01:27 0 --a------ C:\WINDOWS\PanelExe.INI
2008-02-15 01:14 . 2008-02-15 01:14 0 --a------ C:\WINDOWS\Dvm.INI
2008-02-15 00:58 . 2008-02-15 00:58 <DIR> d-------- C:\WINDOWS\Application Data
2008-02-15 00:58 . 2005-08-18 12:44 49,867 --a------ C:\WINDOWS\system32\drivers\mardp2k.sys
2008-02-15 00:58 . 2005-08-18 12:44 49,484 --a------ C:\WINDOWS\system32\drivers\MARDPNP.SYS
2008-02-15 00:58 . 2007-08-13 15:50 48,853 --a------ C:\WINDOWS\system32\drivers\mamoveu.sys
2008-02-15 00:58 . 2006-02-06 19:07 36,625 --a------ C:\WINDOWS\system32\drivers\mavcomm.sys
2008-02-15 00:58 . 2005-05-16 12:17 25,880 --a------ C:\WINDOWS\system32\mavcomm.vxd
2008-02-15 00:58 . 2007-01-16 12:46 25,302 --a------ C:\WINDOWS\system32\drivers\MaVctrl.sys
2008-02-15 00:58 . 2005-06-16 19:13 25,044 --a------ C:\WINDOWS\system32\drivers\mamovem.sys
2008-02-15 00:58 . 2005-06-16 19:11 24,784 --a------ C:\WINDOWS\system32\drivers\mamovec.sys
2008-02-15 00:58 . 2007-01-16 12:44 11,986 --a------ C:\WINDOWS\system32\drivers\MaVc2K.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 12:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-30 14:21 --------- d-----w C:\Program Files\ALLTEL DSL Check-up Center
2008-03-30 03:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 03:13 --------- d-----w C:\Program Files\Yahoo!
2008-03-30 03:13 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-30 03:13 --------- d-----w C:\Program Files\Common Files\aolshare
2008-03-30 03:13 --------- d-----w C:\Program Files\America Online 9.0
2008-03-30 02:18 --------- d-----w C:\Program Files\Toshiba
2008-03-30 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-29 14:13 --------- d-----w C:\Documents and Settings\Rachel\Application Data\AVG7
2008-03-09 17:55 --------- d-----w C:\Program Files\LimeWire
2008-03-03 00:12 --------- d-----w C:\Documents and Settings\Rachel\Application Data\ArcSoft
2008-03-02 23:57 --------- d-----w C:\Program Files\ArcSoft
2008-02-28 04:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-15 04:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-02 21:33 --------- d-----w C:\Documents and Settings\Rachel\Application Data\Intuit
2008-01-31 22:36 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-31 22:35 --------- d-----w C:\Program Files\Quicken
2008-01-31 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-01-31 22:28 --------- d-----w C:\Program Files\TurboTax
2007-12-15 18:21 155,995 ----a-w C:\WINDOWS\java\Packages\GB7PFT7H.ZIP
2007-12-14 15:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-08-21 00:49 117,424 ----a-w C:\Documents and Settings\Rachel\Application Data\GDIPFONTCACHEV1.DAT
2006-02-19 07:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((( snapshot@2008-03-29_23.05.40.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-01-12 21:10:24 6,550 ----a-w C:\WINDOWS\jautoexp.dat
+ 2003-02-28 20:35:26 6,550 ----a-w C:\WINDOWS\jautoexp.dat
- 2001-01-12 23:04:08 46,352 ----a-w C:\WINDOWS\setdebug.exe
+ 2003-02-28 22:26:30 46,352 ----a-w C:\WINDOWS\setdebug.exe
+ 2007-09-12 22:27:24 511,328 ----a-w C:\WINDOWS\system32\capicom.dll
- 2001-01-12 23:04:06 49,424 ----a-w C:\WINDOWS\system32\clspack.exe
+ 2003-02-28 22:26:26 49,424 ----a-w C:\WINDOWS\system32\clspack.exe
- 2001-01-12 21:09:58 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
+ 2003-02-28 20:34:42 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
- 2001-01-12 23:04:00 187,152 ----a-w C:\WINDOWS\system32\javacypt.dll
+ 2003-02-28 22:26:16 187,152 ----a-w C:\WINDOWS\system32\javacypt.dll
- 2001-01-12 23:04:00 63,248 ----a-w C:\WINDOWS\system32\javaprxy.dll
+ 2003-02-28 22:26:18 63,248 ----a-w C:\WINDOWS\system32\javaprxy.dll
- 2001-01-12 23:04:02 404,752 ----a-w C:\WINDOWS\system32\javart.dll
+ 2003-02-28 22:26:18 404,752 ----a-w C:\WINDOWS\system32\javart.dll
- 2001-01-12 23:04:08 15,120 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
+ 2003-02-28 22:26:30 15,120 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
- 2001-01-12 23:04:02 171,280 ----a-w C:\WINDOWS\system32\jit.dll
+ 2003-02-28 22:26:20 171,280 ----a-w C:\WINDOWS\system32\jit.dll
- 2001-01-12 23:04:08 172,304 ----a-w C:\WINDOWS\system32\jview.exe
+ 2003-02-28 22:26:30 172,304 ----a-w C:\WINDOWS\system32\jview.exe
- 2005-02-07 20:04:50 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2007-03-22 00:39:00 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.DLL
- 2001-01-12 23:04:02 154,896 ----a-w C:\WINDOWS\system32\msawt.dll
+ 2003-02-28 22:26:20 154,384 ----a-w C:\WINDOWS\system32\msawt.dll
- 2001-01-12 23:04:06 945,424 ----a-w C:\WINDOWS\system32\msjava.dll
+ 2003-02-28 22:26:26 947,472 ----a-w C:\WINDOWS\system32\msjava.dll
- 2001-01-12 23:04:06 21,264 ----a-w C:\WINDOWS\system32\msjdbc10.dll
+ 2003-02-28 22:26:26 21,264 ----a-w C:\WINDOWS\system32\msjdbc10.dll
- 2004-04-14 04:19:48 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
+ 2007-03-22 00:33:00 503,808 ----a-w C:\WINDOWS\system32\MSVCP71.DLL
- 2004-04-14 04:19:48 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2007-03-22 00:33:00 348,160 ----a-w C:\WINDOWS\system32\MSVCR71.DLL
- 2001-01-12 23:04:06 286,992 ----a-w C:\WINDOWS\system32\vmhelper.dll
+ 2003-02-28 22:26:26 286,992 ----a-w C:\WINDOWS\system32\vmhelper.dll
- 2001-01-12 23:04:08 171,792 ----a-w C:\WINDOWS\system32\wjview.exe
+ 2003-02-28 22:26:32 171,792 ----a-w C:\WINDOWS\system32\wjview.exe
+ 2006-12-02 02:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 02:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 02:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 02:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 04:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 04:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 04:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 04:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 04:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 04:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 04:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 04:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 04:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 04:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 04:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EC1658F-555C-4EA8-90B1-0B0AAA50F97A}]
C:\DOCUME~1\MYGUES~1\LOCALS~1\Temp\xxyaxWNE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [ ]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [ ]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 03:32 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"fplmgusr"="C:\WINDOWS\system32\cxixqxkn.exe" [2008-03-29 08:34 94208]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49 4662776]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"FSASR"="C:\Program Files\Free Spyware Adware Scanner and Remover\FSASR.exe" [ ]
"gsnbkolp"="C:\WINDOWS\system32\gnctctsh.exe" [2008-03-29 23:03 106496]
"fnevtcoc"="C:\WINDOWS\system32\ijkrozed.exe" [2008-03-30 10:22 114688]
"zqnmkldz"="C:\WINDOWS\system32\fkfwvcfu.exe" [2008-03-30 15:25 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 14:27 385024]
"TCtryIOHook"="TCtrlIOHook.exe" [2004-05-01 17:03 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TFncKy"="TFncKy.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 08:33 122941]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 01:40 196608]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-04-12 19:18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 19:17 88358 C:\WINDOWS\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" []
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2005-04-20 23:38 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 18:59 65536]
"TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-02-22 16:51 24576]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-28 23:08 675840]
"TPSMain"="TPSMain.exe" [2004-12-28 19:02 270336 C:\WINDOWS\system32\TPSMain.exe]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 17:03 1077301]
"ZoomingHook"="ZoomingHook.exe" [2004-05-01 02:03 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 19:51 122880]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 00:06 53248]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 19:25 73728]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 20:37 151552]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:06 579072]
"IVPServiceMgr"="C:\toshiba\ivp\ism\ivpsvmgr.exe" [2003-10-20 12:37 475136]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 10:43 188416]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 16:25 212992]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 19:37 229437]
"Motive SmartBridge"="C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe" [2004-11-09 11:32 393216]
"CFSServ.exe"="CFSServ.exe" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-01 21:03 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-01 20:59 126976]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 09:06 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-15 00:11:40 180224]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 15:12:08 16423]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 05:01:04 83360]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-08-24 12:33:21 155648]
Windstream Broadband Check-up Center.lnk - C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe [2007-12-15 14:56:27 217088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"zYKgl10E5R"= C:\Documents and Settings\All Users\Application Data\khqrotoh\obczinsn.exe
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B9E618A2-A4FE-11D4-83C2-005004636C96}"= C:\Program Files\Metamail Inc\Metamail Reader\OESHook.dll [2005-04-26 18:26 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBQICRJ]
geBQICRJ.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 14:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2006-07-29 22:34 5354792 C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
S3 mamovec;mamovec;C:\WINDOWS\system32\Drivers\mamovec.sys [2005-06-16 19:11]
S3 mamovem;mamovem;C:\WINDOWS\system32\Drivers\mamovem.sys [2005-06-16 19:13]
S3 mamoveu;mamoveu;C:\WINDOWS\system32\DRIVERS\mamoveu.sys [2007-08-13 15:50]
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-04-14 00:07]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5908c088-f40b-11db-851a-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 13:19:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-06 20:10:06 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet5100#MY3B74K4B17A.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe+/#Hewlett-Packard#deskjet5100#MY3B74K4B17A
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-31 19:28:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
Completion time: 2008-03-31 19:29:49
ComboFix-quarantined-files.txt 2008-03-31 23:29:29
ComboFix2.txt 2008-03-30 03:05:54
Pre-Run: 92,699,152,384 bytes free
Post-Run: 92,685,889,536 bytes free
.
2008-03-31 07:00:35 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:19 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Documents and Settings\All Users\Application Data\khqrotoh\obczinsn.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cxixqxkn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~1.EXE
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.toshibadirect.com/dpdstartR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4EC1658F-555C-4EA8-90B1-0B0AAA50F97A} - C:\DOCUME~1\MYGUES~1\LOCALS~1\Temp\xxyaxWNE.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MCIEPlugIn Class - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IEPlugIn.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [TOSHIBA Accessibility] "C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe"
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fplmgusr] C:\WINDOWS\system32\cxixqxkn.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [FSASR] "C:\Program Files\Free Spyware Adware Scanner and Remover\FSASR.exe" auto
O4 - HKCU\..\Run: [gsnbkolp] C:\WINDOWS\system32\gnctctsh.exe
O4 - HKCU\..\Run: [fnevtcoc] C:\WINDOWS\system32\ijkrozed.exe
O4 - HKCU\..\Run: [zqnmkldz] C:\WINDOWS\system32\fkfwvcfu.exe
O4 - HKLM\..\Policies\Explorer\Run: [zYKgl10E5R] C:\Documents and Settings\All Users\Application Data\khqrotoh\obczinsn.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O20 - Winlogon Notify: geBQICRJ - geBQICRJ.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
--
End of file - 12912 bytes