Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Malware infestation?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Possible Malware infestation?

Unread postby whitenoiz » December 20th, 2007, 8:01 pm

Hi,
System Restore still not availabe; allied to this when we go to My computer>properties we get the same error message, also when we click on System in the Control Panel we get the same message.

System Speed is about the same as before, reboot still takes between 5 and 10 minutes.

Internet speed now seems to be running at around 35kbps which is a bit quicker than it was.

Opening control panel seems to have slowed down and add/remove programmes takes up to 3minutes to show the list of installed programs.

Toolbar at the bottom of the page cant make up its mind whether to be blue(normal) or white.

Curser seems a bit flakey, not steady.

Other than this, I think maybe we are getting there?

thanks
whitenoiz
Regular Member
 
Posts: 18
Joined: December 18th, 2007, 12:40 pm
Advertisement
Register to Remove

Re: Possible Malware infestation?

Unread postby curlylad » December 21st, 2007, 9:33 am

Good Afternoon whitenoiz

I'm a little concerned as we appear to have removed all the obvious malware but you still are experiencing problems.
OK, we'll look a little deeper now.


STEP 1

System Restore

You mentioned in your first log that you were requested to turn off system restore but then could not access it.
We will check this like so:-
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.



STEP 2

Deckards System Scanner

Download Deckard's System Scanner (DSS) from here
http://www.techsupportforum.com/sectools/Deckard/dss.exe and Save to your Desktop.
(Note: You must be logged onto an account with administrator privileges).
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts. OK what it wants to do.
  • When the scan is complete, two text files will open
    main.txt <- this one will be maximized
    extra.txt <- this one will be minimized
    ( Default location for both files is C:\Deckard\SystemScanner\ )
  • Copy/Paste the contents of main.txt and extra.txt into your next post please.




STEP 3

SDFix

Download SDFix and save it to your Desktop.
  • Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix)
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • You will see several choices. (1,2,3,A,B,U,E)
    • Type A (we just want a log).
    • Hit Enter.
    • It will take a few minutes to complete the scan.
    • Wait till the log pops up.
  • Post me the log C:\SystemReport.txt please



STEP 4

Report Back
  • Please now post back the 2 logs created by Deckards System Scanner which are main.txt and extra.txt
  • The SDFix Log
  • Plus a fresh HijackThis Log.

I will provide the next instructions as soon as possible.
User avatar
curlylad
Retired Graduate
 
Posts: 1829
Joined: February 5th, 2006, 5:07 pm
Location: Birmingham

Re: Possible Malware infestation?

Unread postby whitenoiz » December 21st, 2007, 3:44 pm

Hi, Good Evening,
Sorry to have missed you earlier, wasnt expecting you to be online mid afternoon!
System Restore still not accessible no matter which route you take to get to it. Get same error message as before. Same Error message occurs when trying ti access My Computer > Properties or Control Panel > System.

Here are the logs you asked for;

Deckards Main and Extra;

Deckard's System Scanner v20071014.68
Run by whitenoiz on 2007-12-21 20:00:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


-- Last 5 Restore Point(s) --
15: 2007-09-07 18:38:25 UTC - RP972 - System Checkpoint
14: 2007-09-06 14:53:35 UTC - RP971 - System Checkpoint
13: 2007-09-05 13:01:27 UTC - RP970 - Shockwave Player
12: 2007-09-05 11:40:56 UTC - RP969 - System Checkpoint
11: 2007-09-04 06:07:46 UTC - RP968 - System Checkpoint


-- First Restore Point --
1: 2007-08-21 06:33:43 UTC - RP958 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as whitenoiz.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:11, on 21/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetDrive\wdService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\whitenoiz\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\whitenoiz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://msnia.login.live.com/ppsecure/s ... rf?lc=2057
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IW_ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra button: My bookmarks Memotoo.com - {5DB85338-3621-4a55-BAF1-B657765CCCAA} - Shdocvw.dll (file missing)
O9 - Extra 'Tools' menuitem: My bookmarks Memotoo.com - {5DB85338-3621-4a55-BAF1-B657765CCCAA} - Shdocvw.dll (file missing)
O9 - Extra button: AllMyFavorites - {634D3B6D-B1FE-4538-8A09-FCE198C547E4} - C:\Program Files\AllMyFavorites\MyFavIE.dll
O9 - Extra 'Tools' menuitem: AllMyFavorites - {634D3B6D-B1FE-4538-8A09-FCE198C547E4} - C:\Program Files\AllMyFavorites\MyFavIE.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

--
End of file - 10097 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071217-003933-546 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
backup-20071220-001905-112 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20071220-001905-239 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20071220-001905-414 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071220-001905-228 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
backup-20071220-001905-317 O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ewido security suite driver - c:\program files\ewido anti-malware\guard.sys
R1 vobcom - c:\windows\system32\drivers\vobcom.sys <Not Verified; VOB Computersysteme GmbH; InstantWrite>
R1 vobiw - c:\windows\system32\drivers\vobiw.sys <Not Verified; VOB Computersysteme GmbH; InstantWrite>
R2 WebDriveFSD (WebDrive File System Driver) - c:\program files\netdrive\rffsd.sys
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 Cdrdrv - c:\windows\system32\drivers\cdrdrv.sys <Not Verified; VOB Computersysteme GmbH; InstantWrite>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys (file missing)
S3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)
S3 BDFSDRV - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 catchme - c:\docume~1\whiten~1\locals~1\temp\catchme.sys (file missing)
S3 DCamUSBSvis (Sound Vision Stream Driver) - c:\windows\system32\drivers\svstream.sys <Not Verified; Sound Vision Inc.; Sound Vision Stream Class Minidriver>
S3 Freeserve (TIDSLInstaller Device Driver) - c:\windows\system32\drivers\instl.sys <Not Verified; Allied Data Technologies; Installation helper>
S3 FreshIO - c:\program files\freshdevices\freshdiagnose\freshio.sys (file missing)
S3 TIAu5Bt (Copperjet ADSL modem Boot Device) - c:\windows\system32\drivers\tiau5bt.sys (file missing)
S3 TIAU5CO (Copperjet ADSL modem connecting with Freeserve Broadband) - c:\windows\system32\drivers\tiau5co.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 WebDriveService (WebDrive Service) - c:\program files\netdrive\wdservice.exe

S2 nhksrv (Netropa NHK Server) - c:\program files\netropa\multimedia keyboard\nhksrv.exe (file missing)
S3 Autocomplete (AutoComplete Service) - c:\progra~1\intern~2\autocomp.exe (file missing)
S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 ewido security suite guard - c:\program files\ewido anti-malware\ewidoguard.exe <Not Verified; ewido networks; guard>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-20 12:10:02 436 --a------ C:\WINDOWS\Tasks\User_Feed_Synchronization-{420E147D-6489-424E-B37F-15BC34EB9780}.job


-- Files created between 2007-11-21 and 2007-12-21 -----------------------------

2007-12-20 22:39:19 3320 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-20 22:34:49 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-20 22:34:49 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-12-20 22:34:49 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-12-20 22:34:49 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-12-20 22:34:49 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2007-12-20 22:34:49 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-20 17:27:45 0 dr-h----- C:\Documents and Settings\whitenoiz\Recent
2007-12-20 16:45:40 0 d-------- C:\New Folder <NEWFOL~1>
2007-12-18 21:15:24 0 d-------- C:\Program Files\Common Files\Java
2007-12-18 21:04:12 0 d-------- C:\Documents and Settings\whitenoiz\Application Data\Sun
2007-12-17 06:25:26 0 d-------- C:\WINDOWS\63D3864E464B4379B8F4A8C92EED76F0.TMP
2007-12-17 05:55:20 0 d-------- C:\Program Files\RogueRemover FREE
2007-12-17 04:11:55 0 d-------- C:\Program Files\Lavasoft
2007-12-17 04:11:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-16 23:09:00 0 d-------- C:\Program Files\Trend Micro
2007-12-14 13:51:25 0 d-------- C:\Documents and Settings\whitenoiz\.housecall6.6
2007-11-29 16:50:20 4096 --a------ C:\WINDOWS\system32\sysres.dll
2007-11-29 16:50:20 38567 --a------ C:\WINDOWS\system32\pcpbios.exe


-- Find3M Report ---------------------------------------------------------------

2007-12-19 02:05:10 40494 --a------ C:\WINDOWS\nsreg.dat
2007-11-04 05:40:14 0 d-------- C:\Program Files\Qumana3
2007-11-04 05:26:56 0 d-------- C:\Program Files\BlogPost
2007-10-19 15:28:40 53752 --a------ C:\Documents and Settings\whitenoiz\Application Data\GDIPFONTCACHEV1.DAT
2007-09-25 05:11:24 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [19/11/2002 22:01 C:\WINDOWS\SOUNDMAN.EXE]
"IW_ControlCenter"="C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [21/02/2003 10:27]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [30/09/2003 07:09]
"LWBMOUSE"="C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE" [09/11/2001 07:47]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [13/09/2003 21:36]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30/08/2007 13:15]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [21/12/2007 08:37]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [23/04/2006 01:39]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/10/2003 14:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [07/06/2007 14:08]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [11/06/2007 18:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 02:01:04]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [15/05/2007 11:10:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 localmachine # ***Inserted By STOPzilla***
127.0.0.1 http://www.searchforit.com # ***Inserted By STOPzilla***
127.0.0.1 zonebest.com # ***Inserted By STOPzilla***
127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
127.0.0.1 http://www.nude-teens-bodies.com # ***Inserted By STOPzilla***
127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla***
127.0.0.1 http://www.bundleware.com # ***Inserted By STOPzilla***
127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
127.0.0.1 http://www.on-search.com # ***Inserted By STOPzilla***
127.0.0.1 http://www.msmn.com # ***Inserted By STOPzilla***

20 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-12-21 20:02:55 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 2600+
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1023.48 MiB / 654.84 MiB
Pagefile Memory (total/avail): 2465.65 MiB / 2070.37 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.09 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 146.77 GiB total, 86.29 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 146.8 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 146.8 GiB - C:

\\.\PHYSICALDRIVE3 - IN-WIN iAPP MMC/SD USB Device

\\.\PHYSICALDRIVE1 - IN-WIN iAPP CF USB Device

\\.\PHYSICALDRIVE2 - IN-WIN iAPP MS USB Device

\\.\PHYSICALDRIVE4 - IN-WIN iAPP SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Bitdefender Firewall v8.0 (Softwin) Disabled
AV: Bitdefender Antivirus v8.0 (Softwin) Disabled
AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\whitenoiz\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MAIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\whitenoiz
LOGONSERVER=\\MAIN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\STOPzilla!;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\WHITEN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\WHITEN~1\LOCALS~1\Temp
USERDOMAIN=MAIN
USERNAME=whitenoiz
USERPROFILE=C:\Documents and Settings\whitenoiz
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

john veale (admin)
sylvie veale (admin)
Summer (admin)
Olivia (admin)
whitenoiz (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\System32\Uninst.isu
--> MsiExec.exe /I{63D3864E-464B-4379-B8F4-A8C92EED76F0}
--> MsiExec.exe /I{88F9401B-D6C7-4DF9-A927-E4529B143C1E}
--> MsiExec.exe /I{8941046B-CC2F-49C9-990B-A812679C6935}
--> MsiExec.exe /I{8A8EC9E2-5E42-4084-AD3E-95C4AB7DE4A1}
--> MsiExec.exe /I{A03D094E-06A1-4B7A-94B7-ED456B725A08}
--> MsiExec.exe /I{A2B3D1A5-82CA-4876-AFFA-DB304A3A4FE1}
--> MsiExec.exe /I{AE9040D0-87F4-4544-AE0E-8700D5CD7699}
--> MsiExec.exe /I{D3D7C4C9-F9F0-4104-B3EC-7512A55BA473}
--> MsiExec.exe /I{E61B400A-DE10-43E5-8F45-37DB764BFCFB}
--> MsiExec.exe /I{F62D22AA-74C7-42B6-AB43-9A6B0264FC20}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AceHTML 5 Freeware --> C:\WINDOWS\iun6002.exe "C:\Program Files\Visicom Media\AceHTML 5 Pro\irunin.ini"
AceHTML 5 Pro --> C:\WINDOWS\iun6002.exe "C:\Program Files\Visicom Media\AceHTML 5 Pro\irunin.ini"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~2\INSTALL.LOG
Adsense Status --> "C:\Program Files\Airbear Software\Adsense Status\unins000.exe"
Advanced Diary v1.3 --> "C:\Program Files\Advanced Diary\unins000.exe"
AirNav ACARS Decoder 2 --> MsiExec.exe /I{2592AB46-A8B2-45F4-8568-CADD2EC434D1}
AirNav Suite --> C:\WINDOWS\uninst.exe -f"C:\Program Files\AirNav Systems\AirNav Suite 4\DeIsL1.isu" -c"C:\Program Files\AirNav Systems\AirNav Suite 4\_ISREG32.DLL"
AllMyFavorites --> "C:\Program Files\AllMyFavorites\uninstall.exe"
ArcSoft Camera Suite --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\ArcSoft Camera Suite\Uninst.isu"
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{230CCBE9-14B0-4008-97AF-30C10F99E42C}\setup.exe" -l0x9
ArcSoft VideoImpression 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6762AB61-2BE9-45D8-B9F2-24014324CD35}\setup.exe" -l0x9
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Blog Post Builder 0.41 --> C:\Program Files\BlogPost\uninst.exe
Blurty (remove only) --> "C:\Program Files\Blurty\blurty-uninstall.exe"
Canon CanoScan Toolbox 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}\setup.exe" -l0x9 anything
CoffeeCup Direct FTP 5.2 Shareware --> C:\PROGRA~1\COFFEE~1\DIRECT~1.2\UNWISE.EXE C:\PROGRA~1\COFFEE~1\DIRECT~1.2\INSTALL.LOG
CoffeeCup HTML Editor --> C:\PROGRA~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\INSTALL.LOG
CoffeeCup HTML Editor 2006 --> C:\PROGRA~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\INSTALL.LOG
CSAPI (MS Office) spelling plugin for My Notes Center --> "C:\Program Files\My Notes CenterSpelling\uninstall.exe"
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Diary Book --> C:\WINDOWS\unvise32.exe C:\Program Files\uninstal.log
Disc API --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10C928A0-A8F9-45DE-B4FD-EB09245DAD6F}\setup.exe" -l0x9
DivX Codec --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Codec\uninstal.log
Easy Thumbnails (Remove only) --> "C:\Program Files\Easy Thumbnails\unins000.exe"
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DF4AC80-F76B-42AE-A263-15D2313D4472}\SETUP.EXE" -l0x9 UNINST
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESPR220 User's Guide --> C:\Program Files\EPSON\TPMANUAL\ESPR220\REF_G\DOCUNINS.EXE
ewido anti-malware --> C:\Program Files\ewido anti-malware\Uninstall.exe
FileZilla Client 3.0.1 --> C:\Program Files\FileZilla Client\uninstall.exe
Flash Catcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C6B728E-31B1-48B3-99B5-6B6BB85BC896}\setup.exe"
Flickr Uploadr 2.1 --> "C:\Program Files\Flickr Uploadr\uninstall.exe"
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
GMail Drive Shell Extension --> rundll32.exe C:\WINDOWS\system32\ShellExt\GMailFS.dll,Uninstall C:\WINDOWS\system32\ShellExt\GMailFS.inf
Good Keywords v2.01.100107 --> "C:\Program Files\Softnik Technologies\Good Keywords v2.01\unins000.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Desktop Plugin - Del.icio.us --> MsiExec.exe /X{54139492-27B5-4BFD-8429-7F8B9923DF06}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Notebook Extension for IE --> regsvr32 /u /s "C:\Program Files\Google\Google Notebook\gnotes1.0.2.6-2072219938.dll"
Google Pack Screensaver --> C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\1.1.514.27546\GoogleUpdater.exe" -uninstall
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Harry's Filters 3 --> C:\Program Files\HarrysFilters\SXUNINST.EXE
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ6 --> C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
iDailyDiary 3.20 --> "C:\Program Files\iDailyDiary\unins000.exe"
IEimage --> C:\Program Files\IEimage\uninstall.exe
Internet Explorer 7 Beta 2 --> "C:\WINDOWS\$NtUninstallie7beta2$\spuninst\spuninst.exe"
Jasc Paint Shop Photo Album --> MsiExec.exe /I{B76D4A7F-FF11-4420-947C-C3AD624B9DBA}
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KONICA_MINOLTA DiMAGE remote camera driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99E67091-D392-4031-AD2A-E9547F3615F8}\setup.exe" -l0x9
LJ.NET --> MsiExec.exe /I{A45EB03D-5C02-497E-9F97-82F3727C3C8B}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Manual CanoScan 3200,3200F --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9C54C44-BB5A-4B03-8907-C01A9790195A}\setup.exe" -l0x9
Memotoo.com plugin for I.E. v1.1 --> "C:\Program Files\Memotoo.com plugin for I.E\unins000.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Interactive Training --> C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Office Outlook Connector --> MsiExec.exe /I{61CC6D1A-672E-4519-B68F-DF796FB58906}
Microsoft Office Spell Checker --> C:\Program Files\OfficeSpeller\UnGins.exe "C:\Program Files\OfficeSpeller\install.log"
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Standard for Students and Teachers --> MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Express 9 --> C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
Microsoft Picture It! Library 9 --> C:\WINDOWS\system32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
MoreKeys 1.2 --> "C:\Braser\MoreKeys\uninstall-mk.exe"
Mouse Driver Mouse Driver 3.5 --> C:\Program Files\Mouse Driver\Mouse Driver\3.5\unins000.EXE
Mozilla ActiveX Control v1.7.12 --> C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
NetDrive --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NetDrive\Uninst.isu" -c"C:\Program Files\NetDrive\uninstall.dll"
Netscape Communicator 4.79 --> C:\WINDOWS\cd32.exe 4.79 (en)
Nic's XviD Decoder --> "C:\WINDOWS\System32\UninstXviDDec.exe"
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Office Keyboard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}\Setup.exe" -l0x9
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Opera 9.0 --> MsiExec.exe /X{7D6D2D15-3C83-4124-90A8-27CB8A972AAA}
Photobucket Uploader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6EE0E6FB-156F-47CF-8CA1-91EF3D0F9F06}\Setup.exe" -l0x9
PIF DESIGNER --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
Pinnacle InstantCD/DVD Suite --> MsiExec.exe /X{CFB93E3F-D045-4E78-9D35-CFA7AC35BE5D}
Plugin Commander Light --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\PICO_LIG.INF, DefaultUninstall.ntx86
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PSP Thumbnail Handler --> C:\Program Files\PSP Thumbnail Handler\Setup.exe /uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Quivic --> MsiExec.exe /I{78395B30-4920-476A-9C3C-7E61CEF263B3}
Qumana --> C:\Program Files\Qumana3\uninstall.exe
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Registry Mechanic --> "C:\Program Files\Registry Mechanic\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Spanish Whiz 6.6 --> "C:\Braser\SpanWhiz 66\uninstall-sw.exe"
Spanish Whiz Full Version --> "C:\Documents and Settings\whitenoiz\Application Data\spanwhiz7\unins000.exe"
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StartSpanish 3.5 --> "C:\Program Files\StartSpanish35\uninstall-ss.exe"
StartSpanish 3.6 --> "C:\Program Files\StartSpanish35\uninstall-ss.exe"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
Virtual Magnifying Glass 2.00 --> "C:\Program Files\Virtual Magnifying Glass\unins000.exe"
w.bloggar 4.00 --> "C:\Program Files\w.bloggar\Uninstall.exe" "C:\Program Files\w.bloggar\install.log" -u
Webaroo --> MsiExec.exe /I{7112e6b7-b651-4b77-8f89-599f3ae27889}
Website Builder 7.0.1 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Website Builder\irunin.ini"
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
WinBackup --> MsiExec.exe /X{EC984406-5CBB-435A-BB4B-B25BB32EDDC2}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Connect --> msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect --> MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows WMF Metafile Vulnerability HotFix 1.4 --> "C:\Program Files\WindowsMetafileFix\unins000.exe"
WinHTTrack Website Copier 3.40-2 --> "C:\Program Files\WinHTTrack\unins000.exe"
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
WordWax (remove only) --> "C:\Program Files\WordWax\uninst.exe"
Xenofex 1.0 --> C:\PROGRA~1\PHOTOS~1\PLUG-INS\UNWISE.EXE C:\PROGRA~1\PHOTOS~1\PLUG-INS\INSTALL.LOG
Yahoo! Anti-Spy --> C:\PROGRA~1\YAHOO!\COMMON\unypsr.exe
Yahoo! extras --> C:\PROGRA~1\YAHOO!\COMMON\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Yahoo! Photos Easy Upload Tool 1v6 --> C:\WINDOWS\system32\regsvr32 /u /s "C:\WINDOWS\cache\YDropper.dll"
Yahoo! Photos Print-at-Home Tool --> C:\WINDOWS\unins000.exe
Yahoo! Toolbar --> C:\PROGRA~1\YAHOO!\COMMON\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type6965 / Error
Event Submitted/Written: 12/21/2007 07:31:31 PM
Event ID/Source: 32045 / Microsoft Fax
Event Description:
Fax Service failed to initialize because it could not initialize the TAPI devices.


Verify that the fax modem was installed and configured correctly.
Win32 error code: -2147483576.
This error code indicates the cause of the error.

Event Record #/Type6964 / Error
Event Submitted/Written: 12/21/2007 07:31:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Event Record #/Type6956 / Error
Event Submitted/Written: 12/21/2007 00:28:28 PM
Event ID/Source: 32045 / Microsoft Fax
Event Description:
Fax Service failed to initialize because it could not initialize the TAPI devices.


Verify that the fax modem was installed and configured correctly.
Win32 error code: -2147483576.
This error code indicates the cause of the error.

Event Record #/Type6955 / Error
Event Submitted/Written: 12/21/2007 00:28:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Event Record #/Type6940 / Error
Event Submitted/Written: 12/20/2007 11:38:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.2180, faulting module srrstr.dll, version 5.1.2600.2180, fault address 0x0001ca8c.
Processing media-specific event for [rundll32.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type116239 / Error
Event Submitted/Written: 12/21/2007 07:34:21 PM
Event ID/Source: 7032 / Service Control Manager
Event Description:
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Event Record #/Type116226 / Error
Event Submitted/Written: 12/21/2007 07:33:23 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type116225 / Error
Event Submitted/Written: 12/21/2007 07:33:23 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type116224 / Error
Event Submitted/Written: 12/21/2007 07:33:23 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Security Center service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type116223 / Error
Event Submitted/Written: 12/21/2007 07:33:23 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.



-- End of Deckard's System Scanner: finished at 2007-12-21 20:02:55 ------------

SDFix;


System Report
*************

Run on 21/12/2007 at 20:15

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [576]
\??\C:\WINDOWS\system32\csrss.exe [632]
\??\C:\WINDOWS\system32\winlogon.exe [660]
C:\WINDOWS\system32\services.exe [704]
C:\WINDOWS\system32\lsass.exe [716]
C:\WINDOWS\system32\svchost.exe [864]
C:\WINDOWS\system32\svchost.exe [996]
C:\WINDOWS\System32\svchost.exe [1212]
C:\WINDOWS\System32\svchost.exe [1344]
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [1432]
C:\WINDOWS\system32\spoolsv.exe [1556]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [1668]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [1692]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [1724]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [1744]
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [1804]
C:\WINDOWS\System32\nvsvc32.exe [1824]
C:\WINDOWS\System32\svchost.exe [1864]
C:\WINDOWS\system32\wdfmgr.exe [2000]
C:\Program Files\NetDrive\wdService.exe [244]
C:\WINDOWS\system32\fxssvc.exe [344]
C:\WINDOWS\system32\svchost.exe [1172]
C:\WINDOWS\Explorer.EXE [1116]
C:\WINDOWS\SOUNDMAN.EXE [1444]
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe [284]
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe [620]
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE [628]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [1532]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1256]
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe [916]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [760]
C:\Program Files\Netropa\Onscreen Display\OSD.exe [612]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [380]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [876]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [1156]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [204]
C:\WINDOWS\system32\ctfmon.exe [1912]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [280]
C:\Program Files\PowerArchiver\PASTARTER.EXE [1848]
C:\Program Files\WinZip\WZQKPICK.EXE [1228]
C:\Program Files\Mozilla Firefox\firefox.exe [2896]


Drivers:

