Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Softwarereferral and other irritants! [RESOLVED]

Started by RikSaunderson , Apr 21 2008 07:14 AM

  • This topic is locked This topic is locked

#1
RikSaunderson
Posted 21 April 2008 - 07:14 AM

RikSaunderson

    New Member

  • Member
  • Pip
  • 9 posts
Hello,
My computer contracted something thoroughly unpleasant on Friday, and I've spent all weekend trying to get rid of it!

My virusscanner is mcaffee, I'm using Windows defender, spybot, spywareguard and spyware blaster. It also keeps putting 3 icons on my desktop that direct to various websites.

I seem to have a range of icons in my system tray (usually 2, sometimes more, sometimes just 1) which keep emulating the Windows Security Centre and saying that I have various viruses and spyware. One is in the shape of a shape of a shield (similar to the mcaffee icon but a bit less square), which alternates between a blue colouring with a white question mark, and a red colouring with a white X. The second is a flashing red circle with a white X on it. The third (which appears less frequently) is a flashing yellow triangle with a black X on it. They bring up system tray balloons (with the word balloon spelt incorrectly [baloon]), various dialogue boxes, websites in IE7 and various websites in IE7 that are supposed to look like dialogue boxes (e.g. a fake version of the security centre dialogue box telling me that I have no firewall, virus protection etc.)

Additionally, http:// softwarereferral.com/ jump.php?wmid=6010&mid= MjI6Ojg5&lid=2
keeps trying to set itself as my IE start page. This is particularly annoying, since I downloaded spywareguard this morning, which tells me when something is trying to change that page. softwarereferral (and hence spywareguard popping up to prevent it) keeps coming back roughly every 10 seconds (yes, I did use a stopwatch to time it).

Here's HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:13, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Documents and Settings\All Users\Application Data\qfmzepkt\idydsvij.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\chcrcjav.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [CFILP] C:\WINDOWS\CFILP.exe
O4 - HKLM\..\Run: [ADG] C:\WINDOWS\ADG.exe
O4 - HKLM\..\Run: [PSVZCF] C:\WINDOWS\PSVZCF.exe
O4 - HKLM\..\Run: [CGJMPTW] C:\WINDOWS\CGJMPTW.exe
O4 - HKLM\..\Run: [CFJ] C:\WINDOWS\CFJ.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [miueauiu] C:\WINDOWS\system32\chcrcjav.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKLM\..\Policies\Explorer\Run: [jyaBcAcPUY] C:\Documents and Settings\All Users\Application Data\qfmzepkt\idydsvij.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorre...OPPDetector.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1207934881117
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: omlbpkaw - {570BDCB0-08F8-43A3-BF21-DD9D6D450CBF} - C:\WINDOWS\omlbpkaw.dll
O21 - SSODL: pmsoarbf - {AC8784A3-4D53-46A5-99B1-3CA1F4988DA5} - C:\WINDOWS\pmsoarbf.dll
O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - C:\WINDOWS\system32\bubbj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
O24 - Desktop Component 1: (no name) - C:\Student_Info\index.html

--
End of file - 12471 bytes


The first time I ran it, it had a second.txt file called extras.txt, although this wasn't derived when I ran the scanner to derive the above main.txt file.


It's unbelievably annoying, help!!!!!!
  • 0

Advertisements

#2
Rorschach112
Posted 21 April 2008 - 10:48 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
RikSaunderson
Posted 21 April 2008 - 12:10 PM

RikSaunderson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
The irritating stuff has stopped, for now, at least! Here are the requested log files.


SDFix: Version 1.173
Run by OEM Student on 21/04/2008 at 18:10

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\sdfix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\ARAUDI~1.DLL - Deleted
C:\WINDOWS\SYSTEM32\ARAUDI~2.DLL - Deleted
C:\WINDOWS\SYSTEM32\ARAUDI~3.DLL - Deleted
C:\WINDOWS\SYSTEM32\BUBBJ.DLL - Deleted
C:\Documents and Settings\OEM Student\Local Settings\Temp\uttD.tmp.exe - Deleted
C:\Documents and Settings\OEM Student\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\OEM Student\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\OEM Student\Favorites\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\Program Files\akl\akl.dll - Deleted
C:\Program Files\akl\akl.exe - Deleted
C:\Program Files\akl\uninstall.exe - Deleted
C:\Program Files\akl\unsetup.exe - Deleted
C:\Documents and Settings\OEM Student\Favorites\Online Security Test.url - Deleted
C:\WINDOWS\iTunesMusic.exe - Deleted
C:\WINDOWS\npqtsrak.exe - Deleted
C:\WINDOWS\omlbpkaw.dll - Deleted
C:\WINDOWS\pmsoarbf.dll - Deleted


Could Not Remove C:\WINDOWS\system32smp

Folder C:\Program Files\akl - Removed
Folder C:\WINDOWS\privacy_danger - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 18:40:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\PopCap Games\\Dynomite Deluxe\\Dynomite.exe"="C:\\Program Files\\PopCap Games\\Dynomite Deluxe\\Dynomite.exe:*:Disabled:Dynomite"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Disabled:KazaaLite"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"="C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\PopCap Games\\Rocket Mania Deluxe\\RocketMania.exe"="C:\\Program Files\\PopCap Games\\Rocket Mania Deluxe\\RocketMania.exe:*:Disabled:RocketMania"
"C:\\WINDOWS\\SYSTEM32\\rundll32.exe"="C:\\WINDOWS\\SYSTEM32\\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe"="C:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe:*:Enabled:Contribute"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Hummingbird\\Connectivity\\12.00\\Exceed\\exceed.exe"="C:\\Program Files\\Hummingbird\\Connectivity\\12.00\\Exceed\\exceed.exe:*:Enabled:Hummingbird Exceed 2007"
"C:\\Program Files\\Maple 10\\jre\\bin\\maple.exe"="C:\\Program Files\\Maple 10\\jre\\bin\\maple.exe:*:Enabled:maple"
"C:\\Program Files\\Maple 10\\jre\\bin\\java.exe"="C:\\Program Files\\Maple 10\\jre\\bin\\java.exe:*:Enabled:java"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\OEM Student\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\OEM Student\\Desktop\\utorrent.exe:*:Enabled:ćTorrent"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:DNA"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\BitTorrent_DNA\\btdna.exe"="C:\\Program Files\\BitTorrent_DNA\\btdna.exe:*:Enabled:DNA"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

C:\WINDOWS\system32smp Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 6 Jun 2000 60,688 A..H. --- "C:\BACKUP\IEXPLORE.EXE"
Sat 22 Mar 2008 24 ..SH. --- "C:\WINDOWS\S4EA68D61.tmp"
Sun 21 Jan 2007 5,297,976 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sun 6 Aug 2000 28,738 A..HR --- "C:\BACKUP\OfficeXP-Oem\MSDE2000\SQLRESLD.DLL"
Wed 10 Nov 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 21 Apr 2008 574 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti113.tmp"
Sat 9 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sat 12 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\943145d6fda2a3de96e33285d992c3a5\BITC.tmp"
Fri 11 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c57cd590c1f8d8f8f70d62332e13288c\BIT3.tmp"
Mon 28 Feb 2005 616,448 A.SH. --- "C:\Deckard\System Scanner\20080421110203\backup\WINDOWS\temp\uqia2ol1.TMP"
Mon 13 Nov 2006 30,208 ...H. --- "C:\Documents and Settings\OEM Student\My Documents\University Stuff\Fourth Year\Cryptography\Assignment 3\~WRL0622.tmp"
Mon 13 Nov 2006 50,688 ...H. --- "C:\Documents and Settings\OEM Student\My Documents\University Stuff\Fourth Year\Cryptography\Assignment 3\~WRL0626.tmp"
Mon 13 Nov 2006 50,688 ...H. --- "C:\Documents and Settings\OEM Student\My Documents\University Stuff\Fourth Year\Cryptography\Assignment 3\~WRL1243.tmp"
Mon 13 Nov 2006 23,040 ...H. --- "C:\Documents and Settings\OEM Student\My Documents\University Stuff\Fourth Year\Cryptography\Assignment 3\~WRL1809.tmp"
Mon 13 Nov 2006 39,936 ...H. --- "C:\Documents and Settings\OEM Student\My Documents\University Stuff\Fourth Year\Cryptography\Assignment 3\~WRL2005.tmp"
Mon 13 Nov 2006 29,696 ...H. --- "C:\Documents and Settings\OEM Student\My Documents\University Stuff\Fourth Year\Cryptography\Assignment 3\~WRL2429.tmp"
Mon 13 Nov 2006 49,664 ...H. --- "C:\Documents and Settings\OEM Student\My Documents\University Stuff\Fourth Year\Cryptography\Assignment 3\~WRL3464.tmp"
Mon 13 Nov 2006 30,208 ...H. --- "C:\Documents and Settings\OEM Student\My Documents\University Stuff\Fourth Year\Cryptography\Assignment 3\~WRL3696.tmp"

Finished!



Deckard's System Scanner v20071014.68
Run by OEM Student on 2008-04-21 19:07:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as OEM Student.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:09, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\chcrcjav.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\OEM Student\Desktop\dss(2).exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\OEM Student.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [CFILP] C:\WINDOWS\CFILP.exe
O4 - HKLM\..\Run: [ADG] C:\WINDOWS\ADG.exe
O4 - HKLM\..\Run: [PSVZCF] C:\WINDOWS\PSVZCF.exe
O4 - HKLM\..\Run: [CGJMPTW] C:\WINDOWS\CGJMPTW.exe
O4 - HKLM\..\Run: [CFJ] C:\WINDOWS\CFJ.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [miueauiu] C:\WINDOWS\system32\chcrcjav.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorre...OPPDetector.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1207934881117
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - C:\WINDOWS\system32\bubbj.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 11862 bytes

-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-21 18:00:48 0 d-------- C:\WINDOWS\ERUNT
2008-04-21 14:12:58 0 d-------- C:\Program Files\Trend Micro
2008-04-21 10:26:20 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-21 10:20:10 0 d-------- C:\Program Files\SpywareBlaster
2008-04-21 10:18:54 0 d-------- C:\Program Files\SpywareGuard
2008-04-18 16:18:38 0 d-------- C:\Program Files\Windows Defender
2008-04-18 15:47:52 0 d-------- C:\Documents and Settings\OEM Student\Application Data\AdwareAlert
2008-04-17 21:19:01 0 d-------- C:\Documents and Settings\OEM Student\Application Data\TmpRecentIcons
2008-04-17 18:53:29 0 d-------- C:\Program Files\WinSpyKiller
2008-04-17 18:50:04 0 d-------- C:\Program Files\PC-Cleaner
2008-04-17 18:29:28 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-04-17 18:29:28 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-04-17 18:29:28 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-04-17 18:29:27 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-04-17 18:29:27 4096 --a------ C:\WINDOWS\a.bat
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32taack.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-04-17 18:29:26 0 d-------- C:\WINDOWS\system32smp
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32netode.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-04-17 18:29:26 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-04-17 18:29:26 0 d-------- C:\Documents and Settings\OEM Student\Desktopvirii
2008-04-17 18:29:26 4096 --a------ C:\Documents and Settings\OEM Student\Desktopfilemanagerclient.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\winsystem.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32thun.dll
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\mssecu.exe
2008-04-17 18:29:25 4096 --a------ C:\WINDOWS\bdn.com
2008-04-17 18:29:25 4096 --a------ C:\Documents and Settings\OEM Student\DesktopFWebdEditor.exe
2008-04-17 18:29:25 4096 --a------ C:\Documents and Settings\OEM Student\Desktopfwebd.exe
2008-04-17 18:29:11 94208 --a------ C:\WINDOWS\system32\chcrcjav.exe
2008-04-17 18:29:11 0 d-------- C:\Documents and Settings\All Users\Application Data\qfmzepkt
2008-04-12 18:25:45 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-09 20:23:50 0 d-------- C:\Program Files\Kinnor Software
2008-04-09 20:23:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Kinnor Software
2008-03-22 21:40:34 0 d-------- C:\Program Files\Bullfrog
2008-03-22 21:29:16 0 d-------- C:\Program Files\Undisker
2008-03-22 21:00:04 0 d-------- C:\Program Files\SlySoft


-- Find3M Report ---------------------------------------------------------------

2008-04-21 14:48:58 0 d-------- C:\Documents and Settings\OEM Student\Application Data\BitTorrent
2008-04-20 17:22:56 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-20 17:22:55 0 d-------- C:\Program Files\Logitech
2008-04-19 14:25:48 0 d-------- C:\Program Files\Kazaa Lite K++
2008-04-19 12:03:43 0 d-------- C:\Program Files\Google
2008-04-18 17:52:17 0 d-------- C:\Documents and Settings\OEM Student\Application Data\Lavasoft
2008-04-09 22:46:30 0 d-------- C:\Program Files\QuickTime
2008-04-09 20:24:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-26 20:06:45 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-17 15:48:30 0 d-------- C:\Program Files\Java
2008-03-03 19:18:46 0 d-------- C:\Program Files\Apple Software Update
2008-02-29 13:10:41 10623 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [10/02/2003 08:59 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [06/10/2003 15:16]
"nwiz"="nwiz.exe" [06/10/2003 15:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [06/03/2003 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [25/02/2003 12:00]
"CFILP"="C:\WINDOWS\CFILP.exe" []
"ADG"="C:\WINDOWS\ADG.exe" []
"PSVZCF"="C:\WINDOWS\PSVZCF.exe" []
"CGJMPTW"="C:\WINDOWS\CGJMPTW.exe" []
"CFJ"="C:\WINDOWS\CFJ.exe" []
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [19/03/2002 17:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 13:20]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"miueauiu"="C:\WINDOWS\system32\chcrcjav.exe" [17/04/2008 18:29]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\OEM Student\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29/08/2003 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [05/02/2008 15:29:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{db763ed8-100a-481b-8913-50a2f41dcdc3}"= C:\WINDOWS\system32\bubbj.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3D82B0C3-AAFA-400E-B2D1-46B7AD38AB8C}]
"C:\Program Files\Hummingbird\Connectivity\12.00\Accessories\HumSettings.exe" INSTALL=ALL NoFreeWhenWOW64=1



-- End of Deckard's System Scanner: finished at 2008-04-21 19:08:32 ------------
  • 0

#4
Rorschach112
Posted 21 April 2008 - 12:16 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O4 - HKCU\..\Run: [miueauiu] C:\WINDOWS\system32\chcrcjav.exe
O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - C:\WINDOWS\system32\bubbj.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINDOWS\system32smp
C:\Program Files\WinSpyKiller
C:\Program Files\PC-Cleaner
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\a.bat
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32bsva-egihsg52.exe
C:\Documents and Settings\OEM Student\Desktopvirii
C:\Documents and Settings\OEM Student\Desktopfilemanagerclient.exe
C:\WINDOWS\winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\bdn.com
C:\Documents and Settings\OEM Student\DesktopFWebdEditor.exe
C:\Documents and Settings\OEM Student\Desktopfwebd.exe
C:\WINDOWS\system32\chcrcjav.exe
C:\Documents and Settings\All Users\Application Data\qfmzepkt
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Now we need to reconfigure Windows XP to show hidden files:
Double-click the My Computer icon on the Windows desktop.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.




Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\BACKUP\IEXPLORE.EXE

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.



Reboot and do this


click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt
  • 0

#5
RikSaunderson
Posted 21 April 2008 - 12:59 PM

RikSaunderson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
This has taken a little while longer because I had a problem with Windows explorer, I booted up and Dr. Watson's Post Mortem debugger crashed, meaning that Windows explorer stopped being nice. Also, my active desktop has come up with an error, presumably because one if the issues on Friday afternoon was that the desktop started saying 'you have a virus, go to such and such a website'.

So far, though, the irritating popping up things have gone, and it seems to be running a bit faster than it was this morning. Mcaffee is still sucking up close to 75 MB of memory and I'm not sure whether or not that's normal, but broadly speaking it's looking good. Thank you so much, you are an absolute legend!

Ok then, so here's the moveit log:

Explorer killed successfully
C:\WINDOWS\system32smp moved successfully.
C:\Program Files\WinSpyKiller moved successfully.
C:\Program Files\PC-Cleaner moved successfully.
LoadLibrary failed for C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\userconfig9x.dll NOT unregistered.
C:\WINDOWS\userconfig9x.dll moved successfully.
C:\WINDOWS\system32winlogonpc.exe moved successfully.
C:\WINDOWS\FVProtect.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hoproxy.dll NOT unregistered.
C:\WINDOWS\system32hoproxy.dll moved successfully.
C:\WINDOWS\a.bat moved successfully.
LoadLibrary failed for C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32thun32.dll NOT unregistered.
C:\WINDOWS\system32thun32.dll moved successfully.
C:\WINDOWS\system32temp#01.exe moved successfully.
C:\WINDOWS\system32taack.exe moved successfully.
C:\WINDOWS\system32taack.dat moved successfully.
C:\WINDOWS\system32ssvchost.exe moved successfully.
C:\WINDOWS\system32ssvchost.com moved successfully.
LoadLibrary failed for C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssurf022.dll NOT unregistered.
C:\WINDOWS\system32ssurf022.dll moved successfully.
C:\WINDOWS\system32sncntr.exe moved successfully.
File/Folder C:\WINDOWS\system32smp not found.
LoadLibrary failed for C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32regm64.dll NOT unregistered.
C:\WINDOWS\system32regm64.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regc64.dll NOT unregistered.
C:\WINDOWS\system32regc64.dll moved successfully.
C:\WINDOWS\system32psoft1.exe moved successfully.
C:\WINDOWS\system32psof1.exe moved successfully.
C:\WINDOWS\system32ps1.exe moved successfully.
C:\WINDOWS\system32netode.exe moved successfully.
C:\WINDOWS\system32mwin32.exe moved successfully.
C:\WINDOWS\system32mtr2.exe moved successfully.
C:\WINDOWS\system32msvchost.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32msnbho.dll NOT unregistered.
C:\WINDOWS\system32msnbho.dll moved successfully.
C:\WINDOWS\system32msgp.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32medup020.dll NOT unregistered.
C:\WINDOWS\system32medup020.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup012.dll NOT unregistered.
C:\WINDOWS\system32medup012.dll moved successfully.
C:\WINDOWS\system32hxiwlgpm.exe moved successfully.
C:\WINDOWS\system32hxiwlgpm.dat moved successfully.
< C:\WINDOWS\system32h@tkeysh@@k.dll >
LoadLibrary failed for C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32h@tkeysh@@k.dll NOT unregistered.
C:\WINDOWS\system32h@tkeysh@@k.dll moved successfully.
C:\WINDOWS\system32dpcproxy.exe moved successfully.
C:\WINDOWS\system32bsva-egihsg52.exe moved successfully.
C:\Documents and Settings\OEM Student\Desktopvirii moved successfully.
C:\Documents and Settings\OEM Student\Desktopfilemanagerclient.exe moved successfully.
C:\WINDOWS\winsystem.exe moved successfully.
C:\WINDOWS\system32WINWGPX.EXE moved successfully.
C:\WINDOWS\system32winsystem.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32vcatchpi.dll NOT unregistered.
C:\WINDOWS\system32vcatchpi.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vbsys2.dll NOT unregistered.
C:\WINDOWS\system32vbsys2.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun.dll NOT unregistered.
C:\WINDOWS\system32thun.dll moved successfully.
C:\WINDOWS\system32sysreq.exe moved successfully.
C:\WINDOWS\system32Rundl1.exe moved successfully.
C:\WINDOWS\system32newsd32.exe moved successfully.
C:\WINDOWS\system32mssecu.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32emesx.dll NOT unregistered.
C:\WINDOWS\system32emesx.dll moved successfully.
C:\WINDOWS\system32bdn.com moved successfully.
LoadLibrary failed for C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32awtoolb.dll NOT unregistered.
C:\WINDOWS\system32awtoolb.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32anticipator.dll NOT unregistered.
C:\WINDOWS\system32anticipator.dll moved successfully.
C:\WINDOWS\system32akttzn.exe moved successfully.
C:\WINDOWS\mssecu.exe moved successfully.
C:\WINDOWS\bdn.com moved successfully.
C:\Documents and Settings\OEM Student\DesktopFWebdEditor.exe moved successfully.
C:\Documents and Settings\OEM Student\Desktopfwebd.exe moved successfully.
C:\WINDOWS\system32\chcrcjav.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\qfmzepkt moved successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04212008_192532


here's the virustotal log:

Antivirus Version Last Update Result
AhnLab-V3 2008.4.22.0 2008.04.21 -
AntiVir 7.8.0.8 2008.04.21 -
Authentium 4.93.8 2008.04.20 -
Avast 4.8.1169.0 2008.04.21 -
AVG 7.5.0.516 2008.04.21 -
BitDefender 7.2 2008.04.21 -
CAT-QuickHeal 9.50 2008.04.21 -
ClamAV 0.92.1 2008.04.21 -
DrWeb 4.44.0.09170 2008.04.21 -
eSafe 7.0.15.0 2008.04.21 -
eTrust-Vet 31.3.5720 2008.04.21 -
Ewido 4.0 2008.04.21 -
F-Prot 4.4.2.54 2008.04.20 -
F-Secure 6.70.13260.0 2008.04.21 -
FileAdvisor 1 2008.04.21 -
Fortinet 3.14.0.0 2008.04.21 -
Ikarus T3.1.1.26.0 2008.04.21 -
Kaspersky 7.0.0.125 2008.04.21 -
McAfee 5277 2008.04.18 -
Microsoft 1.3408 2008.04.21 -
NOD32v2 3043 2008.04.21 -
Norman 5.80.02 2008.04.21 -
Panda 9.0.0.4 2008.04.20 -
Prevx1 V2 2008.04.21 -
Rising 20.41.02.00 2008.04.21 -
Sophos 4.28.0 2008.04.21 -
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.21 -
TheHacker 6.2.92.285 2008.04.19 -
VBA32 3.12.6.4 2008.04.16 -
VirusBuster 4.3.26:9 2008.04.21 -
Webwasher-Gateway 6.6.2 2008.04.21 -
Additional information
File size: 60688 bytes
MD5...: 7e40955e4984a1b1d24fd11dc6036379
SHA1..: 018ca5a715de6f9bc1ef2e5b0a78124fc5407e50
SHA256: 8c26ba24e28a33ab45ea52ad3a9cf5c441a2ddfb9c3d1597582ef08f4bcd5aa4
SHA512: 405d0f48b23d7c77c66dfb17d6196ab51a2b8146b2908e498f24331fd4f22103
039591e6ab595aaa5c078ffedd146a9b58170aecee5988e084b3c3939103fdb4
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4013d1
timedatestamp.....: 0x393d6162 (Tue Jun 06 20:38:58 2000)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10cb 0x1200 5.84 8ad0b23a8ca4da27f09a31dc3c996684
.data 0x3000 0xa4 0x200 2.49 5dc83fbea4fc98012bc86d5b9aed5b49
.rsrc 0x4000 0xd020 0xd200 4.69 21d8f1b04a9bdfcefc55e592bca6abd1

( 3 imports )
> KERNEL32.dll: GetProcAddress, LoadLibraryA, ExitThread, GetModuleHandleA, GetStartupInfoA, SetErrorMode, GetCommandLineA, lstrlenW, MultiByteToWideChar, CreateEventA, GetCurrentThreadId, lstrcatA, lstrlenA, lstrcmpiA, lstrcpyA, GetModuleFileNameA, FreeLibrary, GetVersionExA, CloseHandle, WaitForSingleObject, LocalFree, LocalAlloc, RtlUnwind
> USER32.dll: DestroyWindow, DefWindowProcA, DispatchMessageA, SendMessageA, GetShellWindow, TranslateMessage, LoadStringA, CreateWindowExA, RegisterClassA, CreateMenu, GetClassNameA, ShowWindow, GetForegroundWindow, MsgWaitForMultipleObjects, wsprintfA, PeekMessageA
> SHLWAPI.dll: -, -, -, -, -, SHGetValueA, PathFindFileNameA, SHRegGetBoolUSValueA, StrStrIA

( 1 exports )
DllGetLCID
Bit9 info: http://fileadvisor.b...24fd11dc6036379

Here's the DSS main.txt:

Deckard's System Scanner v20071014.68
Run by OEM Student on 2008-04-21 19:50:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
24: 2008-04-21 08:49:44 UTC - RP934 - Deckard's System Scanner Restore Point
23: 2008-04-19 20:41:02 UTC - RP933 - Windows Defender Checkpoint
22: 2008-04-19 13:18:17 UTC - RP932 - Removed Logitech QuickCam
21: 2008-04-19 11:07:18 UTC - RP931 - Windows Defender Checkpoint
20: 2008-04-18 16:53:22 UTC - RP930 - Remove CloneCD


-- First Restore Point --
1: 2008-04-08 22:41:08 UTC - RP911 - Software Distribution Service 3.0


Performed disk cleanup.



-- HijackThis (run as OEM Student.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:55, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\OEM Student\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\OEMSTU~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [CFILP] C:\WINDOWS\CFILP.exe
O4 - HKLM\..\Run: [ADG] C:\WINDOWS\ADG.exe
O4 - HKLM\..\Run: [PSVZCF] C:\WINDOWS\PSVZCF.exe
O4 - HKLM\..\Run: [CGJMPTW] C:\WINDOWS\CGJMPTW.exe
O4 - HKLM\..\Run: [CFJ] C:\WINDOWS\CFJ.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorre...OPPDetector.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1207934881117
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 11393 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080421-192400-236 O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - C:\WINDOWS\system32\bubbj.dll (file missing)
backup-20080421-192400-421 O4 - HKCU\..\Run: [miueauiu] C:\WINDOWS\system32\chcrcjav.exe
backup-20080421-192400-731 R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
backup-20080421-192400-814 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Asapi - c:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 kbfilter (Keyboard Filter Driver) - c:\windows\system32\drivers\kbfilter.sys <Not Verified; WayTech Development, Inc.; Keyboard filter driver>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 Mtlmnt5 - c:\windows\system32\drivers\mtlmnt5.sys <Not Verified; ; Modem for Windows NT™ 5.0>
R3 Slntamr (NetoDragon AMR_PCI Driver) - c:\windows\system32\drivers\slntamr.sys <Not Verified; ; Modem>
R3 SlWdmSup - c:\windows\system32\drivers\slwdmsup.sys <Not Verified; Vireo Software; Driver::Works>

S3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1700>
S3 CamDrL (Logitech QuickCam Pro 3000(CamDrl)) - c:\windows\system32\drivers\camdrl.sys (file missing)
S3 catchme - c:\docume~1\oemstu~1\locals~1\temp\catchme.sys (file missing)
S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\program files\belkin\belkin 802.11g wireless pci card configuration utility\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 NTACCESS - e:\ntaccess.sys (file missing)
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 PhilCam8116_XP (Logitech QuickCam Pro 3000(PID_08B1)) - c:\windows\system32\drivers\camdrl20.sys (file missing)
S3 SetupNTGLM7X - e:\ntglm7x.sys (file missing)
S3 SMC1211 (SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver) - c:\windows\system32\drivers\smc1211.sys <Not Verified; SMC Networks Inc.; SMC EZ Card 10/100 PCI (SMC1211 Series)>
S3 USBFVNETR (Belkin 11Mbps Wireless USB Network Adapter) - c:\windows\system32\drivers\vnetusbr.sys <Not Verified; ATMEL; USB Wireless Network Adapter>
S3 V90drv - c:\windows\system32\drivers\v90drv.sys <Not Verified; ; Modem for windows NT>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 EpsonBidirectionalService - c:\program files\common files\epson\ebapi\eebsvc.exe
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>

S2 SLService (SmartLinkService) - slserv.exe <Not Verified; ; Modem>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_103A&SUBSYS_10398086&REV_82\4&1A671D0C&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_103A&SUBSYS_10398086&REV_82\4&1A671D0C&0&40F0
Service: E100B

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: A Hacker
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: A Hacker
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 3348)
2006-01-24 19:27:20 442368 --a------ C:\Program Files\TortoiseSVN\bin\TortoiseSVN.dll <Not Verified; www.tortoisesvn.org; TortoiseSVN>
2006-01-24 19:19:36 131072 --a------ C:\Program Files\TortoiseSVN\bin\libapr.dll <Not Verified; Apache Software Foundation; Apache Portable Runtime Project>
2006-01-24 19:21:04 163840 --a------ C:\Program Files\TortoiseSVN\bin\libaprutil.dll <Not Verified; Apache Software Foundation; Apache Portable Runtime Project>
2006-01-24 19:19:38 36864 --a------ C:\Program Files\TortoiseSVN\bin\libapriconv.dll <Not Verified; Apache Software Foundation; Apache Portable Runtime Project>
2005-12-30 13:41:26 34304 --a------ C:\Program Files\TortoiseSVN\bin\intl3_svn.dll <Not Verified; Free Software Foundation; libintl: accessing NLS message catalogs>
2001-02-07 02:17:02 364607 --a------ C:\Program Files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL <Not Verified; Microsoft Corporation; Microsoft® Handwriting Input UI>
2006-06-07 16:39:40 61440 --a------ C:\WINDOWS\SYSTEM32\BTNCopy.dll <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1700>
2007-03-28 11:52:00 576512 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll <Not Verified; Nokia; Phone Browser>
2007-03-28 14:42:30 655360 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll <Not Verified; Nokia; PC Suite Common Modules>
2007-03-27 14:31:02 27648 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.NLR <Not Verified; Nokia; Nokia Phone Browser>
2007-03-15 13:59:26 543744 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.NGR <Not Verified; Nokia; Nokia Phone Browser>


-- Scheduled Tasks -------------------------------------------------------------

2008-04-21 19:50:14 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-21 18:00:48 0 d-------- C:\WINDOWS\ERUNT
2008-04-21 14:12:58 0 d-------- C:\Program Files\Trend Micro
2008-04-21 10:26:20 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-21 10:20:10 0 d-------- C:\Program Files\SpywareBlaster
2008-04-21 10:18:54 0 d-------- C:\Program Files\SpywareGuard
2008-04-18 16:18:38 0 d-------- C:\Program Files\Windows Defender
2008-04-18 15:47:52 0 d-------- C:\Documents and Settings\OEM Student\Application Data\AdwareAlert
2008-04-17 21:19:01 0 d-------- C:\Documents and Settings\OEM Student\Application Data\TmpRecentIcons
2008-04-12 18:25:45 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-09 20:23:50 0 d-------- C:\Program Files\Kinnor Software
2008-04-09 20:23:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Kinnor Software
2008-03-22 21:40:34 0 d-------- C:\Program Files\Bullfrog
2008-03-22 21:29:16 0 d-------- C:\Program Files\Undisker
2008-03-22 21:00:04 0 d-------- C:\Program Files\SlySoft


-- Find3M Report ---------------------------------------------------------------

2008-04-21 14:48:58 0 d-------- C:\Documents and Settings\OEM Student\Application Data\BitTorrent
2008-04-20 17:22:56 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-20 17:22:55 0 d-------- C:\Program Files\Logitech
2008-04-19 14:25:48 0 d-------- C:\Program Files\Kazaa Lite K++
2008-04-19 12:03:43 0 d-------- C:\Program Files\Google
2008-04-18 17:52:17 0 d-------- C:\Documents and Settings\OEM Student\Application Data\Lavasoft
2008-04-09 22:46:30 0 d-------- C:\Program Files\QuickTime
2008-04-09 20:24:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-26 20:06:45 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-17 15:48:30 0 d-------- C:\Program Files\Java
2008-03-03 19:18:46 0 d-------- C:\Program Files\Apple Software Update
2008-02-29 13:10:41 10623 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [10/02/2003 08:59 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [06/10/2003 15:16]
"nwiz"="nwiz.exe" [06/10/2003 15:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [06/03/2003 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [25/02/2003 12:00]
"CFILP"="C:\WINDOWS\CFILP.exe" []
"ADG"="C:\WINDOWS\ADG.exe" []
"PSVZCF"="C:\WINDOWS\PSVZCF.exe" []
"CGJMPTW"="C:\WINDOWS\CGJMPTW.exe" []
"CFJ"="C:\WINDOWS\CFJ.exe" []
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [19/03/2002 17:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 13:20]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\OEM Student\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29/08/2003 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [05/02/2008 15:29:20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3D82B0C3-AAFA-400E-B2D1-46B7AD38AB8C}]
"C:\Program Files\Hummingbird\Connectivity\12.00\Accessories\HumSettings.exe" INSTALL=ALL NoFreeWhenWOW64=1



-- End of Deckard's System Scanner: finished at 2008-04-21 19:52:10 ------------


And here's the DSS extras.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.66GHz
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 2047.48 MiB / 1545.64 MiB
Pagefile Memory (total/avail): 2664.87 MiB / 2326.46 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1888.24 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 64.56 GiB total, 19.13 GiB free.
D: is CDROM (UDF)
E: is CDROM (No Media)
F: is Fixed (FAT32) - 5.47 GiB total, 5.47 GiB free.
G: is Fixed (NTFS) - 279.47 GiB total, 41.03 GiB free.

\\.\PHYSICALDRIVE1 - Maxtor 6L300R0 - 279.47 GiB - 1 partition
\PARTITION0 - Installable File System - 279.47 GiB - G:

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 64.56 GiB - C:
\PARTITION1 - Unknown - 3.49 GiB
\PARTITION2 - Unknown - 1027.6 MiB
\PARTITION3 - Extended w/Extended Int 13 - 5.48 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\PopCap Games\\Dynomite Deluxe\\Dynomite.exe"="C:\\Program Files\\PopCap Games\\Dynomite Deluxe\\Dynomite.exe:*:Disabled:Dynomite"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Disabled:KazaaLite"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"="C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\PopCap Games\\Rocket Mania Deluxe\\RocketMania.exe"="C:\\Program Files\\PopCap Games\\Rocket Mania Deluxe\\RocketMania.exe:*:Disabled:RocketMania"
"C:\\WINDOWS\\SYSTEM32\\rundll32.exe"="C:\\WINDOWS\\SYSTEM32\\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe"="C:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe:*:Enabled:Contribute"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Hummingbird\\Connectivity\\12.00\\Exceed\\exceed.exe"="C:\\Program Files\\Hummingbird\\Connectivity\\12.00\\Exceed\\exceed.exe:*:Enabled:Hummingbird Exceed 2007"
"C:\\Program Files\\Maple 10\\jre\\bin\\maple.exe"="C:\\Program Files\\Maple 10\\jre\\bin\\maple.exe:*:Enabled:maple"
"C:\\Program Files\\Maple 10\\jre\\bin\\java.exe"="C:\\Program Files\\Maple 10\\jre\\bin\\java.exe:*:Enabled:java"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\OEM Student\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\OEM Student\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:DNA"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\BitTorrent_DNA\\btdna.exe"="C:\\Program Files\\BitTorrent_DNA\\btdna.exe:*:Enabled:DNA"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\OEM Student\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RIK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\OEM Student
INCLUDE=C:\watcom-1.3\h;C:\watcom-1.3\h\nt;C:\watcom-1.3\maple\include
KMP_DUPLICATE_LIB_OK=TRUE
LM_LICENSE_FILE=c:\flexlm\license.dat
LOGONSERVER=\\RIK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\watcom-1.3\binnt;C:\watcom-1.3\binw;C:\Program Files\MiKTeX 2.5\miktex\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\SSH Communications Security\SSH Secure Shell;C:\Modeltech_6.0\win32;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\OEMSTU~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\OEMSTU~1\LOCALS~1\Temp
USERDOMAIN=RIK
USERNAME=OEM Student
USERPROFILE=C:\Documents and Settings\OEM Student
WATCOM=C:\watcom-1.3
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
OEM Student (admin)
Shay
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
--> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\Tpack.inf
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
AFPL Ghostscript 8.54 --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.54\uninstal.txt"
AFPL Ghostscript Fonts --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
AirTouch Elite keyboard --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\AirTouch Elite keyboard\uninst.isu" -c"C:\Program Files\AirTouch Elite keyboard\UnInst.dll"
Alt-Tab Task Switcher Powertoy for Windows XP --> MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASAPI Update --> C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
Aspell 0.6 Dictionary (Language: en) --> "C:\Documents and Settings\All Users\Application Data\Aspell\Dictionaries\Uninstall-AspellDict-en.exe"
Aspell 0.6 Dictionary (Language: he) --> "C:\Documents and Settings\All Users\Application Data\Aspell\Dictionaries\Uninstall-AspellDict-he.exe"
Aspell Data --> "C:\Documents and Settings\All Users\Application Data\Aspell\Uninstall-AspellData.exe" /AllUsers
Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Belarc Advisor 6.0 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Belkin 802.11g Wireless PCI Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59C2635E-336A-4CDF-8936-994F989E67D1}\Setup.exe"
Belkin Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Belkin Wireless USB Adapter Manager --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Belkin\Belkin Wireless USB Adapter Manager\Uninst.isu"
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
BT Yahoo! Applications --> C:\Program Files\Yahoo!\common\uninstall.exe
Calculator Powertoy for Windows XP --> MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CD and DVD Burner --> C:\WINDOWS\maUninst.exe CD and DVD Burner
Civilization III Complete Edition --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2157961D-0507-44A8-BCF2-1EE2D439E8DF}
Cool MP3 Splitter 2.2 --> "C:\Program Files\Cool MP3 Splitter\unins000.exe"
Core FTP LE 1.3c --> C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Total Pack --> C:\Program Files\DivX Total Pack\uninstall.exe
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dragon NaturallySpeaking 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6675E71B-9843-4971-BC15-18AB52801134}\setup.exe"
DVDXCopy 1.2.2 b628 (remove only) --> C:\Program Files\321Studios\DVDXCopy\Uninst.exe
EPSON PhotoQuicker3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2EFE303-A594-11D5-95EB-005004BC1C65}\setup.exe" uninst
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
EXPStudio Audio Editor FREE 3.99a --> C:\WINDOWS\EXPStudio Audio Editor FREE 3.99a Uninstaller.exe
Eyeball Chat 2.2 --> C:\PROGRA~1\Eyeball\EYEBAL~1\UNWISE.EXE C:\PROGRA~1\Eyeball\EYEBAL~1\INSTALL.LOG
FPGA Express Xilinx Edition 3.6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31EB27F6-4FDF-11D5-AD0A-00A0C9D5DC2C}\setup.exe" UNINSTALL_OEM
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l
  • 0

#6
Rorschach112
Posted 21 April 2008 - 01:21 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Reboot and post a new DSS log and tell me how your PC is running
  • 0

#7
RikSaunderson
Posted 22 April 2008 - 04:31 AM

RikSaunderson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi there,
Sorry it's taken a while to reply to this. With one exception, every time I boot up my computer, Dr. Watsons Post Mortem Debugger (whatever the [bleep] that is) crashes (i.e. the windows send error report / don't send box comes up). At the same time (and I don't know if the two are related or not), the task bar and pretty much every other Microsoft application apart from Task Manager stops working. the only way to run anything is by CTRL ALT DEL'ing into task manager and using the Run command from there, but it will only open up non-microsoft programs like firefox. The one time that this didn't happen was when I was able to load up firefox and run the OTMoveIt software before the postmortem thing crashed. I then downloaded mbam and ran that (which I did overnight), and then rebooted this morning. After several attempts, I haven't been able to get to anything useful because of the aforementioned crashing. I'm at work now, but I'll try again later.

Again, sorry for the delay, and thanks for all the help so far.
Rik
  • 0

#8
Rorschach112
Posted 22 April 2008 - 05:36 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Try go into Safe Mode and post the MBAM log from there

Also post a new DSS log
  • 0

#9
RikSaunderson
Posted 22 April 2008 - 12:12 PM

RikSaunderson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi there,
It seems to be stable this afternoon, although I haven't changed anything from last night or this morning when it wouldn't do anything. Apologies also for the bleep in the last message, I didn't realise this software bleeped the word beginning with H that rhymes with Well. Although explorer hasn't crashed yet, it is running fantastically slowly (slower than normal), and given that I'm running Windows XP Home with a 2.66GHz processor and 2GB of memory is a little worrying.

Thanks so much for all of your help so far
Rik

Here's the OTMoveIt log from 8 o clock last night when I ran it:
Explorer killed successfully
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk\\ deleted successfully.
File/Folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk not found.
C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup moved successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04212008_205746

Here's the MBAM log from 8 o clock last night when I ran it:

Malwarebytes' Anti-Malware 1.11
Database version: 667

Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 424260
Time elapsed: 3 hour(s), 30 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 55
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 43

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5937cd7f-1c0b-41e1-9075-60ebdf3c7d34} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\OEM Student\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM Student\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM Student\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Files Infected:
C:\Deckard\System Scanner\20080421110203\backup\DOCUME~1\OEMSTU~1\LOCALS~1\Temp\bafa4e0a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080421110203\backup\DOCUME~1\OEMSTU~1\LOCALS~1\Temp\dz0cznfr.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080421110203\backup\DOCUME~1\OEMSTU~1\LOCALS~1\Temp\GLK35.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080421110203\backup\DOCUME~1\OEMSTU~1\LOCALS~1\Temp\GLK7A.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080421110203\backup\DOCUME~1\OEMSTU~1\LOCALS~1\Temp\zfe1.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP922\A0097480.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP922\A0097482.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP923\A0097500.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP923\A0097502.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP924\A0097556.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP924\A0097557.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP926\A0097582.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP930\A0097724.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP930\A0097726.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP931\A0097739.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP931\A0097743.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP931\A0097744.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP934\A0098837.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP934\A0098843.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP934\A0098845.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP934\A0098855.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP934\A0098858.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP934\A0098860.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\f3pssavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04212008_192532\Documents and Settings\All Users\Application Data\qfmzepkt\idydsvij.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04212008_192532\WINDOWS\system32\chcrcjav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM Student\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM Student\Application Data\AdwareAlert\Log\2008 Apr 18 - 03_47_52 PM_961.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM Student\Application Data\AdwareAlert\Log\2008 Apr 18 - 03_48_19 PM_159.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM Student\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM Student\Desktopblackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM Student\DesktopEditorFKWP1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM Student\DesktopEditorFKWP2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM Student\Desktopfkwp1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM Student\Desktopfkwp2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM Student\DesktopTrojan.Win32.BlackBird.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

And here's a new DSS log from just now. Main.txt first:

Deckard's System Scanner v20071014.68
Run by OEM Student on 2008-04-22 19:10:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
24: 2008-04-21 08:49:44 UTC - RP934 - Deckard's System Scanner Restore Point
23: 2008-04-19 20:41:02 UTC - RP933 - Windows Defender Checkpoint
22: 2008-04-19 13:18:17 UTC - RP932 - Removed Logitech QuickCam
21: 2008-04-19 11:07:18 UTC - RP931 - Windows Defender Checkpoint
20: 2008-04-18 16:53:22 UTC - RP930 - Remove CloneCD


-- First Restore Point --
1: 2008-04-08 22:41:08 UTC - RP911 - Software Distribution Service 3.0


Performed disk cleanup.



-- HijackThis (run as OEM Student.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:55, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\OEM Student\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\OEMSTU~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Not As Good As Firefox
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [CFILP] C:\WINDOWS\CFILP.exe
O4 - HKLM\..\Run: [ADG] C:\WINDOWS\ADG.exe
O4 - HKLM\..\Run: [PSVZCF] C:\WINDOWS\PSVZCF.exe
O4 - HKLM\..\Run: [CGJMPTW] C:\WINDOWS\CGJMPTW.exe
O4 - HKLM\..\Run: [CFJ] C:\WINDOWS\CFJ.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorre...OPPDetector.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1207934881117
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 11412 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080421-192400-236 O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - C:\WINDOWS\system32\bubbj.dll (file missing)
backup-20080421-192400-421 O4 - HKCU\..\Run: [miueauiu] C:\WINDOWS\system32\chcrcjav.exe
backup-20080421-192400-731 R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
backup-20080421-192400-814 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Asapi - c:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 kbfilter (Keyboard Filter Driver) - c:\windows\system32\drivers\kbfilter.sys <Not Verified; WayTech Development, Inc.; Keyboard filter driver>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 Mtlmnt5 - c:\windows\system32\drivers\mtlmnt5.sys <Not Verified; ; Modem for Windows NT™ 5.0>
R3 Slntamr (NetoDragon AMR_PCI Driver) - c:\windows\system32\drivers\slntamr.sys <Not Verified; ; Modem>
R3 SlWdmSup - c:\windows\system32\drivers\slwdmsup.sys <Not Verified; Vireo Software; Driver::Works>

S3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1700>
S3 CamDrL (Logitech QuickCam Pro 3000(CamDrl)) - c:\windows\system32\drivers\camdrl.sys (file missing)
S3 catchme - c:\docume~1\oemstu~1\locals~1\temp\catchme.sys (file missing)
S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\program files\belkin\belkin 802.11g wireless pci card configuration utility\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 NTACCESS - e:\ntaccess.sys (file missing)
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 PhilCam8116_XP (Logitech QuickCam Pro 3000(PID_08B1)) - c:\windows\system32\drivers\camdrl20.sys (file missing)
S3 SetupNTGLM7X - e:\ntglm7x.sys (file missing)
S3 SMC1211 (SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver) - c:\windows\system32\drivers\smc1211.sys <Not Verified; SMC Networks Inc.; SMC EZ Card 10/100 PCI (SMC1211 Series)>
S3 USBFVNETR (Belkin 11Mbps Wireless USB Network Adapter) - c:\windows\system32\drivers\vnetusbr.sys <Not Verified; ATMEL; USB Wireless Network Adapter>
S3 V90drv - c:\windows\system32\drivers\v90drv.sys <Not Verified; ; Modem for windows NT>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 EpsonBidirectionalService - c:\program files\common files\epson\ebapi\eebsvc.exe
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>

S2 SLService (SmartLinkService) - slserv.exe <Not Verified; ; Modem>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_103A&SUBSYS_10398086&REV_82\4&1A671D0C&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_103A&SUBSYS_10398086&REV_82\4&1A671D0C&0&40F0
Service: E100B

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: A Hacker
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: A Hacker
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 2868)
2006-01-24 19:27:20 442368 --a------ C:\Program Files\TortoiseSVN\bin\TortoiseSVN.dll <Not Verified; www.tortoisesvn.org; TortoiseSVN>
2006-01-24 19:19:36 131072 --a------ C:\Program Files\TortoiseSVN\bin\libapr.dll <Not Verified; Apache Software Foundation; Apache Portable Runtime Project>
2006-01-24 19:21:04 163840 --a------ C:\Program Files\TortoiseSVN\bin\libaprutil.dll <Not Verified; Apache Software Foundation; Apache Portable Runtime Project>
2006-01-24 19:19:38 36864 --a------ C:\Program Files\TortoiseSVN\bin\libapriconv.dll <Not Verified; Apache Software Foundation; Apache Portable Runtime Project>
2005-12-30 13:41:26 34304 --a------ C:\Program Files\TortoiseSVN\bin\intl3_svn.dll <Not Verified; Free Software Foundation; libintl: accessing NLS message catalogs>
2001-02-07 02:17:02 364607 --a------ C:\Program Files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL <Not Verified; Microsoft Corporation; Microsoft® Handwriting Input UI>
2006-06-07 16:39:40 61440 --a------ C:\WINDOWS\SYSTEM32\BTNCopy.dll <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1700>
2007-03-28 11:52:00 576512 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll <Not Verified; Nokia; Phone Browser>
2007-03-28 14:42:30 655360 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll <Not Verified; Nokia; PC Suite Common Modules>
2007-03-27 14:31:02 27648 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.NLR <Not Verified; Nokia; Nokia Phone Browser>
2007-03-15 13:59:26 543744 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.NGR <Not Verified; Nokia; Nokia Phone Browser>
2004-03-16 11:26:24 275026 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll <Not Verified; Yahoo! Inc.; Yahoo! Companion 5.3 for Internet Explorer>


-- Scheduled Tasks -------------------------------------------------------------

2008-04-22 19:04:14 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-03-22 and 2008-04-22 -----------------------------

2008-04-21 20:37:05 0 d-------- C:\Documents and Settings\OEM Student\Application Data\Malwarebytes
2008-04-21 20:35:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 20:35:57 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 18:00:48 0 d-------- C:\WINDOWS\ERUNT
2008-04-21 14:12:58 0 d-------- C:\Program Files\Trend Micro
2008-04-21 10:26:20 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-21 10:20:10 0 d-------- C:\Program Files\SpywareBlaster
2008-04-21 10:18:54 0 d-------- C:\Program Files\SpywareGuard
2008-04-18 16:18:38 0 d-------- C:\Program Files\Windows Defender
2008-04-17 21:19:01 0 d-------- C:\Documents and Settings\OEM Student\Application Data\TmpRecentIcons
2008-04-12 18:25:45 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-09 20:23:50 0 d-------- C:\Program Files\Kinnor Software
2008-04-09 20:23:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Kinnor Software
2008-03-22 21:40:34 0 d-------- C:\Program Files\Bullfrog
2008-03-22 21:29:16 0 d-------- C:\Program Files\Undisker
2008-03-22 21:00:04 0 d-------- C:\Program Files\SlySoft


-- Find3M Report ---------------------------------------------------------------

2008-04-21 14:48:58 0 d-------- C:\Documents and Settings\OEM Student\Application Data\BitTorrent
2008-04-20 17:22:56 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-20 17:22:55 0 d-------- C:\Program Files\Logitech
2008-04-19 14:25:48 0 d-------- C:\Program Files\Kazaa Lite K++
2008-04-19 12:03:43 0 d-------- C:\Program Files\Google
2008-04-18 17:52:17 0 d-------- C:\Documents and Settings\OEM Student\Application Data\Lavasoft
2008-04-09 22:46:30 0 d-------- C:\Program Files\QuickTime
2008-04-09 20:24:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-26 20:06:45 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-17 15:48:30 0 d-------- C:\Program Files\Java
2008-03-03 19:18:46 0 d-------- C:\Program Files\Apple Software Update
2008-02-29 13:10:41 10623 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [10/02/2003 08:59 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [06/10/2003 15:16]
"nwiz"="nwiz.exe" [06/10/2003 15:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [06/03/2003 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [25/02/2003 12:00]
"CFILP"="C:\WINDOWS\CFILP.exe" []
"ADG"="C:\WINDOWS\ADG.exe" []
"PSVZCF"="C:\WINDOWS\PSVZCF.exe" []
"CGJMPTW"="C:\WINDOWS\CGJMPTW.exe" []
"CFJ"="C:\WINDOWS\CFJ.exe" []
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [19/03/2002 17:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 13:20]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\OEM Student\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29/08/2003 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [05/02/2008 15:29:20]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3D82B0C3-AAFA-400E-B2D1-46B7AD38AB8C}]
"C:\Program Files\Hummingbird\Connectivity\12.00\Accessories\HumSettings.exe" INSTALL=ALL NoFreeWhenWOW64=1



-- End of Deckard's System Scanner: finished at 2008-04-22 19:12:19 ------------

And here's the extras.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.66GHz
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 2047.48 MiB / 1449.03 MiB
Pagefile Memory (total/avail): 2664.87 MiB / 2232.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1892.24 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 64.56 GiB total, 19.18 GiB free.
D: is CDROM (UDF)
E: is CDROM (No Media)
F: is Fixed (FAT32) - 5.47 GiB total, 5.47 GiB free.
G: is Fixed (NTFS) - 279.47 GiB total, 41.03 GiB free.
H: is Removable (FAT)

\\.\PHYSICALDRIVE1 - Maxtor 6L300R0 - 279.47 GiB - 1 partition
\PARTITION0 - Installable File System - 279.47 GiB - G:

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 64.56 GiB - C:
\PARTITION1 - Unknown - 3.49 GiB
\PARTITION2 - Unknown - 1027.6 MiB
\PARTITION3 - Extended w/Extended Int 13 - 5.48 GiB - F:

\\.\PHYSICALDRIVE2 - USB2.0 (FS) FLASH DISK USB Device - 996.22 MiB - 1 partition
\PARTITION0 - 16-bit FAT - 1001.86 MiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\PopCap Games\\Dynomite Deluxe\\Dynomite.exe"="C:\\Program Files\\PopCap Games\\Dynomite Deluxe\\Dynomite.exe:*:Disabled:Dynomite"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Disabled:KazaaLite"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"="C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\PopCap Games\\Rocket Mania Deluxe\\RocketMania.exe"="C:\\Program Files\\PopCap Games\\Rocket Mania Deluxe\\RocketMania.exe:*:Disabled:RocketMania"
"C:\\WINDOWS\\SYSTEM32\\rundll32.exe"="C:\\WINDOWS\\SYSTEM32\\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe"="C:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe:*:Enabled:Contribute"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Hummingbird\\Connectivity\\12.00\\Exceed\\exceed.exe"="C:\\Program Files\\Hummingbird\\Connectivity\\12.00\\Exceed\\exceed.exe:*:Enabled:Hummingbird Exceed 2007"
"C:\\Program Files\\Maple 10\\jre\\bin\\maple.exe"="C:\\Program Files\\Maple 10\\jre\\bin\\maple.exe:*:Enabled:maple"
"C:\\Program Files\\Maple 10\\jre\\bin\\java.exe"="C:\\Program Files\\Maple 10\\jre\\bin\\java.exe:*:Enabled:java"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\OEM Student\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\OEM Student\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:DNA"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\BitTorrent_DNA\\btdna.exe"="C:\\Program Files\\BitTorrent_DNA\\btdna.exe:*:Enabled:DNA"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\OEM Student\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RIK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\OEM Student
INCLUDE=C:\watcom-1.3\h;C:\watcom-1.3\h\nt;C:\watcom-1.3\maple\include
KMP_DUPLICATE_LIB_OK=TRUE
LM_LICENSE_FILE=c:\flexlm\license.dat
LOGONSERVER=\\RIK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\watcom-1.3\binnt;C:\watcom-1.3\binw;C:\Program Files\MiKTeX 2.5\miktex\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\SSH Communications Security\SSH Secure Shell;C:\Modeltech_6.0\win32;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\OEMSTU~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\OEMSTU~1\LOCALS~1\Temp
USERDOMAIN=RIK
USERNAME=OEM Student
USERPROFILE=C:\Documents and Settings\OEM Student
WATCOM=C:\watcom-1.3
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
OEM Student (admin)
Shay
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------<
  • 0

#10
Rorschach112
Posted 22 April 2008 - 12:41 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#11
RikSaunderson
Posted 22 April 2008 - 04:26 PM

RikSaunderson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi there,
I've done all of the things you suggested in the last post (reinstalling Java took a fair while, but then everything to do with Java does!).

I still have no idea what Dr Watsons Post Mortem Debugger is, why explorer (I presume) screwed up like that or whether the two issues are related, and it is still happening. I THINK (I'm not entirely sure) that it only happens when I reboot the computer (i.e. instead of booting up from cold), although I'm only reaching this conclusion because out of the last 15 times or so that I've tried to start up my computer, it has workled properly on 3 of those occasions, 2 of which were cold starts instead of reboots.

Also, I did your reccomendations about ie, but I haven't used ie in 3 and a half years. Whatever it was that I picked up, it got in through firefox.

Thank you so much for all of your help, I'm pretty astounded that someone I don't know would put in this much work for free, I'm just glad to have my computer back!

Thank you so much
Rik
  • 0

#12
Rorschach112
Posted 22 April 2008 - 04:39 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP