spyware..spyware... help please hjt - Cyber Tech Help Support Forums

	Advanced Search

Welcome to Omgili,
Omgili (Oh My God I Love It ;) is a search engine for discussions. With Omgili you can find answers and solutions, debates, discussions, personal experiences, opinions and more... To learn more about Omgili click here.

This is a complete preview of the discussion as it was indexed by Omgili crawlers. Use this preview if the original discussion is unavailable.
Click here to view the original discussion.


	spyware..spyware... help please hjt - Cyber Tech Help Support Forums Keep getting spyware main page keeps changing computer freezes in need of help please hjt log .2 Scan saved at 19:14:48, on 29/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\lxcecoms.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Sky Broadband R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A1056498-D09A-41E4-864B-505EDD640D9E} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file) O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtim e.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Big%20Cit...es/stg_drm.ocx O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://edownload.grisoft.cz/ewidoOnlineScan.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Fish%20Ty.../armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Regis...18/flashax.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: avast! IAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 11071 bytes


	Welcome to CTH, hank1966 !! We need to get a comprehensive report of what is present in your system. Please download Random's System Information Tool (RSIT) Save it to the Desktop Double click on RSIT.exe to run the program Click Continue at the disclaimer screen Once the tool finishes, two logs open. Log.txt is maximized , and Info.txt is minimized. (The logs are also contained in C:\rsit) ~~~~ Please provide the RSIT : Log.txt and Info.txt reports in your reply. You may need to do consecutive posts (one after the other) right in this thread, if the logs are too long.


	Log dom/random) Run by hank at 2009-03-29 20:29:28 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 88 GB (59%) free of 149 GB Total RAM: 446 MB (36% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:29:58, on 29/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\lxcecoms.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\hank\Desktop\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\hank.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Sky Broadband R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A1056498-D09A-41E4-864B-505EDD640D9E} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file) O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtim e.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Big%20Cit...es/stg_drm.ocx O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://edownload.grisoft.cz/ewidoOnlineScan.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Fish%20Ty.../armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Regis...18/flashax.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: avast! IAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 11073 bytes Scheduled tasks folder C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as hank at 16 30.job C:\WINDOWS\tasks\RegCure Program Check.job C:\WINDOWS\tasks\RegCure.job C:\WINDOWS\tasks\RegTool Scan.job =


	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-08 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-08 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-23 251504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] "VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-08-18 90112] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-08 136600] "LXCECATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtim e.dll,_RunDLLEntry@16 [] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-10-07 155648] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.e xe [2009-02-05 81000] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648] "ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-04-10 1107848] [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2008-08-17 68856] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] C:\Program Files\Lexmark P910 Series\ezprint.exe [2004-08-25 61440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbymon.exe] C:\Program Files\Lexmark P910 Series\lxbymon.exe [2004-08-20 188416] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2005-10-07 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe [2004-10-11 589824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= [] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer] "HonorAutoRunSetting"= "NoSetActiveDesktop"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\lxbycoms.exe"="C:\WINDOWS\sys tem32\lxbycoms.exe: isabled:P910 Series Server" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\BitDownload\BitDownload.exe"="C:\Program Files\BitDownload\BitDownload.exe::Enabled:Warez3 " "C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:* isabled:Football Manager 2008" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "C:\Program Files\BitLord2\BitLord.exe"="C:\Program Files\BitLord2\BitLord.exe::Enabled:Bitlord2" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:* isabled:LimeWire" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:* isabled:Yaho o! FT Server" "C:\Program Files\Free Download Manager\fdm.exe"="C:\Program Files\Free Download Manager\fdm.exe::Enabled:Free Download Manager" "C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe::Enabled:Football Manager 2009" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Pro gram Files\Yahoo!\Messenger\YahooMessenger.exe::Enable d:Yahoo! Messenger" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe::Enabled:BitComet - a BitTorrent Client" "C:\Program Files\Bit Lord 1.1\BitLord.exe"="C:\Program Files\Bit Lord 1.1\BitLord.exe::Enabled:BitLord" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE::Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE::Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE::Enabled:Microsoft Office OneNote" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" =


	3-03 14:28:59 ----D---- C:\Documents and Settings\hank\Application Data\PlayFirst 2009-03-02 22:29:18 ----A---- C:\WINDOWS\Nick Chase A Detective Story Uninstall Log.txt List of files/folders modified in the last 1 months 2009-03-29 20:27:53 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-03-29 20:27:52 ----D---- C:\WINDOWS\Temp 2009-03-29 20:10:39 ----D---- C:\Program Files\Lx_cats 2009-03-29 20:07:00 ----D---- C:\WINDOWS\system32\drivers 2009-03-29 19:08:02 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-03-29 19:08:00 ----D---- C:\WINDOWS\system32\CatRoot2 2009-03-29 17:14:05 ----D---- C:\WINDOWS\system32 2009-03-29 17:14:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-03-27 18:11:23 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-03-27 12:45:56 ----D---- C:\Program Files\Common Files 2009-03-27 11:23:40 ----HD---- C:\WINDOWS\inf 2009-03-27 11:22:29 ----D---- C:\WINDOWS 2009-03-27 11:22:10 ----SHD---- C:\WINDOWS\Installer 2009-03-27 11:22:08 ----RD---- C:\Program Files 2009-03-27 11:22:08 ----HD---- C:\Config.Msi 2009-03-27 11:22:01 ----SD---- C:\WINDOWS\Tasks 2009-03-26 21:11:54 ----SD---- C:\Documents and Settings\hank\Application Data\Microsoft 2009-03-26 21:09:50 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-03-26 21:08:40 ----D---- C:\WINDOWS\system32\CatRoot 2009-03-26 21:08:15 ----D---- C:\Program Files\ToggleEN 2009-03-26 21:06:35 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-03-25 16:02:14 ----D---- C:\Documents and Settings\hank\Application Data\Samsung 2009-03-25 15:44:31 ----HD---- C:\Program Files\InstallShield Installation Information 2009-03-25 15:43:09 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers 2009-03-25 15:41:46 ----D---- C:\Program Files\Samsung 2009-03-25 14:33:08 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! 2009-03-24 23:54:39 ----D---- C:\WINDOWS\Debug 2009-03-24 20:23:12 ----A---- C:\WINDOWS\wininit.ini 2009-03-24 19:06:51 ----D---- C:\Program Files\PcBugDoctor 2009-03-24 10:54:37 ----D---- C:\Program Files\Windows Media Connect 2009-03-23 12:01:52 ----D---- C:\Program Files\Registry Mechanic 2009-03-23 11:14:34 ----D---- C:\Program Files\Mozilla ActiveX Control v1.7.12 2009-03-21 19:22:48 ----D---- C:\WINDOWS\Prefetch 2009-03-20 23:27:51 ----D---- C:\Program Files\uTorrent 2009-03-20 22:52:52 ----D---- C:\downloads 2009-03-20 18:51:14 ----D---- C:\Documents and Settings\All Users\Application Data\MumboJumbo 2009-03-20 13:07:23 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-03-19 18:18:03 ----A---- C:\WINDOWS\ntbtlog.txt 2009-03-15 18:28:55 ----D---- C:\Program Files\Fish Tycoon 2009-03-12 22:53:33 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst 2009-03-12 11:24:22 ----D---- C:\Program Files\VideoLAN 2009-03-10 19:00:55 ----RDC---- C:\WINDOWS\system32\dllcache 2009-03-10 19:00:48 ----D---- C:\WINDOWS\WinSxS 2009-03-10 18:12:15 ----HD---- C:\WINDOWS\$hf_mig$ 2009-03-09 22:13:19 ----D---- C:\WINDOWS\system32\wbem 2009-03-09 16:25:13 ----RSD---- C:\WINDOWS\assembly 2009-03-09 16:23:17 ----A---- C:\WINDOWS\win.ini 2009-03-07 23:54:31 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-07 22:13:54 ----D---- C:\WINDOWS\ShellNew 2009-03-07 22:12:54 ----D---- C:\Program Files\Microsoft Office 2009-03-07 22:12:42 ----RSD---- C:\WINDOWS\Fonts 2009-03-07 22:12:02 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-03-07 22:10:09 ----D---- C:\Program Files\Common Files\System 2009-03-07 22:09:12 ----D---- C:\WINDOWS\Media 2009-03-07 22:00:33 ----D---- C:\WINDOWS\system32\config 2009-03-07 19:11:28 ----A---- C:\WINDOWS\SYSTEM.INI 2009-03-06 15:37:49 ----D---- C:\WINDOWS\system32\Macromed 2009-03-06 12:33:51 ----D---- C:\Documents and Settings\hank\Application Data\Mozilla 2009-03-04 21:17:16 ----A---- C:\WINDOWS\ODBC.INI 2009-03-03 16:59:41 ----D---- C:\WINDOWS\Downloaded Installations 2009-03-03 16:16:08 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2009-03-03 14:00:12 ----HD---- C:\$AVG8.VAULT$ 2009-03-01 21:07:00 ----D---- C:\Program Files\Google List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376] R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2005-10-16 12928] R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952] R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-03-25 5632] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-20 3644800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152] R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-03-18 42496] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-11-02 229720] R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2004-11-02 653960] R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-11-02 13216] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-03-08 172544] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] S3 arjso8a1;arjso8a1; C:\WINDOWS\system32\drivers\arjso8a1.sys [] S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591] S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-11-02 1396048] S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-10-10 9216] S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-10-10 12800] S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-10-10 138240] S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-10-10 12800] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408] S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-11-02 100176] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704] S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) R2 aswUpdSv;avast! IAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-08 152984] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096] R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-04-10 337800] R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-04-17 1017224] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920] R3 lxce_device;lxce_device; C:\WINDOWS\system32\lxcecoms.exe [2005-07-06 471040] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2005-09-23 66240] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-23 137200] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 lxby_device;lxby_device; C:\WINDOWS\system32\lxbycoms.exe [2004-08-19 450560] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] EOF


	Info log Computer Name: YOUR-ADF783B345 Event Code: 7026 Message: The following boot-start or system-start driver(s) failed to load: d347bus Record Number: 1358 Source Name: Service Control Manager Time Written: 20090312162156. +000 Event Type: error User: Application event log Computer Name: YOUR-ADF783B345 Event Code: 11706 Message: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue. Record Number: 699 Source Name: MsiInstaller Time Written: 20081017134737. +060 Event Type: error User: YOUR-ADF783B345\hank Computer Name: YOUR-ADF783B345 Event Code: 1001 Message: Detection of product '{ 409-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}' Record Number: 698 Source Name: MsiInstaller Time Written: 20081017134520. +060 Event Type: warning User: YOUR-ADF783B345\hank Computer Name: YOUR-ADF783B345 Event Code: 1001 Message: Detection of product '{ 409-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}' Record Number: 694 Source Name: MsiInstaller Time Written: 20081017131257. +060 Event Type: warning User: YOUR-ADF783B345\hank Computer Name: YOUR-ADF783B345 Event Code: 11706 Message: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue. Record Number: 692 Source Name: MsiInstaller Time Written: 20081017131257. +060 Event Type: error User: YOUR-ADF783B345\hank Computer Name: YOUR-ADF783B345 Event Code: 1001 Message: Detection of product '{ 409-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}' Record Number: 691 Source Name: MsiInstaller Time Written: 20081017131247. +060 Event Type: warning User: YOUR-ADF783B345\hank Security event log Computer Name: YOUR-ADF783B345 Event Code: 850 Message: A port was listed as an exception when the Windows Firewall started. Policy origin: Local Policy Profile used: Standard Interface: All interfaces Name: NetBIOS Session Service Port number: 139 Protocol: TCP State: Disabled Scope: Local subnet only Record Number: 36959 Source Name: Security Time Written: 20090324092017. +000 Event Type: audit success User: NT AUTHORITY\SYSTEM Computer Name: YOUR-ADF783B345 Event Code: 850 Message: A port was listed as an exception when the Windows Firewall started. Policy origin: Local Policy Profile used: Standard Interface: All interfaces Name: NetBIOS Datagram Service Port number: 138 Protocol: UDP State: Disabled Scope: Local subnet only Record Number: 36958 Source Name: Security Time Written: 20090324092017. +000 Event Type: audit success User: NT AUTHORITY\SYSTEM Computer Name: YOUR-ADF783B345 Event Code: 850 Message: A port was listed as an exception when the Windows Firewall started. Policy origin: Local Policy Profile used: Standard Interface: All interfaces Name: NetBIOS Name Service Port number: 137 Protocol: UDP State: Disabled Scope: Local subnet only Record Number: 36957 Source Name: Security Time Written: 20090324092017. +000 Event Type: audit success User: NT AUTHORITY\SYSTEM Computer Name: YOUR-ADF783B345 Event Code: 849 Message: An application was listed as an exception when the Windows Firewall started. Policy origin: Local Policy Profile used: Standard Name: Remote Assistance Path: %windir%\system32\sessmgr.exe State: Enabled Scope: All subnets Record Number: 36956 Source Name: Security Time Written: 20090324092017. +000 Event Type: audit success User: NT AUTHORITY\SYSTEM Computer Name: YOUR-ADF783B345 Event Code: 849 Message: An application was listed as an exception when the Windows Firewall started. Policy origin: Local Policy Profile used: Standard Name: P910 Series Server Path: C:\WINDOWS\system32\lxbycoms.exe State: Disabled Scope: All subnets Record Number: 36955 Source Name: Security Time Written: 20090324092017. +000 Event Type: audit success User: NT AUTHORITY\SYSTEM Environment variables "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%Syst emRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=0409 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip "DXSDK_DIR"=C:\Program Files\Microsoft DirectX SDK (November 2008)\ EOF


	Ws Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} Mozilla ActiveX Control v1.7.12-->C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Nokia Connectivity Cable Driver-->MsiExec.exe /X{0FF1922C-B6C4-40BB-AF30-BEF75A482444} Nokia PC Suite-->MsiExec.exe /I{1B58C9D2-1925-413F-B29A-C4E7596C43F5} PC Connectivity Solution-->MsiExec.exe /I{D8E4A66D-DB68-481F-ABA8-AC622566D4CB} PcBugDoctor 1,0,0,3-->"C:\Program Files\PcBugDoctor\unins000.exe" Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall PowerStarter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\ IDriver.exe /M{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653} /l1033 Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe" RegCure-->"C:\WINDOWS\RegCure\uninstall.exe" "/U:C:\Program Files\RegCure\Uninstall\uninstall.xml" S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display' S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2' S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2' S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay' SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUni nstall.exe Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUni nstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Unin stall.exe SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uni nstall.exe Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0009 -removeonly Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2} Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\sp uninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\ spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spunin st.exe" Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spunin st.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spunin st.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spunin st.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spunin st.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spunin st.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spunin st.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spunin st.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spunin st.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spunin st.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spunin st.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spunin st.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spunin st.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spunin st.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spunin st.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spunin st.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spunin st.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spunin st.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spunin st.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spunin st.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spunin st.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spunin st.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spunin st.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spunin st.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spunin st.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spunin st.exe" Sky Broadband-->MsiExec.exe /I{14C35072-D7D0-4B29-B5BF-C94E426D77E9} Smart Link 56K Voice Modem-->C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove Spelling Dictionaries For Adobe Reader Package-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7E8A450000A7} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG ToggleEN Toolbar-->C:\PROGRA~1\ToggleEN\UNWISE.EXE /U C:\PROGRA~1\ToggleEN\INSTALL.LOG Ultra DVD Creator 2.6.1123-->"C:\Program Files\Ultra DVD Creator\unins000.exe" UniChrome IGP Driver and Utilities-->C:\PROGRA~1\S3\S3\s3setvga.exe -s -fC:\PROGRA~1\S3\S3\S3.uns Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C} Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spunin st.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spunin st.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spunin st.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spunin st.exe" Veetle TV 0.9.14-->C:\Program Files\Veetle\UninstallVeetleTV.exe VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\I Driver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA VIA/S3G Display Driver-->C:\PROGRA~1\VIA\UChromeP\s3minset.exe /u C:\PROGRA~1\VIA\UChromeP\UChromeP.uns Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spu ninst.exe" Your Uninstaller! 2008 Version 6.2-->"C:\Program Files\Your Uninstaller 2008\unins000.exe" HijackThis Backups O1 - Hosts: 200.124.131.116 casinocontroller.com [2008-09-08] O1 - Hosts: 200.124.131.116 casinocontroller.com [2008-09-08] O1 - Hosts: 200.124.131.116 casinocontroller.com [2008-09-08] O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) [2008-09-09] O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\Images\AntiCrash.exe [2008-10-17] O4 - HKLM\..\Run: [UPAS] C:\Documents and Settings\hank\Local Settings\Temporary Internet Files\Content.IE5\FNDR8HNZ\personalantispy_ifree[1].exe [2008-10-17] O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://joinandplay.sky.com/online2/m...esLauncher.cab [2008-10-17] O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://riverbelle.microgaming.com/r...e/FlashAX2.cab [2008-10-17] O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Regis...18/flashax.cab [2008-10-17] O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://joinandplay.sky.com/online2/m...esLauncher.cab [2008-10-17] O4 - HKLM\..\Run: [UPAS] C:\Documents and Settings\hank\Local Settings\Temporary Internet Files\Content.IE5\FNDR8HNZ\personalantispy_ifree[1].exe [2008-10-17] O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\Images\AntiCrash.exe [2008-10-17] O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Regis...18/flashax.cab [2008-10-17] O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://riverbelle.microgaming.com/r...e/FlashAX2.cab [2008-10-17] Hosts File 127.0.0.1 localhost Security center information AV: avast! Antivirus 4.8.1335 [VPS 090331-0] =


	->MsiExec.exe /X{90120000-001B-0409-0000- FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} Mozilla ActiveX Control v1.7.12-->C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Nokia Connectivity Cable Driver-->MsiExec.exe /X{0FF1922C-B6C4-40BB-AF30-BEF75A482444} Nokia PC Suite-->MsiExec.exe /I{1B58C9D2-1925-413F-B29A-C4E7596C43F5} PC Connectivity Solution-->MsiExec.exe /I{D8E4A66D-DB68-481F-ABA8-AC622566D4CB} PcBugDoctor 1,0,0,3-->"C:\Program Files\PcBugDoctor\unins000.exe" Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall PowerStarter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\ IDriver.exe /M{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653} /l1033 Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe" RegCure-->"C:\WINDOWS\RegCure\uninstall.exe" "/U:C:\Program Files\RegCure\Uninstall\uninstall.xml" S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display' S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2' S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2' S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay' SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUni nstall.exe Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUni nstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Unin stall.exe SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uni nstall.exe Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0009 -removeonly Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2} Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\sp uninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\ spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spunin st.exe" Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spunin st.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spunin st.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spunin st.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spunin st.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spunin st.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spunin st.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spunin st.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spunin st.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spunin st.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spunin st.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spunin st.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spunin st.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spunin st.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spunin st.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spunin st.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spunin st.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spunin st.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spunin st.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spunin st.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spunin st.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spunin st.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spunin st.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spunin st.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spunin st.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spunin st.exe" Sky Broadband-->MsiExec.exe /I{14C35072-D7D0-4B29-B5BF-C94E426D77E9} Smart Link 56K Voice Modem-->C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove Spelling Dictionaries For Adobe Reader Package-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7E8A450000A7} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG ToggleEN Toolbar-->C:\PROGRA~1\ToggleEN\UNWISE.EXE /U C:\PROGRA~1\ToggleEN\INSTALL.LOG Ultra DVD Creator 2.6.1123-->"C:\Program Files\Ultra DVD Creator\unins000.exe" UniChrome IGP Driver and Utilities-->C:\PROGRA~1\S3\S3\s3setvga.exe -s -fC:\PROGRA~1\S3\S3\S3.uns Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C} Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spunin st.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spunin st.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spunin st.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spunin st.exe" Veetle TV 0.9.14-->C:\Program Files\Veetle\UninstallVeetleTV.exe VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\I Driver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA VIA/S3G Display Driver-->C:\PROGRA~1\VIA\UChromeP\s3minset.exe /u C:\PROGRA~1\VIA\UChromeP\UChromeP.uns Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spu ninst.exe" Your Uninstaller! 2008 Version 6.2-->"C:\Program Files\Your Uninstaller 2008\unins000.exe" HijackThis Backups O1 - Hosts: 200.124.131.116 casinocontroller.com [2008-09-08] O1 - Hosts: 200.124.131.116 casinocontroller.com [2008-09-08] O1 - Hosts: 200.124.131.116 casinocontroller.com [2008-09-08] O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) [2008-09-09] O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\Images\AntiCrash.exe [2008-10-17] O4 - HKLM\..\Run: [UPAS] C:\Documents and Settings\hank\Local Settings\Temporary Internet Files\Content.IE5\FNDR8HNZ\personalantispy_ifree[1].exe [2008-10-17] O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://joinandplay.sky.com/online2/m...esLauncher.cab [2008-10-17] O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://riverbelle.microgaming.com/r...e/FlashAX2.cab [2008-10-17] O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Regis...18/flashax.cab [2008-10-17] O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://joinandplay.sky.com/online2/m...esLauncher.cab [2008-10-17] O4 - HKLM\..\Run: [UPAS] C:\Documents and Settings\hank\Local Settings\Temporary Internet Files\Content.IE5\FNDR8HNZ\personalantispy_ifree[1].exe [2008-10-17] O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\Images\AntiCrash.exe [2008-10-17] O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Regis...18/flashax.cab [2008-10-17] O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://riverbelle.microgaming.com/r...e/FlashAX2.cab [2008-10-17] Hosts File


	Ystem information tool 1.06 2009-03-29 20:30:06 Uninstall list -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000- FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000- FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000- FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000- FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000- FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000- FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000- FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000- FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000- FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000- FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000- FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000- FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000- FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000- FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000- FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000- FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000- FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_acti veX.exe Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A7 } avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup BitLord 1.1-->C:\Program Files\Bit Lord 1.1\uninst.exe CA Pest Patrol Realtime Protection-->MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D} CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe" Elf Bowling Holiday Pack 1.00-->C:\Program Files\Games\Elf Bowling Holiday Pack\Uninstall.exe Fish Tycoon-->"C:\Program Files\Fish Tycoon\unins000.exe" Free RAR Extract Frog 1.00-->C:\Program Files\Free RAR Extract Frog\uninstall.exe Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913 CC9D1.exe" /uninstall HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spunin st.exe" Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Ladbrokes Casino-->C:\MICROG~1\Casino\LADBRO~1\UNWISE.EXE C:\MICROG~1\Casino\LADBRO~1\INSTALL.LOG Ladbrokes Casino-->C:\MicroGaming\Casino\Ladbrokes\install.exe -uninstall Lexmark 4300 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxceUN ST.EXE -NOLICENSE Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe Lexmark P910 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbyUN ST.EXE -NOLICENSE Lexmark Z600 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN 5C.EXE -dLexmark Z600 Series Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upd ates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upda tes\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Mic rosoft .NET Framework 2.0\install.exe Microsoft DirectX SDK (November 2008)-->C:\WINDOWS\dxsdkuninst.exe "C:\Program Files\Microsoft DirectX SDK (November 2008)" "Microsoft DirectX SDK (November 2008)" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationA PIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMa pping$\spuninst\spuninst.exe" Microsoft Office 2000 Premium-->MsiExec.exe /I{ 409-78E1-11D2-B60F-006097C998E7} Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000- FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000- FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000- FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000- FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000- FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000- FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000- FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000- FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000- FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000- FF1CE} Microsoft Office Project MUI (English) 2007-->MsiExec.exe /X{90120000-00B4-0409-0000- FF1CE} Microsoft Office Project Professional 2007-->MsiExec.exe /X{90120000-003B-0000-0000- FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000- FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000- FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000- FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000- FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000- FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000- FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000- FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000- FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} Mozilla ActiveX Control v1.7.12-->C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Nokia Connectivity Cable Driver-->MsiExec.exe /X{0FF1922C-B6C4-40BB-AF30-BEF75A482444} Nokia PC Suite-->MsiExec.exe /I{1B58C9D2-1925-413F-B29A-C4E7596C43F5} PC Connectivity Solution-->MsiExec.exe /I{D8E4A66D-DB68-481F-ABA8-AC622566D4CB} PcBugDoctor 1,0,0,3-->"C:\Program Files\PcBugDoctor\unins000.exe


	Please make sure you temporarily disable any security/protection applications as they may interfere with running programs needed to eradicate infections. Check the list in How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs for any programs run. Next, download ComboFix Save to the Desktop <<< Important !! Now, close all open windows Double-click combofix.exe to run the program Follow the prompts. If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted. When told that the RC is installed correctly, press YES to continue scanning for malware. ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall. CF may reboot the computer and resume running when it restarts. When finished, a log, ComboFix.txt , is produced. Please provide the contents of the ComboFix report in your reply.


	Combo log ComboFix 09-04-01.01 - hank 2009-04-01 15:22:35.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.132 [GMT 1:00] Running from: c:\documents and settings\hank\Desktop\ComboFix.exe AV: avast! Antivirus 4.8.1335 [VPS 090401-0] On-access scanning disabled (Updated) * Created a new restore point . Other Deletions . c:\windows\system32\Ultra.dll . Files Created from 2009-03-01 to 2009-04-01 . 2009-04-01 14:57 . 2009-04-01 14:57 <DIR> D c:\windows\LastGood 2009-04-01 14:57 . 2007-08-08 12:12 101,120 --a c:\windows\system32\drivers\ewusbmdm.sys 2009-04-01 14:57 . 2007-08-08 12:13 24,448 --a c:\windows\system32\drivers\ewdcsc.sys 2009-04-01 14:56 . 2009-04-01 14:56 <DIR> D c:\program files\Huawei technologies 2009-03-29 20:29 . 2009-03-29 20:30 <DIR> D C:\rsit 2009-03-26 21:11 . 2009-03-26 21:12 <DIR> D c:\documents and settings\hank\Contacts 2009-03-26 21:09 . 2009-03-26 21:16 <DIR> D c:\program files\MSN Messenger 2009-03-26 21:04 . 2009-03-26 21:04 <DIR> D c:\program files\Conduit 2009-03-26 20:56 . 2009-03-26 20:56 <DIR> D c:\documents and settings\hank\Application Data\Flood Light Games 2009-03-26 20:56 . 2009-03-26 20:56 <DIR> D c:\documents and settings\All Users\Application Data\Flood Light Games 2009-03-25 15:42 . 2007-05-02 12:11 109,704 --a c:\windows\system32\drivers\ss_mdm.sys 2009-03-25 15:42 . 2007-05-02 12:11 83,592 --a c:\windows\system32\drivers\ss_bus.sys 2009-03-25 15:42 . 2007-05-02 12:11 15,112 --a c:\windows\system32\drivers\ss_mdfl.sys 2009-03-25 15:42 . 2007-05-02 12:11 12,424 --a c:\windows\system32\drivers\ss_whnt.sys 2009-03-25 15:42 . 2007-05-02 12:11 12,424 --a c:\windows\system32\drivers\ss_wh.sys 2009-03-25 15:42 . 2007-05-02 12:11 12,424 --a c:\windows\system32\drivers\ss_cmnt.sys 2009-03-25 15:42 . 2007-05-02 12:11 12,424 --a c:\windows\system32\drivers\ss_cm.sys 2009-03-24 23:44 . 2009-03-25 18:43 33 --a c:\windows\Multimedia manager.INI 2009-03-24 23:25 . 2009-03-24 23:25 <DIR> D C:\ConvertTemp 2009-03-24 10:54 . 2009-03-24 10:54 <DIR> D C:\e21bf84073292e593f24a7 2009-03-23 21:37 . 2009-03-23 22:00 <DIR> D c:\windows\BDOSCAN8 2009-03-23 13:24 . 2009-03-25 14:38 <DIR> D c:\program files\Yahoo! 2009-03-23 11:45 . 2009-03-23 11:45 51,355 --a c:\windows\system32\muzika.xm 2009-03-23 11:37 . 2009-03-23 12:18 <DIR> D c:\program files\Spyware Doctor 2009-03-23 11:37 . 2009-03-23 11:37 <DIR> D c:\documents and settings\hank\Application Data\PC Tools 2009-03-23 11:37 . 2007-12-10 14:53 81,288 --a c:\windows\system32\drivers\iksyssec.sys 2009-03-23 11:37 . 2007-12-10 14:53 66,952 --a c:\windows\system32\drivers\iksysflt.sys 2009-03-23 11:37 . 2008-02-01 12:55 42,376 --a c:\windows\system32\drivers\ikfilesec.sys 2009-03-23 11:37 . 2007-12-10 14:53 29,576 --a c:\windows\system32\drivers\kcom.sys 2009-03-22 19:50 . 2009-03-25 18:32 <DIR> D C:\OutputFolder 2009-03-20 20:39 . 2009-03-22 20:25 <DIR> D c:\program files\Ultra DVD Creator 2009-03-20 20:39 . 2007-04-12 15:19 129,024 --a c:\windows\system32\AVERM.dll 2009-03-20 20:39 . 2006-09-26 14:57 28,672 --a c:\windows\system32\AVEQT.dll 2009-03-20 17:07 . 2009-03-20 17:07 <DIR> D c:\program files\Veetle 2009-03-20 16:05 . 2009-03-20 16:05 <DIR> D c:\documents and settings\hank\Application Data\SpinTop Games 2009-03-20 13:26 . 2009-03-24 19:47 <DIR> D c:\program files\Games 2009-03-20 13:06 . 2009-03-20 23:38 <DIR> D c:\program files\SpeedBit Video Accelerator 2009-03-20 12:58 . 2009-03-20 23:38 <DIR> D c:\program files\DAP 2009-03-20 12:58 . 2009-03-20 23:23 <DIR> D c:\documents and settings\All Users\Application Data\SpeedBit 2009-03-17 17:51 . 2009-03-17 17:51 <DIR> D c:\program files\Malwarebytes' Anti-Malware 2009-03-17 17:51 . 2009-02-11 11:19 38,496 --a c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-17 17:51 . 2009-02-11 11:19 15,504 --a c:\windows\system32\drivers\mbam.sys 2009-03-16 18:01 . 2009-03-16 18:01 69,688 --a c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-03-12 22:03 . 2009-03-12 22:03 <DIR> D c:\program files\PlayFirst 2009-03-12 11:25 . 2009-03-12 11:25 <DIR> D c:\documents and settings\conor\Application Data\vlc 2009-03-12 11:25 . 2009-03-12 11:26 <DIR> D c:\documents and settings\conor\Application Data\MozillaControl 2009-03-12 11:23 . 2009-03-12 11:24 <DIR> D c:\program files\Graboid 2009-03-09 22:24 . 2009-03-09 22:24 <DIR> D c:\windows\RegCure 2009-03-09 22:24 . 2009-03-09 22:31 <DIR> D c:\program files\RegCure 2009-03-09 21:09 . 2009-03-09 21:15 <DIR> D c:\program files\Your Uninstaller 2008 2009-03-09 20:09 . 2009-03-09 20:09 <DIR> D c:\documents and settings\hank\Application Data\Desktop Maestro 2009-03-09 18:53 . 2009-03-12 23:05 <DIR> D C:\Casino 2009-03-08 23:05 . 2009-03-09 18:43 <DIR> D c:\documents and settings\hank\Application Data\RegTool 2009-03-07 23:33 . 2009-03-09 20:45 <DIR> D C:\!KillBox 2009-03-07 22:19 . 2006-10-26 20:56 32,592 --a c:\windows\system32\msonpmon.dll 2009-03-07 22:14 . 2009-03-07 22:14 <DIR> D c:\program files\MSBuild 2009-03-07 22:05 . 2009-03-07 22:05 <DIR> D c:\program files\Microsoft Visual Studio 8 2009-03-07 22:00 . 2009-03-07 22:00 <DIR> D c:\program files\Microsoft Works 2009-03-07 21:59 . 2009-03-07 21:59 <DIR> D c:\program files\Microsoft.NET 2009-03-07 21:57 . 2009-03-15 20:20 <DIR> D c:\documents and settings\All Users\Application Data\Microsoft Help 2009-03-07 21:56 . 2009-03-07 21:56 <DIR> Dr-h C:\MSOCache 2009-03-07 14:29 . 2009-03-07 14:29 <DIR> D c:\documents and settings\conor\Application Data\SUPERAntiSpyware.com 2009-03-07 05:35 . 2009-03-07 05:35 <DIR> D c:\documents and settings\hank\Application Data\cerasus.media 2009-03-07 02:52 . 2009-03-07 21:47 <DIR> D c:\documents and settings\hank\Application Data\SUPERAntiSpyware.com 2009-03-07 02:52 . 2009-03-07 02:52 <DIR> D c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-03-06 19:08 . 2009-03-06 19:08 29,170,931 --a c:\windows\system32\xa12647656.exe 2009-03-06 19:08 . 2009-03-06 19:08 29,170,931 --a c:\windows\system32\xa12644625.exe 2009-03-06 18:53 . 2009-03-06 19:01 <DIR> D c:\program files\Bit Lord 1.1 2009-03-06 12:33 . 2009-03-06 12:33 <DIR> D c:\documents and settings\hank\Application Data\CometNetwork 2009-03-06 12:33 . 2009-03-06 12:33 0 --a c:\windows\nsreg.dat 2009-03-05 18:37 . 2009-03-05 18:37 92,849,434 --a c:\windows\system32\xa35230875.exe 2009-03-05 18:36 . 2009-03-05 18:37 92,849,434 --a c:\windows\system32\xa35217218.exe 2009-03-05 18:36 . 2009-03-05 18:36 92,849,434 --a c:\windows\system32\xa35215421.exe 2009-03-05 18:36 . 2009-03-05 18:36 92,849,434 --a c:\windows\system32\xa35194609.exe 2009-03-05 15:29 . 2009-03-05 15:29 <DIR> D c:\documents and settings\hank\Application Data\BrandX Games 2009-03-05 15:28 . 2009-03-07 14:30 <DIR> D c:\windows\CAVTemp 2009-03-04 18:29 . 2008-08-27 19:44 820,464 --a c:\windows\system32\ppctl.dll 2009-03-03 17:29 . 2009-03-03 17:29 <DIR> D c:\program files\Common Files\Scanner 2009-03-03 17:29 . 2008-08-27 19:44 250,544 --a c:\windows\system32\KeyHelp.ocx 2009-03-03 17:18 . 2009-03-07 19:15 <DIR> D c:\documents and settings\All Users\Application Data\CA 2009-03-03 15:34 . 2009-03-03 15:34 <DIR> D c:\program files\Free RAR Extract Frog 2009-03-03 15:18 . 2009-03-03 15:18 <DIR> D c:\documents and settings\conor\Application Data\Malwarebytes 2009-03-03 14:28 . 2009-03-03 14:28 <DIR> D c:\documents and settings\hank\Application Data\PlayFirst . Find3M Report )) . 2009-04-01 10:30 d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-01 09:51 d w c:\program files\Lx_cats 2009-03-30 13:10 d w c:\program files\Fish Tycoon 2009-03-26 20:08 d w c:\program files\ToggleEN 2009-03-25 15:02 d w c:\documents and settings\hank\Application Data\Samsung 2009-03-25 14:58 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys 2009-03-25 14:44 d--h--w c:\program files\InstallShield Installation Information 2009-03-25 14:41 d w c:\program files\Samsung 2009-03-25 13:33 d w c:\documents and settings\All Users\Application Data\Yahoo! 2009-03-24 18:06 d w c:\program files\PcBugDoctor 2009-03-24 09:54 d w c:\program files\Windows Media Connect 2009-03-23 10:14 d w c:\program files\Mozilla ActiveX Control v1.7.12 2009-03-20 22:27 d w c:\program files\uTorrent 2009-03-20 17:51 d w c:\documents and settings\All Users\Application Data\MumboJumbo 2009-03-20 12:07 d w c:\program files\Spybot - Search & Destroy 2009-03-12 21:53 d w c:\documents and settings\All Users\Application Data\PlayFirst 2009-03-12 10:24 d w c:\program files\VideoLAN 2009-03-07 22:54 d w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-03 15:16 d w c:\documents and settings\All Users\Application Data\avg8 2009-03-01 20:07 d w c:\program files\Google 2009-02-28 11:43 d w c:\documents and settings\conor\Application Data\PlayFirst 2009-02-28 11:42 d w c:\documents and settings\conor\Application Data\SpinTop 2009-02-22 17:32 66,037,713 ----a-w c:\windows\system32\xa28803593.exe 2009-02-22 17:32 66,037,713 ----a-w c:\windows\system32\xa28789750.exe 2009-02-22 17:31 66,037,713 ----a-w c:\windows\system32\xa28788718.exe 2009-02-22 17:31 66,037,713 ----a-w c:\windows\system32\xa28787078.exe 2009-02-21 18:45 d w c:\documents and settings\All Users\Application Data\Nick Chase A Detective Story 2009-02-16 19:25 d w c:\documents and settings\conor\Application Data\Sports Interactive 2009-02-15 13:21 52,940,225 ----a-w c:\windows\system32\xa4922078.exe 2009-02-15 13:21 52,940,225 ----a-w c:\windows\system32\xa4920546.exe 2009-02-13 14:53 d w c:\program files\Microsoft DirectX SDK (November 2008) 2009-02-13 14:48 119,120 ----a-w c:\windows\dxsdkuninst.exe 2009-02-13 14:14 d w c:\program files\Ahead 2009-02-13 14:08 d w c:\program files\DAEMON Tools Toolbar 2009-02-13 14:00 d w c:\documents and settings\hank\Application Data\Sports Interactive 2009-02-13 13:32 d w c:\program files\DAEMON Tools Lite 2009-02-13 13:05 d w c:\program files\Sports Interactive 2009-02-13 13:04 d w c:\documents and settings\hank\Application Data\DAEMON Tools Lite 2009-02-13 11:45 d w c:\program files\DIFX 2009-02-12 22:59 d w c:\documents and settings\All Users\Application Data\WinZip 2009-02-12 21:37 88,179,253 ----a-w c:\program files\D-Tools.rar 2009-02-12 21:33 d w c:\program files\D-Tools 2009-02-11 19:32 d w c:\documents and settings\hank\Application Data\URSoft 2009-02-10 16:43 d w c:\documents and settings\All Users\Application Data\Sports Interactive 2009-02-09 11:13 1,846,784 w c:\windows\system32\win32k.sys 2009-02-08 22:00 d w c:\program files\CDBurnerXP 2009-02-08 19:05 d w c:\program files\Recuva 2009-02-08 18:12 2,560 ----a-w c:\windows\_MSRSTRT.EXE 2009-02-08 18:10 d w c:\program files\Common Files\Agnitum Shared 2009-02-08 17:38 d w c:\program files\ReflexiveArcade 2009-02-08 16:31 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-08 16:31 d w c:\program files\Java 2009-02-08 00:31 d w c:\documents and settings\hank\Application Data\DAEMON Tools Pro 2009-02-08 00:31 d w c:\documents and settings\hank\Application Data\DAEMON Tools 2009-02-08 00:30 ----


	Reg Loading Points . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] 2008-11-24 00:03 1784856 --a c:\program files\ToggleEN\tbTog0.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-08-17 68856] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600] "LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X 86\3\LXCEtime.dll" [2005-07-20 73728] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-10-07 155648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. Exe" [2009-02-05 81000] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-04-10 1107848] "VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe] "SoundMan"="SOUNDMAN.EXE" [2005-08-18 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] 2004-08-25 01:16 61440 c:\program files\Lexmark P910 Series\ezprint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbymon.exe] 2004-08-20 19:31 188416 c:\program files\Lexmark P910 Series\lxbymon.exE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2005-10-07 00:10 155648 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] -r 2004-10-11 22:54 589824 c:\program files\VIA\RAID\raid_tool.exe [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\lxbycoms.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"= "c:\\Program Files\\Bit Lord 1.1\\BitLord.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 USB Modem.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "7470:TCP"= 7470:TCP:BitComet 7470 TCP "7470:UDP"= 7470:UDP:BitComet 7470 UDP R0 viaide1;viaide1;c:\windows\system32\drivers\viaide xp.sys [2005-10-07 6144] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-07 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2009-03-07 20560] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-23 337800] --- Other Services/Drivers In Memory --- Deregistered - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c3dc0736-1ec4-11de-968a-0016171e87c2}] \Shell\AutoRun\command - I:\AutoRun.exe . Contents of the 'Scheduled Tasks' folder 2009-03-04 c:\windows\Tasks\CAAntiSpywareScan_Daily as hank at 16 30.job - c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [] 2009-04-01 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2007-08-02 10:20] 2009-03-12 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2007-08-02 10:20] 2009-04-01 c:\windows\Tasks\RegTool Scan.job - c:\program files\RegTool\RegTool.exe [] 2009-04-01 c:\windows\Tasks\RegTool Scan.job - c:\program files\RegTool [] . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) . Supplementary Scan . uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://www.google.co.uk/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/* http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/* http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} TCP: {9E5D3882-88AC-4249-AAAE-A191208AECD1} = 4.2.2.3 4.2.2.4 DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://edownload.grisoft.cz/ewidoOnlineScan.cab DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab . catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-01 15:30:00 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... . LOCKED REGISTRY KEYS


	Lets see if we can get rid of any more undesirable entires However, temporarily disable security/malware protection applications as they sometimes interfere with running some of the programs needed to eradicate infections. Check the list in How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs for any programs run. ~~~~ Now, download Malwarebytes' Anti-Malware (MBAM) Save the program to the Desktop Close all Windows, including this one. (Print the instructions first) On the Desktop, double-click mbam-setup.exe to install the program, and follow the prompts If an update is found, MBAM will download and install the latest. Click OK At the main program window Make sure the following is checked: Perform Quick Scan Click: Scan (The scan may take some time to finish, so please be patient.) When the scan completes, a message box appears, click OK At the main Scanner screen: Click on: Show Results A screen displaying the malware found shows Make sure everything found is checked, and click: Remove Selected When the disinfection is complete, you may be prompted to Restart. Please do so. When MBAM finishes removing the malware, a log opens in Notepad The log is automatically saved and can be viewed by clicking the Logs tab. ~~~~ Once again, double click on RSIT.exe to run the program ~~~~ Please provide the following in your reply: The MBAM report The RSIT : Log.txt

Discussion Title: spyware..spyware... help please hjt
Title Keywords: spyware..spyware... help please Cyber Tech Help Support Forums

Omgili Home

About

FAQ

Plugins

Usenet