ADDRESS: IMAGE PATH:
804D7000: \WINDOWS\system32\ntoskrnl.exe
806EC000: \WINDOWS\system32\hal.dll
F7A2F000: \WINDOWS\system32\KDCOM.DLL
F793F000: \WINDOWS\system32\BOOTVID.dll
F74E0000: ACPI.sys
F7A31000: \WINDOWS\System32\DRIVERS\WMILIB.SYS
F74CF000: pci.sys
F752F000: isapnp.sys
F753F000: ohci1394.sys
F754F000: \WINDOWS\System32\DRIVERS\1394BUS.SYS
F7A33000: viaide.sys
F77AF000: \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F755F000: MountMgr.sys
F74B0000: ftdisk.sys
F77B7000: PartMgr.sys
F756F000: VolSnap.sys
F7498000: atapi.sys
F757F000: disk.sys
F758F000: \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F7478000: fltmgr.sys
F7466000: sr.sys
F77BF000: PxHelp20.sys
F7443000: Fastfat.sys
F742C000: KSecDD.sys
F73FF000: NDIS.sys
F77C7000: viaagp1.sys
F73E4000: Mup.sys
F75BF000: \SystemRoot\System32\DRIVERS\nic1394.sys
F75CF000: \SystemRoot\System32\DRIVERS\amdk7.sys
F725E000: \SystemRoot\System32\DRIVERS\nv4_mini.sys
F724A000: \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F721A000: \SystemRoot\System32\DRIVERS\HSFHWBS2.sys
F71F7000: \SystemRoot\System32\DRIVERS\ks.sys
F70F3000: \SystemRoot\System32\DRIVERS\HSF_DP.sys
F7058000: \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
F77DF000: \SystemRoot\System32\Drivers\Modem.SYS
F77E7000: \SystemRoot\System32\DRIVERS\usbuhci.sys
F7035000: \SystemRoot\System32\DRIVERS\USBPORT.SYS
F77EF000: \SystemRoot\System32\DRIVERS\usbehci.sys
F75DF000: \SystemRoot\System32\DRIVERS\i8042prt.sys
F77F7000: \SystemRoot\System32\DRIVERS\mouclass.sys
F7A35000: \SystemRoot\System32\DRIVERS\msikbd2k.sys
F77FF000: \SystemRoot\System32\DRIVERS\kbdclass.sys
F7807000: \SystemRoot\System32\DRIVERS\fdc.sys
F75EF000: \SystemRoot\System32\DRIVERS\serial.sys
F79B7000: \SystemRoot\System32\DRIVERS\serenum.sys
F6FF9000: \SystemRoot\System32\DRIVERS\parport.sys
F75FF000: \SystemRoot\System32\DRIVERS\imapi.sys
F79BB000: \SystemRoot\system32\drivers\pfc.sys
F780F000: \SystemRoot\System32\Drivers\ASAPIW2K.sys
F760F000: \SystemRoot\System32\DRIVERS\cdrom.sys
F761F000: \SystemRoot\System32\DRIVERS\redbook.sys
F6FE5000: \SystemRoot\System32\Drivers\Cdrdrv.sys
F762F000: \SystemRoot\System32\Drivers\Cdfs.SYS
F6FD4000: \SystemRoot\System32\Drivers\Udfs.SYS
F6F26000: \SystemRoot\system32\drivers\ALCXWDM.SYS
F6F02000: \SystemRoot\system32\drivers\portcls.sys
F763F000: \SystemRoot\system32\drivers\drmk.sys
F7817000: \SystemRoot\System32\DRIVERS\fetnd5.sys
F7B63000: \SystemRoot\System32\DRIVERS\audstub.sys
F7A37000: \SystemRoot\System32\Drivers\RootMdm.sys
F764F000: \SystemRoot\System32\DRIVERS\rasl2tp.sys
F79C3000: \SystemRoot\System32\DRIVERS\ndistapi.sys
F6EEB000: \SystemRoot\System32\DRIVERS\ndiswan.sys
F765F000: \SystemRoot\System32\DRIVERS\raspppoe.sys
F766F000: \SystemRoot\System32\DRIVERS\raspptp.sys
F781F000: \SystemRoot\System32\DRIVERS\TDI.SYS
F6E3A000: \SystemRoot\System32\DRIVERS\psched.sys
F767F000: \SystemRoot\System32\DRIVERS\msgpc.sys
F7827000: \SystemRoot\System32\DRIVERS\ptilink.sys
F782F000: \SystemRoot\System32\DRIVERS\raspti.sys
F768F000: \SystemRoot\System32\DRIVERS\termdd.sys
F7A39000: \SystemRoot\System32\DRIVERS\swenum.sys
F6E06000: \SystemRoot\System32\DRIVERS\update.sys
F79CF000: \SystemRoot\System32\DRIVERS\mssmbios.sys
F769F000: \SystemRoot\System32\Drivers\NDProxy.SYS
F79F3000: \SystemRoot\system32\drivers\MODEMCSA.sys
F76BF000: \SystemRoot\System32\DRIVERS\usbhub.sys
F7A3F000: \SystemRoot\System32\DRIVERS\USBD.SYS
F7837000: \SystemRoot\System32\DRIVERS\flpydisk.sys
F7847000: \SystemRoot\System32\Drivers\vobcom.SYS
F7A41000: \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7B9D000: \SystemRoot\System32\Drivers\Null.SYS
F7A43000: \SystemRoot\System32\Drivers\Beep.SYS
F7BA0000: \SystemRoot\system32\drivers\avgclean.sys
F7BA2000: \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F784F000: \SystemRoot\System32\drivers\vga.sys
F7A45000: \SystemRoot\System32\Drivers\mnmdd.SYS
F7A47000: \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7857000: \SystemRoot\System32\Drivers\Msfs.SYS
F785F000: \SystemRoot\System32\Drivers\Npfs.SYS
F5C8C000: \SystemRoot\System32\Drivers\vobiw.SYS
F7A07000: \SystemRoot\System32\DRIVERS\rasacd.sys
F5C79000: \SystemRoot\System32\DRIVERS\ipsec.sys
F5C21000: \SystemRoot\System32\DRIVERS\tcpip.sys
F5C00000: \SystemRoot\System32\DRIVERS\ipnat.sys
F76DF000: \SystemRoot\System32\DRIVERS\wanarp.sys
F5BB0000: \SystemRoot\System32\DRIVERS\netbt.sys
F76EF000: \SystemRoot\System32\DRIVERS\arp1394.sys
F7A1B000: \SystemRoot\System32\drivers\ws2ifsl.sys
F5B8E000: \SystemRoot\System32\drivers\afd.sys
F76FF000: \SystemRoot\System32\DRIVERS\netbios.sys
F5B63000: \SystemRoot\System32\DRIVERS\rdbss.sys
F5AF4000: \SystemRoot\System32\DRIVERS\mrxsmb.sys
F770F000: \SystemRoot\System32\Drivers\Fips.SYS
F7BBB000: \??\C:\Program Files\ewido anti-malware\guard.sys
F598B000: \SystemRoot\System32\Drivers\avg7core.sys
F7867000: \SystemRoot\System32\DRIVERS\usbprint.sys
F786F000: \SystemRoot\System32\DRIVERS\USBSTOR.SYS
F7A49000: \SystemRoot\System32\Drivers\avg7rsw.sys
F7877000: \SystemRoot\System32\Drivers\avg7rsxp.sys
F7BE8000: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
F5973000: \SystemRoot\System32\Drivers\dump_atapi.sys
F7A4B000: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000: \SystemRoot\System32\win32k.sys
F7019000: \SystemRoot\System32\drivers\Dxapi.sys
F787F000: \SystemRoot\System32\watchdog.sys
BF9C3000: \SystemRoot\System32\drivers\dxg.sys
F7C43000: \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000: \SystemRoot\System32\nv4_disp.dll
F4882000: \SystemRoot\System32\DRIVERS\atmuni.sys
F4948000: \SystemRoot\System32\DRIVERS\ndisuio.sys
F5A84000: \SystemRoot\System32\DRIVERS\rawwan.sys
F3E75000: \SystemRoot\System32\DRIVERS\mrxdav.sys
F7A6B000: \SystemRoot\System32\Drivers\ParVdm.SYS
F7A73000: \SystemRoot\System32\Drivers\avgtdi.sys
F3D3E000: \SystemRoot\System32\DRIVERS\HSF_FALL.sys
F3D21000: \SystemRoot\System32\DRIVERS\HSF_FSKS.sys
F3CC1000: \SystemRoot\System32\DRIVERS\HSF_K56K.sys
F3F5E000: \SystemRoot\System32\DRIVERS\mdmxsdk.sys
F3C68000: \SystemRoot\System32\DRIVERS\HSF_FAXX.sys
F7887000: \SystemRoot\System32\DRIVERS\strmdisp.sys
F3C28000: \??\C:\WINDOWS\system32\drivers\tmcomm.sys
F3EA2000: \SystemRoot\System32\DRIVERS\HSF_TONE.sys
F3AE8000: \SystemRoot\System32\DRIVERS\HSF_V124.sys
F3A96000: \SystemRoot\System32\DRIVERS\srv.sys
F3DB5000: \??\C:\Program Files\NetDrive\rffsd.sys
F3851000: \SystemRoot\system32\drivers\wdmaud.sys
F3BD8000: \SystemRoot\system32\drivers\sysaudio.sys
F3803000: \SystemRoot\system32\drivers\kmixer.sys
F3512000: \SystemRoot\System32\Drivers\HTTP.sys
F792F000: \??\C:\DOCUME~1\WHITEN~1\LOCALS~1\Temp\catchme.sys
7C900000: \WINDOWS\System32\ntdll.dll


Files Created/Modified - 60 Days :


C:\

‰>!–»—€>– t»L—¾Ã–‹>˜¹ ¬<?uŠ< tªCâñ±° 8t°.ª¬<?uŠ< t - 1252,
21 Dec 2007 19:30:30 1,610,612,736 A.SH. "C:\pagefile.sys"
21 Dec 2007 19:30:32 1,073,270,784 A.SH. "C:\hiberfil.sys"
19 Dec 2007 2:52:48 244 A..H. "C:\sqmnoopt00.sqm"
20 Dec 2007 4:41:50 12,196 A.... "C:\ComboFix2.txt"
20 Dec 2007 0:02:24 244 A..H. "C:\sqmnoopt01.sqm"
20 Dec 2007 0:02:24 268 A..H. "C:\sqmdata00.sqm"
20 Dec 2007 0:08:20 244 A..H. "C:\sqmnoopt02.sqm"
20 Dec 2007 0:08:20 268 A..H. "C:\sqmdata01.sqm"
27 Oct 2007 19:22:04 244 A..H. "C:\sqmnoopt18.sqm"
27 Oct 2007 19:22:04 232 A..H. "C:\sqmdata17.sqm"
19 Dec 2007 2:20:20 244 A..H. "C:\sqmnoopt19.sqm"
19 Dec 2007 2:20:20 268 A..H. "C:\sqmdata18.sqm"
19 Dec 2007 2:52:48 268 A..H. "C:\sqmdata19.sqm"
20 Dec 2007 22:39:46 4,408 A.... "C:\rapport.txt"
20 Dec 2007 22:54:00 13,560 A.... "C:\ComboFix.txt"


C:\WINDOWS\

20 Dec 2007 22:53:18 332 A.... "C:\WINDOWS\system.ini"
17 Dec 2007 3:04:30 1,393 A.... "C:\WINDOWS\imsins.log"
17 Dec 2007 6:43:10 210,608 A.... "C:\WINDOWS\setupact.log"
17 Dec 2007 3:04:30 718,104 A.... "C:\WINDOWS\ocgen.log"
17 Dec 2007 3:04:30 1,393,005 A.... "C:\WINDOWS\FaxSetup.log"
17 Dec 2007 3:04:30 213,599 A.... "C:\WINDOWS\iis6.log"
17 Dec 2007 3:04:30 467,474 A.... "C:\WINDOWS\comsetup.log"
17 Dec 2007 3:04:30 287,300 A.... "C:\WINDOWS\ntdtcsetup.log"
17 Dec 2007 3:04:30 536,330 A.... "C:\WINDOWS\tsoc.log"
17 Dec 2007 3:04:30 69,489 A.... "C:\WINDOWS\msgsocm.log"
17 Dec 2007 3:04:30 65,494 A.... "C:\WINDOWS\ocmsn.log"
21 Dec 2007 14:38:16 50 A.... "C:\WINDOWS\wiaservc.log"
21 Dec 2007 19:30:38 2,048 A.S.. "C:\WINDOWS\bootstat.dat"
21 Dec 2007 19:31:32 32,638 A.... "C:\WINDOWS\SchedLgU.Txt"
21 Dec 2007 19:33:24 0 A.... "C:\WINDOWS\0.log"
19 Dec 2007 2:32:50 169 A.... "C:\WINDOWS\wininit.ini"
12 Dec 2007 7:39:58 8,843 A.... "C:\WINDOWS\KB943460.log"
17 Dec 2007 1:39:44 13,022 A.... "C:\WINDOWS\KB944653.log"
17 Dec 2007 1:39:50 12,411 A.... "C:\WINDOWS\KB941568.log"
17 Dec 2007 3:04:30 13,394 A.... "C:\WINDOWS\KB941569.log"
18 Dec 2007 20:06:14 56,746 A.... "C:\WINDOWS\setupapi.log"
21 Dec 2007 9:28:02 1,836 A.... "C:\WINDOWS\ModemLog_Standard 14400 bps Modem.txt"
21 Dec 2007 9:28:20 11,226 A.... "C:\WINDOWS\ModemLog_Standard 14400 bps Modem #2.txt"
4 Dec 2007 2:43:34 31 A.... "C:\WINDOWS\album.ini"
17 Dec 2007 9:11:02 9,528 A.... "C:\WINDOWS\KB892130.log"
21 Dec 2007 19:39:54 245 A.... "C:\WINDOWS\Msiosd.ini"
17 Dec 2007 1:39:56 24,506 A.... "C:\WINDOWS\KB942763.log"
21 Dec 2007 19:31:32 1,955,041 A.... "C:\WINDOWS\WindowsUpdate.log"
17 Dec 2007 1:39:54 1,393 A.... "C:\WINDOWS\imsins.BAK"
21 Dec 2007 12:53:12 54,156 A..H. "C:\WINDOWS\QTFont.qfn"
12 Dec 2007 7:39:54 50,191 A.... "C:\WINDOWS\updspapi.log"
20 Dec 2007 0:07:32 3,023,812 A.... "C:\WINDOWS\EventSystem.log"
19 Dec 2007 2:05:10 40,494 A.... "C:\WINDOWS\nsreg.dat"
20 Dec 2007 18:33:32 12,678 A.... "C:\WINDOWS\ie7_main.log"
20 Dec 2007 16:39:14 1,409 A.... "C:\WINDOWS\QTFont.for"
19 Dec 2007 2:23:34 173,159 A.... "C:\WINDOWS\wmsetup.log"
17 Dec 2007 1:56:06 1,074,476 A.... "C:\WINDOWS\setupapi.log.1.old"
20 Dec 2007 18:33:26 778 A.... "C:\WINDOWS\ie7beta2Uninst.log"
5 Nov 2007 3:52:08 12,515 A.... "C:\WINDOWS\KB941202.log"
5 Nov 2007 3:55:02 7,866 A.... "C:\WINDOWS\KB933729.log"
21 Dec 2007 9:28:02 3,886 A.... "C:\WINDOWS\ModemLog_CNXT V9x PCI Modem.txt"
21 Dec 2007 9:28:08 5,058 A.... "C:\WINDOWS\ModemLog_Standard 300 bps Modem.txt"
21 Dec 2007 19:31:18 159 A.... "C:\WINDOWS\wiadebug.log"
3 Dec 2007 0:00:06 18,684,536 A.... "C:\WINDOWS\system32\MRT.exe"
21 Dec 2007 19:39:38 1,158 A.... "C:\WINDOWS\system32\wpa.dbl"
21 Dec 2007 19:40:52 77,174 A.... "C:\WINDOWS\system32\perfc009.dat"
21 Dec 2007 19:40:52 473,970 A.... "C:\WINDOWS\system32\perfh009.dat"
4 Dec 2007 1:00:44 136,704 A.... "C:\WINDOWS\system32\swsc.exe"
13 Dec 2007 21:26:52 156,160 A.... "C:\WINDOWS\system32\swreg.exe"
27 Oct 2007 17:40:06 227,328 A.... "C:\WINDOWS\system32\wmasf.dll"
29 Nov 2007 16:50:20 38,567 A.... "C:\WINDOWS\system32\pcpbios.exe"
29 Nov 2007 16:50:20 4,096 A.... "C:\WINDOWS\system32\sysres.dll"
29 Oct 2007 23:43:04 1,287,680 A.... "C:\WINDOWS\system32\quartz.dll"
13 Nov 2007 12:31:12 60,416 ..... "C:\WINDOWS\system32\tzchange.exe"
26 Oct 2007 4:34:02 8,460,288 A.... "C:\WINDOWS\system32\shell32.dll"
20 Dec 2007 22:39:20 3,320 A.... "C:\WINDOWS\system32\tmp.reg"
20 Dec 2007 22:39:20 0 A.... "C:\WINDOWS\system32\tmp.txt"
28 Oct 2007 10:56:32 224,024 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
21 Dec 2007 19:40:52 559,754 A.... "C:\WINDOWS\system32\PerfStringBackup.INI"
29 Oct 2007 11:04:04 350,720 A.... "C:\WINDOWS\system32\xpsp3res.dll"
19 Dec 2007 22:57:44 81,920 A.... "C:\WINDOWS\system32\IEDFix.exe"
17 Dec 2007 1:49:02 10,447 A.... "C:\WINDOWS\system32\DslWz.log"
18 Dec 2007 21:15:52 5,329 A.... "C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log"
17 Dec 2007 1:39:52 387,734 A.... "C:\WINDOWS\system32\TZLog.log"
14 Nov 2007 10:57:28 705 ..... "C:\WINDOWS\inf\branches.inf"
5 Nov 2007 3:51:50 993,248 A.... "C:\WINDOWS\inf\LAYOUT.PNF"
17 Dec 2007 3:02:44 222,180 A.... "C:\WINDOWS\inf\drvindex.PNF"
1 Nov 2007 14:23:46 7,800 A.... "C:\WINDOWS\inf\certclas.PNF"
17 Dec 2007 3:03:20 11,468 A.... "C:\WINDOWS\inf\hal.PNF"
5 Nov 2007 3:51:48 6,756 A.... "C:\WINDOWS\inf\SYSOC.PNF"
5 Nov 2007 3:51:50 12,416 A.... "C:\WINDOWS\inf\wbemoc.PNF"
5 Nov 2007 3:51:50 55,728 A.... "C:\WINDOWS\inf\fxsocm.PNF"
5 Nov 2007 3:51:50 16,448 A.... "C:\WINDOWS\inf\netoc.PNF"
5 Nov 2007 3:51:50 100,544 A.... "C:\WINDOWS\inf\iis.PNF"
5 Nov 2007 3:51:52 134,788 A.... "C:\WINDOWS\inf\comnt5.PNF"
5 Nov 2007 3:51:54 10,240 A.... "C:\WINDOWS\inf\dtcnt5.PNF"
5 Nov 2007 3:51:56 41,164 A.... "C:\WINDOWS\inf\setupqry.PNF"
5 Nov 2007 3:51:56 122,672 A.... "C:\WINDOWS\inf\tsoc.PNF"
5 Nov 2007 3:51:58 105,040 A.... "C:\WINDOWS\inf\ims.PNF"
5 Nov 2007 3:51:58 17,568 A.... "C:\WINDOWS\inf\fp40ext.PNF"
5 Nov 2007 3:52:00 87,456 A.... "C:\WINDOWS\inf\msmsgs.PNF"
5 Nov 2007 3:52:00 4,056 A.... "C:\WINDOWS\inf\wmaccess.PNF"
5 Nov 2007 3:52:00 3,932 A.... "C:\WINDOWS\inf\rootau.PNF"
5 Nov 2007 3:52:00 4,464 A.... "C:\WINDOWS\inf\ieaccess.PNF"
5 Nov 2007 3:52:00 4,384 A.... "C:\WINDOWS\inf\oeaccess.PNF"
5 Nov 2007 3:52:00 4,408 A.... "C:\WINDOWS\inf\wmpocm.PNF"
5 Nov 2007 3:52:00 15,092 A.... "C:\WINDOWS\inf\games.PNF"
5 Nov 2007 3:52:02 48,316 A.... "C:\WINDOWS\inf\accessor.PNF"
5 Nov 2007 3:52:02 17,476 A.... "C:\WINDOWS\inf\communic.PNF"
5 Nov 2007 3:52:02 11,984 A.... "C:\WINDOWS\inf\multimed.PNF"
5 Nov 2007 3:52:02 21,688 A.... "C:\WINDOWS\inf\optional.PNF"
5 Nov 2007 3:52:02 12,368 A.... "C:\WINDOWS\inf\pinball.PNF"
5 Nov 2007 3:52:02 16,656 A.... "C:\WINDOWS\inf\wordpad.PNF"
5 Nov 2007 3:52:04 13,260 A.... "C:\WINDOWS\inf\igames.PNF"
5 Nov 2007 3:52:04 19,232 A.... "C:\WINDOWS\inf\msnmsn.PNF"
5 Nov 2007 3:52:04 19,900 A.... "C:\WINDOWS\inf\netsnmp.PNF"
5 Nov 2007 3:52:04 6,928 A.... "C:\WINDOWS\inf\wbemsnmp.PNF"
5 Nov 2007 3:52:06 10,732 A.... "C:\WINDOWS\inf\nettpsmp.PNF"
5 Nov 2007 3:52:06 4,004 A.... "C:\WINDOWS\inf\netupnp.PNF"
5 Nov 2007 3:52:06 3,652 A.... "C:\WINDOWS\inf\netbeac.PNF"
5 Nov 2007 3:52:06 6,216 A.... "C:\WINDOWS\inf\netiprip.PNF"
5 Nov 2007 3:52:06 10,412 A.... "C:\WINDOWS\inf\netlpd.PNF"
5 Nov 2007 3:52:06 14,240 A.... "C:\WINDOWS\inf\p2p.PNF"
5 Nov 2007 3:52:04 105,644 A.... "C:\WINDOWS\inf\startoc.PNF"
19 Dec 2007 2:23:16 6,770 A.... "C:\WINDOWS\inf\DRM10.PNF"
19 Dec 2007 2:23:16 13,082 A.... "C:\WINDOWS\inf\codecs10.PNF"
19 Dec 2007 2:23:20 10,744 A.... "C:\WINDOWS\inf\WMFSDK10.PNF"
19 Dec 2007 2:23:18 22,146 A.... "C:\WINDOWS\inf\WMDM10.PNF"
19 Dec 2007 2:23:22 10,524 A.... "C:\WINDOWS\inf\WPD10.PNF"
1 Nov 2007 14:23:46 65,516 A.... "C:\WINDOWS\inf\WMP10.PNF"
19 Dec 2007 2:23:18 5,322 A.... "C:\WINDOWS\inf\MPCD10.PNF"
19 Dec 2007 2:23:18 5,346 A.... "C:\WINDOWS\inf\MPSTUB10.PNF"
19 Dec 2007 2:23:20 5,242 A.... "C:\WINDOWS\inf\WMSET10.PNF"
20 Dec 2007 0:22:00 0 A.... "C:\WINDOWS\Temp\T30DebugLogFile.txt"
21 Dec 2007 20:14:26 0 A.... "C:\WINDOWS\Temp\scs42.tmp"
21 Dec 2007 19:30:38 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
17 Dec 2007 1:43:08 20,768 A.... "C:\WINDOWS\Debug\mrt.log"
17 Dec 2007 1:43:08 2,918 A.... "C:\WINDOWS\Debug\mrteng.log"
21 Dec 2007 19:30:58 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
20 Dec 2007 12:10:02 436 A.... "C:\WINDOWS\Tasks\User_Feed_Synchronization-{420E147D-6489-424E-B37F-15BC34EB9780}.job"
1 Dec 2007 15:18:12 624 A.... "C:\WINDOWS\Downloaded Program Files\PCPitstop.inf"
17 Dec 2007 4:12:04 3,285,504 A.... "C:\WINDOWS\Installer\7e1c5.msi"
18 Dec 2007 21:15:28 1,480,704 A.... "C:\WINDOWS\Installer\8080a.msi"
11 Nov 2007 18:09:06 3,558,912 A.... "C:\WINDOWS\Installer\147dd75.msi"
5 Nov 2007 3:55:00 36,864 A.... "C:\WINDOWS\$NtUninstallKB933729$\reg00001"
24 Oct 2007 8:40:10 821,856 A.... "C:\WINDOWS\system32\drivers\avg7core.sys"
21 Dec 2007 8:39:28 10,760 A.... "C:\WINDOWS\system32\drivers\avgclean.sys"
14 Dec 2007 13:51:46 102,664 A.... "C:\WINDOWS\system32\drivers\tmcomm.sys"
13 Nov 2007 11:25:54 20,480 ..... "C:\WINDOWS\system32\drivers\secdrv.sys"
29 Oct 2007 23:43:04 1,287,680 ..... "C:\WINDOWS\system32\dllcache\quartz.dll"
26 Oct 2007 4:34:02 8,460,288 A.... "C:\WINDOWS\system32\dllcache\shell32.dll"
27 Oct 2007 17:40:06 227,328 A.... "C:\WINDOWS\system32\dllcache\wmasf.dll"
17 Dec 2007 8:14:52 3,734 A.... "C:\WINDOWS\system32\Restore\SR-Reg.TXT"
17 Dec 2007 8:14:52 17,932 A.... "C:\WINDOWS\system32\Restore\SR-RstrLog.TXT"
17 Dec 2007 8:14:54 2,579 A.... "C:\WINDOWS\system32\Restore\SR-RP.LOG"
17 Dec 2007 8:15:06 10,640,809 A.... "C:\WINDOWS\system32\Restore\SR-ChgLog.LOG"
5 Nov 2007 3:55:18 90,112 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\xlicons.exe"
5 Nov 2007 3:55:18 2,560 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe"
5 Nov 2007 3:55:18 22,528 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe"
5 Nov 2007 3:55:18 3,584 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe"
5 Nov 2007 3:55:18 114,688 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\outicon.exe"
5 Nov 2007 3:55:18 34,304 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\misc.exe"
5 Nov 2007 3:55:18 16,384 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe"
5 Nov 2007 3:55:18 30,720 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\pptico.exe"
5 Nov 2007 3:55:18 45,056 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe"
5 Nov 2007 3:55:18 766 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\graph.ico"
5 Nov 2007 3:55:18 8,192 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe"
17 Dec 2007 4:12:04 1,038,336 A...R "C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe"
17 Dec 2007 4:12:04 171,008 A...R "C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe"
17 Dec 2007 4:12:04 8,704 A...R "C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe"
17 Dec 2007 4:12:04 178,688 A...R "C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe"
11 Nov 2007 18:09:08 295,606 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\SC_Reader.exe"
11 Nov 2007 18:09:08 25,214 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\RMFFile_8.ico"
11 Nov 2007 18:09:08 295,606 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\FDFFile_8.ico"
11 Nov 2007 18:09:08 295,606 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\XDPFile_8.ico"
11 Nov 2007 18:09:08 295,606 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\PDXFile_8.ico"
11 Nov 2007 18:09:08 295,606 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\PDFFile_8.ico"
11 Nov 2007 18:09:08 295,606 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\SecStoreFile.ico"
11 Nov 2007 18:09:08 295,606 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\APIFile_8.ico"
21 Dec 2007 20:00:56 220 A.... "C:\WINDOWS\erdnt\dss\README.txt"
21 Dec 2007 20:00:56 28,672 A.... "C:\WINDOWS\erdnt\dss\sam"
21 Dec 2007 20:01:52 28,876,800 A.... "C:\WINDOWS\erdnt\dss\software"
21 Dec 2007 20:01:56 5,382,144 A.... "C:\WINDOWS\erdnt\dss\system"
21 Dec 2007 20:01:56 339,968 A.... "C:\WINDOWS\erdnt\dss\default"
5 Nov 2007 3:51:48 370 A.... "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.txt"
5 Nov 2007 3:52:08 13,320 A.... "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.inf"
5 Nov 2007 3:55:00 348 A.... "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.txt"
5 Nov 2007 3:55:02 13,240 A.... "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.inf"
12 Dec 2007 7:39:50 400 A.... "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.txt"
12 Dec 2007 7:39:56 14,125 A.... "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.inf"
17 Dec 2007 1:39:34 272 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.txt"
17 Dec 2007 1:39:44 12,697 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.inf"
17 Dec 2007 1:39:46 312 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.txt"
17 Dec 2007 1:39:48 12,954 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.inf"
17 Dec 2007 1:39:54 270 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.txt"
17 Dec 2007 1:39:54 13,741 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.inf"
17 Dec 2007 3:04:18 301 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.txt"
17 Dec 2007 3:04:30 12,384 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.inf"
27 Oct 2007 16:39:46 371,424 ..... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll"
27 Oct 2007 16:39:36 213,216 ..... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
17 Dec 2007 9:11:00 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
30 Oct 2007 14:05:02 11,990 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB943460.cat"
13 Nov 2007 18:48:04 10,876 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB944653.cat"
30 Oct 2007 0:03:44 11,284 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB941568.cat"
14 Nov 2007 11:21:30 11,284 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB942763.cat"
27 Oct 2007 17:16:40 12,090 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB941569.cat"
4 Nov 2007 19:50:42 33,479 A.... "C:\WINDOWS\system32\Macromed\Flash\install.log"
4 Nov 2007 19:50:42 45,218 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe"
4 Dec 2007 2:55:54 15,802,849 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071204-015539-00.hdmp"
17 Dec 2007 0:43:08 7,639,052 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071216-234258-00.hdmp"
17 Dec 2007 11:51:46 10,787,608 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071217-105134-00.hdmp"
18 Dec 2007 13:16:16 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071218-121615-00.mdmp"
18 Dec 2007 13:16:30 12,856,473 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071218-121615-00.hdmp"
18 Dec 2007 21:07:26 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071218-200725-00.mdmp"
18 Dec 2007 21:07:36 12,197,908 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071218-200725-00.hdmp"
18 Dec 2007 21:17:44 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071218-201743-00.mdmp"
18 Dec 2007 21:17:56 8,036,388 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071218-201743-00.hdmp"
19 Dec 2007 0:51:22 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071218-235121-00.mdmp"
19 Dec 2007 0:51:30 8,422,916 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071218-235121-00.hdmp"
19 Dec 2007 3:08:36 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071219-020834-00.mdmp"
19 Dec 2007 3:08:46 12,311,104 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071219-020834-00.hdmp"
19 Dec 2007 13:30:26 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071219-123025-00.mdmp"
19 Dec 2007 13:30:36 8,083,320 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071219-123025-00.hdmp"
19 Dec 2007 19:47:36 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071219-184735-00.mdmp"
19 Dec 2007 19:47:46 7,938,068 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071219-184735-00.hdmp"
19 Dec 2007 23:37:10 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071219-223709-00.mdmp"
19 Dec 2007 23:37:20 8,251,388 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071219-223709-00.hdmp"
21 Dec 2007 12:28:16 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071221-112814-00.mdmp"
21 Dec 2007 12:28:24 15,707,105 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071221-112814-00.hdmp"
21 Dec 2007 19:31:20 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071221-183118-00.mdmp"
21 Dec 2007 19:31:30 10,220,075 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071221-183118-00.hdmp"
20 Dec 2007 22:53:44 460 A.... "C:\WINDOWS\erdnt\subs\F3M\ERDNT.INF"
20 Dec 2007 22:53:44 673 A.... "C:\WINDOWS\erdnt\subs\F3M\ERDNT.CON"
20 Dec 2007 22:53:34 65,536 A.... "C:\WINDOWS\erdnt\subs\F3M\SECURITY"
20 Dec 2007 22:53:42 30,347,264 A.... "C:\WINDOWS\erdnt\subs\F3M\SOFTWARE"
20 Dec 2007 22:53:44 7,323,648 A.... "C:\WINDOWS\erdnt\subs\F3M\SYSTEM"
20 Dec 2007 22:53:44 339,968 A.... "C:\WINDOWS\erdnt\subs\F3M\DEFAULT"
20 Dec 2007 22:53:44 28,672 A.... "C:\WINDOWS\erdnt\subs\F3M\SAM"
13 Nov 2007 18:44:06 21,487 ..... "C:\WINDOWS\$hf_mig$\KB944653\update\update_SP2QFE.inf"
13 Nov 2007 18:48:04 10,876 ..... "C:\WINDOWS\$hf_mig$\KB944653\update\KB944653.CAT"
13 Nov 2007 18:53:58 188 ..... "C:\WINDOWS\$hf_mig$\KB944653\update\update.ver"
13 Nov 2007 18:33:56 496 ..... "C:\WINDOWS\$hf_mig$\KB944653\update\updatebr.inf"
13 Nov 2007 18:33:56 705 ..... "C:\WINDOWS\$hf_mig$\KB944653\update\branches.inf"
13 Nov 2007 9:47:46 20,480 ..... "C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys"
29 Oct 2007 23:58:32 21,705 ..... "C:\WINDOWS\$hf_mig$\KB941568\update\update_SP2QFE.inf"
30 Oct 2007 0:03:44 11,284 ..... "C:\WINDOWS\$hf_mig$\KB941568\update\KB941568.CAT"
30 Oct 2007 4:43:08 204 ..... "C:\WINDOWS\$hf_mig$\KB941568\update\update.ver"
29 Oct 2007 23:46:56 496 ..... "C:\WINDOWS\$hf_mig$\KB941568\update\updatebr.inf"
29 Oct 2007 23:46:56 705 ..... "C:\WINDOWS\$hf_mig$\KB941568\update\branches.inf"
29 Oct 2007 23:35:14 1,287,680 ..... "C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll"
14 Nov 2007 11:14:22 52,007 ..... "C:\WINDOWS\$hf_mig$\KB942763\update\update_SP2QFE.inf"
14 Nov 2007 11:21:30 11,284 ..... "C:\WINDOWS\$hf_mig$\KB942763\update\KB942763.CAT"
14 Nov 2007 11:26:34 204 ..... "C:\WINDOWS\$hf_mig$\KB942763\update\update.ver"
30 Oct 2007 8:39:18 496 ..... "C:\WINDOWS\$hf_mig$\KB942763\update\updatebr.inf"
14 Nov 2007 10:57:28 705 ..... "C:\WINDOWS\$hf_mig$\KB942763\update\branches.inf"
13 Nov 2007 12:02:46 60,416 ..... "C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe"


C:\Program Files\

22 Oct 2007 16:45:44 115,960 A.... "C:\Program Files\ICQ6\IcqUpdater.exe"
22 Oct 2007 16:45:42 177,400 A.... "C:\Program Files\ICQ6\ICQ.exe"
22 Oct 2007 16:45:42 14,072 A.... "C:\Program Files\ICQ6\ICQLRun.exe"
22 Oct 2007 16:43:44 86,016 A.... "C:\Program Files\ICQ6\MBContainer.dll"
22 Oct 2007 16:37:02 2,211,840 A.... "C:\Program Files\ICQ6\MCore.dll"
22 Oct 2007 16:34:20 118,784 A.... "C:\Program Files\ICQ6\MCoreLib.dll"
22 Oct 2007 16:43:08 106,496 A.... "C:\Program Files\ICQ6\MCrashReport.dll"
22 Oct 2007 16:27:46 221,184 A.... "C:\Program Files\ICQ6\MDb.dll"
22 Oct 2007 16:28:00 49,152 A.... "C:\Program Files\ICQ6\MDevHelpers.dll"
22 Oct 2007 16:38:30 520,192 A.... "C:\Program Files\ICQ6\MISB.dll"
22 Oct 2007 16:28:34 233,472 A.... "C:\Program Files\ICQ6\MKernel.dll"
22 Oct 2007 16:34:02 77,312 A.... "C:\Program Files\ICQ6\MReport.dll"
22 Oct 2007 16:41:20 2,691,072 A.... "C:\Program Files\ICQ6\MUICore.dll"
22 Oct 2007 16:37:54 622,592 A.... "C:\Program Files\ICQ6\MUICoreLib.dll"
22 Oct 2007 16:42:50 913,408 A.... "C:\Program Files\ICQ6\MUIMessage.dll"
22 Oct 2007 16:34:46 389,120 A.... "C:\Program Files\ICQ6\MUIUtils.dll"
22 Oct 2007 16:27:32 282,624 A.... "C:\Program Files\ICQ6\MUtils.dll"
17 Dec 2007 5:55:22 2,175 A.... "C:\Program Files\RogueRemover FREE\unins000.dat"
17 Dec 2007 5:54:50 691,481 A.... "C:\Program Files\RogueRemover FREE\unins000.exe"
11 Dec 2007 21:02:58 278,208 A.... "C:\Program Files\RogueRemover FREE\RogueRemover.exe"
11 Dec 2007 21:02:58 40,640 A.... "C:\Program Files\RogueRemover FREE\RogueRemover.dll"
11 Dec 2007 21:03:00 57,536 A.... "C:\Program Files\RogueRemover FREE\zlib.dll"
11 Dec 2007 21:02:06 79,490 A.... "C:\Program Files\RogueRemover FREE\rules.dat"
17 Dec 2007 5:55:28 0 A.... "C:\Program Files\RogueRemover FREE\Excludes.dat"
11 Dec 2007 14:52:02 5 A.... "C:\Program Files\UseNeXT\port.dat"
11 Dec 2007 14:56:14 1,618 A.... "C:\Program Files\UseNeXT\config.dat"
11 Dec 2007 14:56:14 11 A.... "C:\Program Files\UseNeXT\downloadqueue.dat"
11 Dec 2007 14:56:14 10,998 A.... "C:\Program Files\UseNeXT\subscribed.dat"
11 Dec 2007 14:56:14 11 A.... "C:\Program Files\UseNeXT\wizard.dat"
11 Dec 2007 14:56:14 4,329 A.... "C:\Program Files\UseNeXT\articlestatus.dat"
4 Nov 2007 5:26:58 48,445 A.... "C:\Program Files\BlogPost\uninst.exe"
4 Nov 2007 5:27:40 58 A.... "C:\Program Files\BlogPost\test.dat"
4 Nov 2007 5:34:08 0 A.... "C:\Program Files\BlogPost\blogs.dat"
4 Nov 2007 5:34:20 256 A.... "C:\Program Files\BlogPost\settingcontext.dat"
4 Nov 2007 5:40:16 59,137 A.... "C:\Program Files\Qumana3\uninstall.exe"
2 Dec 2007 21:51:10 200,829 A.... "C:\Program Files\Mozilla Firefox\freebl3.dll"
2 Dec 2007 21:51:12 456,296 A.... "C:\Program Files\Mozilla Firefox\js3250.dll"
2 Dec 2007 21:50:58 13,952 A.... "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"
2 Dec 2007 21:51:12 161,392 A.... "C:\Program Files\Mozilla Firefox\nspr4.dll"
2 Dec 2007 21:51:12 378,472 A.... "C:\Program Files\Mozilla Firefox\nss3.dll"
2 Dec 2007 21:51:12 271,984 A.... "C:\Program Files\Mozilla Firefox\nssckbi.dll"
2 Dec 2007 21:51:12 34,424 A.... "C:\Program Files\Mozilla Firefox\plc4.dll"
2 Dec 2007 21:51:12 30,320 A.... "C:\Program Files\Mozilla Firefox\plds4.dll"
2 Dec 2007 21:51:16 112,232 A.... "C:\Program Files\Mozilla Firefox\smime3.dll"
2 Dec 2007 21:51:16 254,060 A.... "C:\Program Files\Mozilla Firefox\softokn3.dll"
2 Dec 2007 21:51:16 132,712 A.... "C:\Program Files\Mozilla Firefox\ssl3.dll"
2 Dec 2007 21:51:16 13,416 A.... "C:\Program Files\Mozilla Firefox\xpcom.dll"
2 Dec 2007 21:51:16 73,848 A.... "C:\Program Files\Mozilla Firefox\xpcom_compat.dll"
2 Dec 2007 21:51:16 422,000 A.... "C:\Program Files\Mozilla Firefox\xpcom_core.dll"
2 Dec 2007 21:51:16 12,400 A.... "C:\Program Files\Mozilla Firefox\xpistub.dll"
2 Dec 2007 21:51:10 7,650,416 A.... "C:\Program Files\Mozilla Firefox\firefox.exe"
2 Dec 2007 21:51:16 132,232 A.... "C:\Program Files\Mozilla Firefox\updater.exe"
2 Dec 2007 21:51:16 73,336 A.... "C:\Program Files\Mozilla Firefox\xpicleanup.exe"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll"
29 Oct 2007 13:27:04 587,096 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
29 Oct 2007 12:21:08 1,914,224 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\ProcessWatch.exe"
31 Oct 2007 15:32:06 2,250,104 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe"
31 Oct 2007 15:18:06 2,336,080 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe"
29 Oct 2007 12:21:06 2,123,128 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\HostFileEditor.exe"
29 Oct 2007 13:58:28 1,586,528 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\AAWLic.exe"
21 Dec 2007 8:38:58 620,032 A.... "C:\Program Files\Grisoft\AVG Free\avgupd.dll"
24 Oct 2007 8:40:14 615,936 A.... "C:\Program Files\Grisoft\AVG Free\avgcore.dll"
21 Dec 2007 8:37:52 905,728 A.... "C:\Program Files\Grisoft\AVG Free\avgctrl.dll"
21 Dec 2007 8:37:56 467,456 A.... "C:\Program Files\Grisoft\AVG Free\avgset.dll"
21 Dec 2007 8:37:48 435,712 A.... "C:\Program Files\Grisoft\AVG Free\avgabout.dll"
22 Nov 2007 10:05:08 303,104 A.... "C:\Program Files\Grisoft\AVG Free\avgresf.dll"
21 Dec 2007 8:37:48 579,072 A.... "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
21 Dec 2007 8:37:50 582,656 A.... "C:\Program Files\Grisoft\AVG Free\avgcckrn.dll"
21 Dec 2007 8:37:52 572,928 A.... "C:\Program Files\Grisoft\AVG Free\avgcfg.dll"
21 Dec 2007 8:37:54 406,528 A.... "C:\Program Files\Grisoft\AVG Free\avgemc.exe"
21 Dec 2007 8:37:54 416,768 A.... "C:\Program Files\Grisoft\AVG Free\avgemsui.dll"
21 Dec 2007 8:37:56 510,976 A.... "C:\Program Files\Grisoft\AVG Free\avginet.exe"
21 Dec 2007 8:37:58 604,160 A.... "C:\Program Files\Grisoft\AVG Free\avgtest.dll"
21 Dec 2007 8:38:00 328,192 A.... "C:\Program Files\Grisoft\AVG Free\avgwb.dat"
21 Dec 2007 8:38:00 124,928 A.... "C:\Program Files\Grisoft\AVG Free\avgxch32.dll"
21 Dec 2007 8:38:00 731,020 A.... "C:\Program Files\Grisoft\AVG Free\setup.dat"
21 Dec 2007 8:38:04 2,007,552 A.... "C:\Program Files\Grisoft\AVG Free\setup.exe"
24 Oct 2007 8:40:16 418,816 A.... "C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"
24 Oct 2007 8:40:20 131,072 A.... "C:\Program Files\Grisoft\AVG Free\avginet.dll"
24 Oct 2007 8:40:20 1,282,560 A.... "C:\Program Files\Grisoft\AVG Free\avgres.dll"
24 Oct 2007 8:40:20 392,704 A.... "C:\Program Files\Grisoft\AVG Free\avgscan.dll"
24 Oct 2007 8:40:22 411,648 A.... "C:\Program Files\Grisoft\AVG Free\avgtmgr.dll"
24 Oct 2007 8:40:22 245,248 A.... "C:\Program Files\Grisoft\AVG Free\avgtres.dll"
24 Oct 2007 8:40:22 389,632 A.... "C:\Program Files\Grisoft\AVG Free\avgvv.exe"
24 Oct 2007 8:40:22 219,136 A.... "C:\Program Files\Grisoft\AVG Free\avgw.exe"
24 Oct 2007 8:40:24 49,257 A.... "C:\Program Files\Grisoft\AVG Free\dfncfg.dat"
24 Oct 2007 8:40:24 49,215 A.... "C:\Program Files\Grisoft\AVG Free\dfncfgfr.dat"
17 Dec 2007 2:26:44 18,658 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\heuristic.dat"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\QuickTime\Plugins\npqtplugin.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\QuickTime\Plugins\npqtplugin2.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\QuickTime\Plugins\npqtplugin3.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\QuickTime\Plugins\npqtplugin4.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\QuickTime\Plugins\npqtplugin5.dll"
16 Dec 2007 23:09:02 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
16 Dec 2007 23:09:02 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\whitenoiz.exe"
31 Oct 2007 20:00:28 118,189 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.dialer.zip"
7 Nov 2007 20:00:32 149,060 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.hijackers.zip"
7 Nov 2007 20:00:42 327,300 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.malware.zip"
24 Oct 2007 20:00:46 102,905 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.pups.zip"
7 Nov 2007 20:00:50 152,758 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.spybots.zip"
28 Nov 2007 20:00:58 304,574 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.trojans.zip"
5 Dec 2007 20:01:18 890,919 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip"
21 Dec 2007 19:41:04 72 A.... "C:\Program Files\Yahoo!\Messenger\ystats_B.dat"
17 Nov 2007 1:47:54 45,394 A.... "C:\Program Files\RssReader\HTML\http_3a_2f_2flatinapornstars.pornlivenews.com_2frss_2f.htm"
11 Dec 2007 20:31:14 26,205 A.... "C:\Program Files\RssReader\HTML\http_3a_2f_2fgayfirsttimers.xlogz.com_2ffeed_2f.htm"
17 Nov 2007 2:56:36 2,019 A.... "C:\Program Files\RssReader\HTML\item.htm"
2 Dec 2007 21:51:16 450,936 A.... "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
2 Dec 2007 21:51:12 22,664 A.... "C:\Program Files\Mozilla Firefox\plugins\npnul32.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll"
14 Dec 2007 15:13:18 148,648 A.... "C:\Program Files\Mozilla Firefox\components\compreg.dat"
14 Dec 2007 15:13:16 96,340 A.... "C:\Program Files\Mozilla Firefox\components\xpti.dat"
2 Dec 2007 21:51:02 67,696 A.... "C:\Program Files\Mozilla Firefox\components\jar50.dll"
2 Dec 2007 21:51:02 54,376 A.... "C:\Program Files\Mozilla Firefox\components\jsd3250.dll"
2 Dec 2007 21:51:02 34,952 A.... "C:\Program Files\Mozilla Firefox\components\myspell.dll"
2 Dec 2007 21:51:06 46,720 A.... "C:\Program Files\Mozilla Firefox\components\spellchk.dll"
2 Dec 2007 21:51:06 172,144 A.... "C:\Program Files\Mozilla Firefox\components\xpinstal.dll"
2 Dec 2007 21:51:14 117 A.... "C:\Program Files\Mozilla Firefox\res\hiddenWindow.html"
17 Dec 2007 2:24:52 2,291 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3229.dat"
17 Dec 2007 2:24:52 3,402 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3230.dat"
17 Dec 2007 2:24:52 2,205 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3231.dat"
17 Dec 2007 2:24:54 2,981 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3232.dat"
17 Dec 2007 2:24:54 2,800 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3233.dat"
17 Dec 2007 2:24:54 2,037 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3234.dat"
17 Dec 2007 2:24:54 2,040 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3235.dat"
17 Dec 2007 2:24:56 1,719 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3236.dat"
17 Dec 2007 2:24:56 3,391 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3237.dat"
17 Dec 2007 2:24:56 376 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3238.dat"
17 Dec 2007 2:24:58 14,703 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3239.dat"
17 Dec 2007 2:24:58 16,969 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3240.dat"
17 Dec 2007 2:24:58 2,394 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3241.dat"
17 Dec 2007 2:25:00 1,901 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3242.dat"
17 Dec 2007 2:25:00 1,746 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3243.dat"
17 Dec 2007 2:25:00 1,449 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3244.dat"
17 Dec 2007 2:25:02 5,157 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3245.dat"
17 Dec 2007 2:25:02 3,044 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3246.dat"
17 Dec 2007 2:25:02 3,023 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3247.dat"
17 Dec 2007 2:25:02 134 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3248.dat"
17 Dec 2007 2:25:02 3,235 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3249.dat"
17 Dec 2007 2:25:04 3,937 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3250.dat"
17 Dec 2007 2:25:04 3,736 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3251.dat"
17 Dec 2007 2:25:06 3,976 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3252.dat"
17 Dec 2007 2:25:06 22,639 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3253.dat"
17 Dec 2007 2:25:08 3,250 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3254.dat"
17 Dec 2007 2:25:08 3,427 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3255.dat"
17 Dec 2007 2:25:10 4,132 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3256.dat"
17 Dec 2007 2:25:12 4,328 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3257.dat"
17 Dec 2007 2:25:16 2,666 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3258.dat"
17 Dec 2007 2:25:16 3,093 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3259.dat"
17 Dec 2007 2:25:16 2,371 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3260.dat"
17 Dec 2007 2:25:16 2,725 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3261.dat"
17 Dec 2007 2:25:18 2,055 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3262.dat"
17 Dec 2007 2:25:18 2,432 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3263.dat"
17 Dec 2007 2:25:18 2,573 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3264.dat"
17 Dec 2007 2:25:18 1,866 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3265.dat"
17 Dec 2007 2:25:18 2,320 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3266.dat"
17 Dec 2007 2:25:20 1,995 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3267.dat"
17 Dec 2007 2:25:20 2,190 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3268.dat"
17 Dec 2007 2:25:22 2,700 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3269.dat"
17 Dec 2007 2:25:22 2,377 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3270.dat"
17 Dec 2007 2:25:22 2,515 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3271.dat"
17 Dec 2007 2:25:24 2,064 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3272.dat"
17 Dec 2007 2:25:24 2,245 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3273.dat"
17 Dec 2007 2:25:26 31,081 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3274.dat"
17 Dec 2007 2:25:28 26,365 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3275.dat"
17 Dec 2007 2:25:30 35,143 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3276.dat"
17 Dec 2007 2:25:32 30,763 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3277.dat"
17 Dec 2007 2:25:34 138 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3278.dat"
17 Dec 2007 2:25:36 26,633 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3279.dat"
17 Dec 2007 2:25:38 26,311 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3280.dat"
17 Dec 2007 2:25:40 27,912 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3281.dat"
17 Dec 2007 2:25:40 4,146 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3282.dat"
17 Dec 2007 2:25:40 4,058 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3283.dat"
17 Dec 2007 2:25:42 3,880 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3284.dat"
17 Dec 2007 2:25:42 4,092 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3285.dat"
17 Dec 2007 2:25:44 3,281 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3286.dat"
17 Dec 2007 2:25:46 3,322 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3287.dat"
17 Dec 2007 2:25:46 77 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3288.dat"
17 Dec 2007 2:25:46 4,252 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3289.dat"
17 Dec 2007 2:25:46 4,308 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3290.dat"
17 Dec 2007 2:25:48 5,830 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3291.dat"
17 Dec 2007 2:25:48 4,734 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3292.dat"
17 Dec 2007 2:25:50 5,067 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3293.dat"
17 Dec 2007 2:25:50 4,195 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3294.dat"
17 Dec 2007 2:25:52 4,722 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3295.dat"
17 Dec 2007 2:25:52 4,078 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3296.dat"
17 Dec 2007 2:25:54 7,978 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3297.dat"
17 Dec 2007 2:25:54 7,216 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3298.dat"
17 Dec 2007 2:25:56 7,250 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3299.dat"
17 Dec 2007 2:25:56 6,750 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3300.dat"
17 Dec 2007 2:25:56 87 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3301.dat"
17 Dec 2007 2:25:56 3,749 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3302.dat"
17 Dec 2007 2:25:58 6,787 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3303.dat"
17 Dec 2007 2:25:58 6,267 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3304.dat"
17 Dec 2007 2:26:02 48,698 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3305.dat"
17 Dec 2007 2:26:04 43,441 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3306.dat"
17 Dec 2007 2:26:04 157 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3307.dat"
17 Dec 2007 2:26:08 36,397 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3308.dat"
17 Dec 2007 2:26:08 78 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3309.dat"
17 Dec 2007 2:26:12 38,639 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3310.dat"
17 Dec 2007 2:26:14 39,403 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3311.dat"
17 Dec 2007 2:26:20 42,473 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3312.dat"
17 Dec 2007 2:26:36 46,849 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3313.dat"
17 Dec 2007 2:26:36 5,659 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3314.dat"
17 Dec 2007 2:26:38 2,343 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3315.dat"
17 Dec 2007 2:26:38 4,890 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3316.dat"
17 Dec 2007 2:26:40 5,367 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3317.dat"
17 Dec 2007 2:26:40 222 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3318.dat"
17 Dec 2007 2:26:42 4,639 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3319.dat"
17 Dec 2007 2:26:42 4,295 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3320.dat"
17 Dec 2007 2:26:44 4,779 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3321.dat"
7 Nov 2007 23:21:18 450,560 A.... "C:\Program Files\Real\RealOne Player\plugins\MPAMedia.dll"
29 Oct 2007 14:47:40 2,584 A.... "C:\Program Files\Yahoo!\Messenger\cache\P9TXOowxEy759UKpY.zViw--.Display.dat"
14 Dec 2007 19:40:30 0 A.... "C:\Program Files\Yahoo!\Messenger\cache\h47TkaFRjmsVohAjsd4J9Q--.ProfileMap.dat.tmp"
21 Dec 2007 19:41:00 0 A.... "C:\Program Files\Yahoo!\Messenger\cache\P9TXOowxEy759UKpY.zViw--.ProfileMap.dat"
2 Dec 2007 21:51:06 7,166 A.... "C:\Program Files\Mozilla Firefox\defaults\profile\bookmarks.html"
11 Nov 2007 18:09:06 304,784 A.... "C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A81100000003}\Setup.exe"
22 Oct 2007 16:37:20 81,920 A.... "C:\Program Files\ICQ6\services\icqApp\ver1\MNativeObjectService.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Netscape\Communicator\Program\Plugins\npqtplugin.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Netscape\Communicator\Program\Plugins\npqtplugin2.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Netscape\Communicator\Program\Plugins\npqtplugin3.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Netscape\Communicator\Program\Plugins\npqtplugin4.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Netscape\Communicator\Program\Plugins\npqtplugin5.dll"
2 Dec 2007 21:51:08 99,840 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\BrandRes.dll"
2 Dec 2007 21:51:08 156,544 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\fullsoft.dll"
2 Dec 2007 21:51:08 14,456 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll"
2 Dec 2007 21:51:08 407,040 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe"


Files with hidden attributes:

Thu 13 Oct 2005 422,400 A.SHR --- "C:\WINDOWS\x2.64.exe"
Fri 13 May 2005 217,073 A.SHR --- "C:\WINDOWS\meta4.exe"
Mon 24 Oct 2005 66,560 A.SHR --- "C:\WINDOWS\MOTA113.exe"
Sun 26 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"
Tue 21 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"
Fri 7 Oct 2005 308,224 A.SHR --- "C:\WINDOWS\system32\avisynth.dll"
Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\i420vfw.dll"
Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\yv12vfw.dll"
Mon 28 Feb 2005 240,128 A.SHR --- "C:\WINDOWS\system32\x.264.exe"
Thu 14 Jul 2005 27,648 A.SHR --- "C:\WINDOWS\system32\AVSredirect.dll"
Thu 27 Apr 2006 2,945,024 A.SHR --- "C:\WINDOWS\system32\Smab.dll"
Wed 27 Oct 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 15 May 2003 43,008 A..H. --- "C:\System Volume Information\_restore{B1AF6306-70F0-4416-91D0-2A49F3B95B86}\RP972\A0222270.exe"
Fri 5 Oct 2007 24,576 ...H. --- "C:\Documents and Settings\Olivia\My Documents\Erotic Writings\~WRL3672.tmp"
Fri 5 Oct 2007 24,576 ...H. --- "C:\Documents and Settings\Olivia\My Documents\Erotic Writings\~WRL0822.tmp"
Sun 23 Apr 2006 20 A..H. --- "C:\Documents and Settings\sylvie veale\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 27 Oct 2004 4,348 ...H. --- "C:\Documents and Settings\sylvie veale\My Documents\My Music\License Backup\drmv1key.bak"
Wed 27 Oct 2004 400 A.SH. --- "C:\Documents and Settings\sylvie veale\My Documents\My Music\License Backup\drmv2key.bak"
Fri 12 Mar 2004 38,400 ...H. --- "C:\Documents and Settings\sylvie veale\My Documents\Medieum Development Group stuff\My Pic-responses to\~WRL2566.tmp"
Sat 24 Jun 2006 0 A..H. --- "C:\Documents and Settings\sylvie veale\Local Settings\Application Data\Google\Google Desktop\e9b7ab4d6fff\Slideshow\people.tribe.net~cea2d1a1-8749-4fc6-a0a9-1d378f9a190a~blog~rss\BIT429.tmp"


Catchme:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 20:15:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0



Program Folders:

C:\Program Files\

Acro Software
Adobe
Advanced Diary
Afreet
Airbear Software
AirNav Systems
allglyphs-ssaver
AllMyFavorites
AnfyTeam
aod
ArcSoft
A-Simple-Diary-files
ATnotes
attachments
avatars
AviSynth 2.5
Awasu
BlogCollector Lite
BlogPost
Blurty
BOS
byLight
Canon
CoffeeCup Software
Common Files
ComPlus Applications
Conexant
ConWare
CueCard
CyberLink
Diary
DIFX
DivX
DivXCodec
Easy Thumbnails
EPSON
EPSON Print CD
eQdigital
e-quit-diary
eRightSoft
ewido anti-malware
Extensis
FeedReader30
FileZilla Client
Fisher
Flickr Uploadr
Flight Explorer
Flock
FLVPlayer
FolderCons
FreshDevices
FreshGames
Funkitron
GameHouse
Google
Grammar Slammer Trial
Grisoft
HarrysFilters
Hello
Help
Hexacto Games
HighMAT CD Writing Wizard
HistoryKill
ICQ6
ICQToolbar
iDailyDiary
IEimage
IncrediMail
Infogrames
InstallShield Installation Information
interfac
Internet Explorer
IrfanView
iWin.com
Jasc Software Inc
Java
JavaSoft
JungleDisk
Justdo Software
Lavasoft
LEAD Technologies, Inc
LinKtoLinK 2
LinKtoLinK Pro
Lithic
LIUtilities
LiveJournal
LJ.NET
LogAnalyser
Macromedia
Memotoo.com plugin for I.E
Messenger
Metty
Micro DVD Player(2)
Microsoft ActiveSync
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft Office Outlook Connector
Microsoft Picture It! 9
Microsoft Reader
Microsoft Visual Studio
MMSSTV
Mouse Driver
Movie Maker
Mozilla ActiveX Control v1.7.12
Mozilla Firefox
Mozilla Thunderbird
MSN
MSN Gaming Zone
MSN Messenger
MSPress
My Notes Center
My Notes CenterSpelling
Napster
NetDrive
NETGUI
NetMeeting
Netropa
Netscape
NewSoft
NoAdware
Nvidia Corporation
OfficeSpeller
Online Services
Opera
Outlook Express
Packages
PC-HFDL
Photoshop
Pink Flamingo Publications eBook Reader
Pinnacle
Plaxo
Plugins
PNAV
PocketFMS
POSFIX
PowerArchiver
PSP Thumbnail Handler
PWRSMND1
Qualcomm
QuickTime
Qumana3
Rancon
Real
Registry Mechanic
RogueRemover FREE
RoughDraft
ROUTE66
RssReader
Rune Generator
ScanSoft
SDP
Sebran
SelinguaColumns
Semagic
Siber Systems
SlDB
Slide
Smileys
Softnik Technologies
Softwin
Sources
Spybot - Search & Destroy
StartSpanish35
STOPzilla!
Sunbelt Software
SuperBladePro
Themes
thriXXX
ToniArts
TreePadLite
Trend Micro
Trymedia
Ulead Systems
Ultimate Webshots Converter
Uninstall Information
Unipong
UseNeXT
vcom
VIA Technologies, INC
Virtual Magnifying Glass
Visicom Media
w.bloggar
Webaroo
Website Builder
Wide Angle Software
WinAce
Windows Journal Viewer
Windows Media Connect
Windows Media Player
Windows NT
WindowsMetafileFix
WindowsUpdate
WinHTTrack
WinRAR
WinZip
WON
WordWax
WordWeb
WPanorama
X2line
xerox
Xilokit
XoftSpy
Yahoo!
Zero G Registry

C:\Program Files\Common Files\

Adobe
Bcgsoft
Designer
EPSON
Fellowes
Fugawi
InstallShield
Java
Justdo
L&H
Macromedia
Microsoft Shared
MSSoap
ODBC
Real
Scanner
ScanSoft Shared
Services
Softwin
SpeechEngines
STOPzilla!
SWF Studio
Symantec Shared
System
Wise Installation Wizard
xing shared


Add/Remove Programs:

AceHTML 5 Freeware
AceHTML 5 Pro
Adobe Flash Player Plugin
Adobe Shockwave Player
Advanced Diary v1.3
AirNav Suite
AllMyFavorites
ArcSoft Camera Suite
AVG Free Edition
AVG Anti-Spyware 7.5
Blog Post Builder 0.41
Website Builder 7.0.1
Blurty (remove only)
CoffeeCup Direct FTP 5.2 Shareware
CoffeeCup HTML Editor
CoffeeCup HTML Editor 2006
CSAPI (MS Office) spelling plugin for My Notes Center
Diary Book
DivX Codec
Easy Thumbnails (Remove only)
EPSON Printer Software
ESPR220 User's Guide
ewido anti-malware
FileZilla Client 3.0.1
Flickr Uploadr 2.1
FLV Player 1.3.3
GMail Drive Shell Extension
Good Keywords v2.01.100107
Google Desktop
Google Pack Screensaver
Google Updater
Google Video Player
Harry's Filters 3
HijackThis 2.0.2
iDailyDiary 3.20
Internet Explorer 7 Beta 2
IEimage
EPSON Attach To Email
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Microsoft Data Access Components KB870669
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Security Update for Windows XP (KB883939)
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Hotfix for Windows XP (KB896344)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Update for Windows XP (KB896727)
Security Update for Step By Step Interactive Training (KB898458)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB915865)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917159)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921503)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928255)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931784)
Update for Windows XP (KB931836)
Security Update for CAPICOM (KB931906)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows Media Player 10 (KB936782)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' RogueRemover
Memotoo.com plugin for I.E. v1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Office Spell Checker
Microsoft Interactive Training
MoreKeys 1.2
Mouse Driver Mouse Driver 3.5
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (2.0.0.11)
MSN
NetDrive
Netscape Communicator 4.79
NVIDIA Windows 2000/XP Display Drivers
NVIDIA Display Driver
Microsoft Picture It! Library 9
Microsoft Picture It! Express 9
Plugin Commander Light
Qumana
RealPlayer
Registry Mechanic
USB Storage Adapter FX (SM1)
Spanish Whiz 6.6
Spybot - Search & Destroy 1.3
StartSpanish 3.5
StartSpanish 3.6
Tweak UI
Virtual Magnifying Glass 2.00
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
WinAce Archiver
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows WMF Metafile Vulnerability HotFix 1.4
Windows XP Service Pack 2
WinHTTrack Website Copier 3.40-2
WordWax (remove only)
Xenofex 1.0
Nic's XviD Decoder
Yahoo! Anti-Spy
Yahoo! Toolbar
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v6
Yahoo! Toolbar
Yahoo! Install Manager
MSN Encarta Plus Support Files
Office Keyboard
Adsense Status
Macromedia Dreamweaver 8
Security Update for CAPICOM (KB931906)
Disc API
Canon CanoScan Toolbox 4.5
Yahoo! Photos Print-at-Home Tool
EPSON Easy Photo Print
Google Earth
PSP Thumbnail Handler
EPSON Attach To Email
Google Talk (remove only)
ArcSoft PhotoStudio 5.5
Google Toolbar for Internet Explorer
AirNav ACARS Decoder 2
EPSON Scan Assistant
Cypress USB Mass Storage Driver Installation
Java(TM) 6 Update 3
Microsoft Windows Journal Viewer
DIGReqEx
Google Desktop Plugin - Del.icio.us
Macromedia Extension Manager
Windows Live Messenger
ICQ6
Microsoft Office Outlook Connector
Windows Genuine Advantage v1.3.0254.0
ArcSoft VideoImpression 2
PowerDVD
Photobucket Uploader
Webaroo
Microsoft .NET Framework 2.0
Quivic
OmniPage SE 2.0
Software Update for Web Folders
Opera 9.0
EPSON Web-To-Page
Jasc Paint Shop Pro 8
Flash Catcher
Microsoft Office XP Media Content
Microsoft Office XP Standard for Students and Teachers
Spanish Whiz Full Version
QuickTime
KONICA_MINOLTA DiMAGE remote camera driver
Microsoft Picture It! Library 9
LJ.NET
Adobe Reader 8.1.1
Microsoft Reader
Jasc Paint Shop Photo Album
PIF DESIGNER
Manual CanoScan 3200,3200F
Microsoft .NET Framework 1.1
Google Notebook Extension for IE
WinZip 11.1
Pinnacle InstantCD/DVD Suite
w.bloggar 4.00
Microsoft Picture It! Express 9
Ad-Aware 2007
WinBackup
Windows Live Sign-in Assistant
Windows Media Connect
Realtek AC'97 Audio
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
EPSON Print CD


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"IW_ControlCenter"="C:\\Program Files\\Pinnacle\\InstantCDDVD\\InstantWrite\\iwctrl.exe"
"MULTIMEDIA KEYBOARD"="C:\\Program Files\\Netropa\\Multimedia Keyboard\\MMKeybd.exe"
"LWBMOUSE"="C:\\Program Files\\Mouse Driver\\Mouse Driver\\3.5\\MOUSE32A.EXE"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"UserFaultCheck"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,64,00,75,00,6d,00,70,00,72,00,65,00,70,00,20,00,30,00,20,00,2d,00,75,00,\
00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"PowerArchiver Tray"="C:\\Program Files\\PowerArchiver\\PASTARTER.EXE"


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Internet Connection Sharing
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\STOPzilla!;C:\Program Files\QuickTime\QTSystem
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0


Non-Default IFEO Debugger:


Non-Default Installed Components:


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{c59d0937-29a1-4290-81be-948afee47797}
StubPath REG_SZ RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
<NO NAME> REG_SZ Browser Customizations
Version REG_SZ 6,0,2800,1106


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}
<NO NAME> REG_SZ Fax
Version REG_SZ 5.1
StubPath REG_SZ rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
<NO NAME> REG_SZ Fax Provider
Version REG_SZ 5.1
StubPath REG_SZ


Non-Default Safeboot Minimal:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\avg anti-spyware driver
<NO NAME> REG_SZ Driver


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\avg anti-spyware guard
<NO NAME> REG_SZ Service


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="C:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE -requestPending -osint -url \"%1\""

[HKEY_CLASSES_ROOT\https\shell\open\command]
@="C:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE -requestPending -osint -url \"%1\""

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!

HJ this;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:42, on 21/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetDrive\wdService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://msnia.login.live.com/ppsecure/s ... rf?lc=2057
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IW_ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra button: My bookmarks Memotoo.com - {5DB85338-3621-4a55-BAF1-B657765CCCAA} - Shdocvw.dll (file missing)
O9 - Extra 'Tools' menuitem: My bookmarks Memotoo.com - {5DB85338-3621-4a55-BAF1-B657765CCCAA} - Shdocvw.dll (file missing)
O9 - Extra button: AllMyFavorites - {634D3B6D-B1FE-4538-8A09-FCE198C547E4} - C:\Program Files\AllMyFavorites\MyFavIE.dll
O9 - Extra 'Tools' menuitem: AllMyFavorites - {634D3B6D-B1FE-4538-8A09-FCE198C547E4} - C:\Program Files\AllMyFavorites\MyFavIE.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

--
End of file - 10167 bytes

Hope some or all of this helps

Thanks again

whitenoiz

Addition:

Hi, while we were online AVG popped up with a 'threat found' message. This is it:

AVG Detailed Complete Test (22.12.2007 - beginning 00.04am):

File Result/Infection Path
Boot Sector of Disc Change C:
shell32.dll Change C:\WINDOWS\System32\shell32.dll
39AF80EAd01 Virus identified Exploit C:\Documents and Settings\Olivia\Local Settings\Application Data\Mozilla Firefox\Profiles\6crfy655.default\Cache\39AF80EAd01
BB69C0EAd01 Virus identified Exploit C:\Documents and Settings\Olivia\Local Settings\Application Data\Mozilla Firefox\Profiles\6crfy655.default\Cache\BB69C0EBdo1

AVG has now finished scanning and has moved the infection to the Virus Vault.

As a result of this, we thought it best to do another HJ scan. The result is posted below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:36:00, on 22/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetDrive\wdService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://msnia.login.live.com/ppsecure/s ... rf?lc=2057
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IW_ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra button: My bookmarks Memotoo.com - {5DB85338-3621-4a55-BAF1-B657765CCCAA} - Shdocvw.dll (file missing)
O9 - Extra 'Tools' menuitem: My bookmarks Memotoo.com - {5DB85338-3621-4a55-BAF1-B657765CCCAA} - Shdocvw.dll (file missing)
O9 - Extra button: AllMyFavorites - {634D3B6D-B1FE-4538-8A09-FCE198C547E4} - C:\Program Files\AllMyFavorites\MyFavIE.dll
O9 - Extra 'Tools' menuitem: AllMyFavorites - {634D3B6D-B1FE-4538-8A09-FCE198C547E4} - C:\Program Files\AllMyFavorites\MyFavIE.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

--
End of file - 10088 bytes

I Don't know if that helps, but I thought it best to post this anyway.

Thanks again

whitenoiz
whitenoiz
Regular Member
 
Posts: 18
Joined: December 18th, 2007, 12:40 pm

Re: Possible Malware infestation?

Unread postby curlylad » December 28th, 2007, 11:25 am

whitenoiz

Just to let you know, I haven't forgotten about this thread, I am currently reviewing the information and hope to have a reply for you soon.

Thanks for being patient :)
User avatar
curlylad
Retired Graduate
 
Posts: 1829
Joined: February 5th, 2006, 5:07 pm
Location: Birmingham

Re: Possible Malware infestation?

Unread postby whitenoiz » December 28th, 2007, 3:47 pm

Curlylad, Hi, Thanks for keeping us informed. Hope you had a good Christmas.
Further update on current situation...
Sttill no access to System Restore via any route BUT, System speed for the most part is pretty well back to normal. Also, Internet Adsl speed also back to normal most of the time. We have a WiFi router for our ADSL and its just possible that someone in the village may be piggybacking us despite the password protection on the router. (We use a hard wired connection between the router and the computer, we keep the wifi link for my laptop but thats a different story... one we neednt get into 'cos the laptop is broken and wont switch on...)
Situation returned to near normal about 24/48 hours after our last contact with you with no further action on our part to bring this about.
Still intrigued by being unable to access System restore or My Computer Properties though.
If you have any brilliant ideas about this then please let us know! In the meantime we will soldier on and not make any changes unless you advise.
Thanks again for all your help, and if we dont hear from you in the meantime have a Happy New Year
Thanks
whitenoiz
whitenoiz
Regular Member
 
Posts: 18
Joined: December 18th, 2007, 12:40 pm

Re: Possible Malware infestation?

Unread postby curlylad » December 31st, 2007, 5:24 pm

Good Evening whitenoiz

Again I apologise for the delay in the reply.
I had to ask advice on a few things which took longer than I anticipated.

The fact that you still cannot access system restore is more puzzling at the moment than worrying, I would like you to go through the following suggestions to see if either will allow you to gain access.

First of all make sure that you have or are using a user profile with Administrator privileges, then follow like so,

There are three methods that you can use to access System Restore functionality.

• You can access the System Restore Wizard through the Start menu. To access the System Restore Wizard, click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.

• You can access System Restore through Control Panel. To open the System Restore Wizard, click Start, click Control Panel, and then click Performance and Maintenance. Under See Also, click System Restore.

• You can access System Restore through Help and Support Center. To access the System Restore Wizard, click Start, and then click Help and Support. Click Performance and Maintenance, click Using System Restore to undo changes, and then click Run the System Restore Wizard.

Try those suggestions and then let me know if any of them are successful.


Next there are a few folders and files that need removing, please follow the instruction below to do so.
  • Open My Computer
  • Double click C Drive
  • Locate the Folder New Folder, right click it and select Delete
  • Double click the Folder Program Files,
  • Locate the Folder DivXCodec, right click it and select Delete
  • Locate the Folder Incredimail, right click it and select Delete
  • Locate the Folder Smileys, right click it and select Delete
  • Double click the Folder Common Files
  • Locate the Folder Symantec Shared, right click it and select Delete

    Click the back button until you reach the C Drive
  • Double click the Folder WINDOWS
  • Locate the File unvise32.exe, right click it and select Delete.

NOTE - If you receive an error message, right click the folder/file, choose Properties and check if the Read only attribute box is checked.If it is uncheck it and try the procedure again.


When you've done that post back here with a fresh HijackThis Log and let me know if you were able to access system restore by using any of the methods I outlined above.
User avatar
curlylad
Retired Graduate
 
Posts: 1829
Joined: February 5th, 2006, 5:07 pm
Location: Birmingham

Re: Possible Malware infestation?

Unread postby whitenoiz » January 1st, 2008, 6:54 am

Hi, Curlylad, Happy New Year.

Did all the things you suggested; taking them in order;
System Restore still unavailable/inaccesible, still getting same error message.
Clicking on System gives same error message.

Deleted suggested files EXCEPT 'unvise32.exe'; cant find this file.

Hers the latest hj log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:15, on 01/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetDrive\wdService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://msnia.login.live.com/ppsecure/s ... rf?lc=2057
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IW_ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra button: My bookmarks Memotoo.com - {5DB85338-3621-4a55-BAF1-B657765CCCAA} - Shdocvw.dll (file missing)
O9 - Extra 'Tools' menuitem: My bookmarks Memotoo.com - {5DB85338-3621-4a55-BAF1-B657765CCCAA} - Shdocvw.dll (file missing)
O9 - Extra button: AllMyFavorites - {634D3B6D-B1FE-4538-8A09-FCE198C547E4} - C:\Program Files\AllMyFavorites\MyFavIE.dll
O9 - Extra 'Tools' menuitem: AllMyFavorites - {634D3B6D-B1FE-4538-8A09-FCE198C547E4} - C:\Program Files\AllMyFavorites\MyFavIE.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

--
End of file - 10174 bytes
Hope this helps.
Thanks again
whitenoiz
whitenoiz
Regular Member
 
Posts: 18
Joined: December 18th, 2007, 12:40 pm

Re: Possible Malware infestation?

Unread postby curlylad » January 1st, 2008, 7:49 am

Good Morning whitenoiz

Happy new year to you as well :)

Just a little more info I need, I know that we have been over this but I would like you to post back to me the exact error message that you get when trying to access the system restore function.
User avatar
curlylad
Retired Graduate
 
Posts: 1829
Joined: February 5th, 2006, 5:07 pm
Location: Birmingham

Re: Possible Malware infestation?

Unread postby whitenoiz » January 1st, 2008, 9:50 am

Curlylad,

OK

Here we go..

From Control Panel > Performance and Maintenance > System...10 second pause then a new window opens entitled 'Run A DLL as an App'

'Run a DLL as an App has encountered a problem and needs to close'
For more information about this error click here...

Clicking on the highlighted Click Here button opens a new window again
entitled 'Run a DLL as an App' the text of the error message reads;

'Error Signature;

Event Type: BEX P1:rundll32exe P2:5.1.2600.2180 P3:41107dbc
P4:smstr.dll P5:5.1.2600.2180 P6:4119751 P7:0001ca8c
P8:c0000409 P9:00000000

To view technical information about the error report click here'

Clicking on the highlighted click here button opens a new window entitled 'Error report contents'
which reads
'The following files will be included in this error report

C:\DOCUME~1\WHITEN~1\Temp\WER148d.dir00\rundll32exe.mdmp
C:\DOCUME~1zWHITEN~1|Temp\WER148d.dir00\appcompat.txt

(Note that the \WER*****.dir00\ value changes each time
this is no doubt some kind of serial number for the report...)

The basic Error mesage is always the same no matter which way I try to access System Restore or System Properties...

Back to you, Sir... and thanks again
whitenoiz
whitenoiz
Regular Member
 
Posts: 18
Joined: December 18th, 2007, 12:40 pm

Re: Possible Malware infestation?

Unread postby curlylad » January 2nd, 2008, 12:08 pm

Good Afternoon whitenoiz

OK, we'll see if reinstalling system restore solves this little issue.
Please continue as follows:-
  • Go to Start >Run - type Inf <Press Enter>
  • In the ensuing Window, locate this file - sr.inf
  • Right click on it & select Install
# # If the Files Needed dialog box appears, click Browse and point to the C:\Windows\ServicePackFiles\i386 folder.

You may need to reboot before it takes effect.

Let me know how that went.
User avatar
curlylad
Retired Graduate
 
Posts: 1829
Joined: February 5th, 2006, 5:07 pm
Location: Birmingham

Re: Possible Malware infestation?

Unread postby whitenoiz » January 2nd, 2008, 2:50 pm

Curlylad, Good Afternoon,
Did all that you suggested but still no System Restore and still getting same Error Message.

It appears to me that we are rapidly approaching the point at which we have to reinstall Windows; regretably this is not an option!
Windows XP was pre-installed on the machine and Service Pack 2 was downloaded from M'soft.

We have a Reload CD that reinstalls the 'fresh out of the box' condition but we cannot afford to lose all of the stored data on the C drive that occurs when the Reload disc is used.
Also of course there is the question of then downloading SP2 and all of the security updates...

Backing up all of the data files will probably take forever and would involve the purchase of another hard drive to store all of the information. We cannot afford to do this at the moment.

If this looks to be the case then I guess that for the time being we are just going to have to live without System Restore...

Of course if you have any other suggestions ot thoughts on the matter we would welcome them.

I think our System is clear of all of the nasties that brought about the problem in the first place; system speed and ADSL speeds appear to be back to Normal.

Look forward to hearing from you.

Thanks again

whitenoiz
whitenoiz
Regular Member
 
Posts: 18
Joined: December 18th, 2007, 12:40 pm

Re: Possible Malware infestation?

Unread postby curlylad » January 2nd, 2008, 5:44 pm

Ok, lets try this idea:-

Click Start | Control Panel | Administrative Tools | Services.
Right-click System Restore Service and click Properties.
From the Startup Type drop-down, select Disabled.
Click OK.
Close the Services and Administrative Tools windows.
Right-click My Computer, click Properties, and click the System Restore tab. The System Restore tab should now display properly; however, the System Restore service will be disabled.
Enable System Restore and click Apply.
Note: All previous restore points will be removed.

Let me know how you go !
User avatar
curlylad
Retired Graduate
 
Posts: 1829
Joined: February 5th, 2006, 5:07 pm
Location: Birmingham

Re: Possible Malware infestation?

Unread postby whitenoiz » January 3rd, 2008, 6:11 am

Curlylad, Hi, Good Morning...
OK did all of that...set Sytem restore to Disabled etc..
Went to My Computer > Properties 10 second pause then got same Error Message as previously!
Also tried to ste System Restore to Start from Services and got a different Error Message... 'Error 1067 The Process terminated unexpectedly'.
I have set System Restore back to Automatic via Service>System Restore>Properties.
Back to the drawing board Im afraid...
Thanks
whitenoiz
Edit;
I think this System Restore problem is just a symptom of something else; When I try to open System from the Classic View of Control Panel, I get the same Error Message; right click on System gives only two Options, Open or make shortcut.
Right clicking My Computer>Properties also gives same Error Message.
whitenoiz
Regular Member
 
Posts: 18
Joined: December 18th, 2007, 12:40 pm

Re: Possible Malware infestation?

Unread postby curlylad » January 3rd, 2008, 2:53 pm

Good Evening whitenoiz

This system restore just doesn't want to play ball does it :roll:
We'll have one more try and then we'l have to re-think a fresh approach.

Please now try this:-
  • Click Start, click Run
  • In the Open: dialog box copy and paste the following

    C:\Windows\System32\restore\rstrui.exe
  • Click Ok.

Now post back and let me know what happened, let's also have a fresh HijackThis Log please.
User avatar
curlylad
Retired Graduate
 
Posts: 1829
Joined: February 5th, 2006, 5:07 pm
Location: Birmingham

Re: Possible Malware infestation?

Unread postby whitenoiz » January 4th, 2008, 8:14 am

Curlylad, Hi,
Diod as you suggested, got same error message...
Heres the new HJ log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:09, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetDrive\wdService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://msnia.login.live.com/ppsecure/s ... rf?lc=2057
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IW_ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra button: My bookmarks Memotoo.com - {5DB85338-3621-4a55-BAF1-B657765CCCAA} - Shdocvw.dll (file missing)
O9 - Extra 'Tools' menuitem: My bookmarks Memotoo.com - {5DB85338-3621-4a55-BAF1-B657765CCCAA} - Shdocvw.dll (file missing)
O9 - Extra button: AllMyFavorites - {634D3B6D-B1FE-4538-8A09-FCE198C547E4} - C:\Program Files\AllMyFavorites\MyFavIE.dll
O9 - Extra 'Tools' menuitem: AllMyFavorites - {634D3B6D-B1FE-4538-8A09-FCE198C547E4} - C:\Program Files\AllMyFavorites\MyFavIE.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

--
End of file - 10174 bytes
Hope this helps...
Thanks
whitenoiz
whitenoiz
Regular Member
 
Posts: 18
Joined: December 18th, 2007, 12:40 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware