If you still can’t get the DSS logs posted, we can perk your computer up a bit more. I was going to get you to download and run this program anyway. I just didn’t want ot throw too much at you at once. You seem to be about caught, we might as well go forward.

Download ComboFix from Here or Here to your Desktop.

[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and the DSS log along with a new HJT
log in your next reply.

Note: Do not mouseclick combofix’s window while its running. That may cause it to stall

This scan is fairly quick, just let it finish. Don’t panic or rush yourself.

edit to add:

What issues are you having with notepad?

Oldman see attachments. Honeyk :-*ComboFix 07-11-19.3 - user 2007-11-23 16:48:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.114 [GMT 10.5:30]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe

• Created a new restore point
  .

  Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\user\Application Data\FunWebProducts
C:\Documents and Settings\user\Application Data\inst.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\ScreenSaver\Cache[u]0[/u]0B9C148.jpg
C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini
C:\Program Files\FunWebProducts\ScreenSaver\Images[u]0[/u]02FD08A.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images[u]0[/u]0B9B3BB.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images[u]0[/u]0BA5115.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images[u]0[/u]0BC392E.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images[u]0[/u]0C49F63.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135[u]0[/u]0BA5115.jpg
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135[u]0[/u]0BC392E.jpg
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135[u]0[/u]0C49F63.jpg
C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\4.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\4.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\4.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\4.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\4.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\4.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\4.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]002C7DA
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]002E0C1
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]002E9AA
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]005A09C
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]005D72D.bin
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]00645F5.bin
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]0066033.bin
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]006837B.bin
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]00B2A37
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]00CAD1E.XYw
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]00CD7E7
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]00CDFA7.bin
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]00D0753.bin
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]00D1D9A.bin
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]00D2933.bin
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]0136351.bin
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]013953E.bin
C:\Program Files\MyWebSearch\bar\Cache[u]0[/u]013A2DB.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\network monitor
C:\Program Files\outlook
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32__c0013DB0.dat
C:\WINDOWS\system32__c0014EB6.dat
C:\WINDOWS\system32__c00162D1.dat
C:\WINDOWS\system32__c0017B80.dat
C:\WINDOWS\system32__c001A09F.dat
C:\WINDOWS\system32__c001E8FA.dat
C:\WINDOWS\system32__c001F66C.dat
C:\WINDOWS\system32__c0027B18.dat
C:\WINDOWS\system32__c002A45A.dat
C:\WINDOWS\system32__c002A511.dat
C:\WINDOWS\system32__c002BC9C.dat
C:\WINDOWS\system32__c002FA59.dat
C:\WINDOWS\system32__c0033C5D.dat
C:\WINDOWS\system32__c003440F.dat
C:\WINDOWS\system32__c0036621.dat
C:\WINDOWS\system32__c0036F07.dat
C:\WINDOWS\system32__c0039FA9.dat
C:\WINDOWS\system32__c0040861.dat
C:\WINDOWS\system32__c0040ED9.dat
C:\WINDOWS\system32__c004CB45.dat
C:\WINDOWS\system32__c005349E.dat
C:\WINDOWS\system32__c0056481.dat
C:\WINDOWS\system32__c005A28.dat
C:\WINDOWS\system32__c005B19A.dat
C:\WINDOWS\system32__c005BC90.dat
C:\WINDOWS\system32__c005C1B7.dat
C:\

C:\WINDOWS\system32__c006047A.dat
C:\WINDOWS\system32__c0062168.dat
C:\WINDOWS\system32__c0063084.dat
C:\WINDOWS\system32__c006415C.dat
C:\WINDOWS\system32__c0064184.dat
C:\WINDOWS\system32__c0064A19.dat
C:\WINDOWS\system32__c006F444.dat
C:\WINDOWS\system32__c00702D4.dat
C:\WINDOWS\system32__c0071610.dat
C:\WINDOWS\system32__c0074039.dat
C:\WINDOWS\system32__c007812B.dat
C:\WINDOWS\system32__c007833A.dat
C:\WINDOWS\system32__c0078802.dat
C:\WINDOWS\system32__c007E241.dat
C:\WINDOWS\system32__c00886CF.dat
C:\WINDOWS\system32__c0088AA.dat
C:\WINDOWS\system32__c008BC8C.dat
C:\WINDOWS\system32__c008BC9A.dat
C:\WINDOWS\system32__c008C3C1.dat
C:\WINDOWS\system32__c008DA17.dat
C:\WINDOWS\system32__c008DE32.dat
C:\WINDOWS\system32__c008F42D.dat
C:\WINDOWS\system32__c0095774.dat
C:\WINDOWS\system32__c0095C3A.dat
C:\WINDOWS\system32__c009655E.dat
C:\WINDOWS\system32__c0098610.dat
C:\WINDOWS\system32__c009A1B9.dat
C:\WINDOWS\system32__c009AC5D.dat
C:\WINDOWS\system32__c009AED3.dat
C:\WINDOWS\system32__c009E419.dat
C:\WINDOWS\system32__c00A2CAC.dat
C:\WINDOWS\system32__c00A3586.dat
C:\WINDOWS\system32__c00A53EE.dat
C:\WINDOWS\system32__c00A6D76.dat
C:\WINDOWS\system32__c00A7359.dat
C:\WINDOWS\system32__c00A91BC.dat
C:\WINDOWS\system32__c00AC900.dat
C:\WINDOWS\system32__c00AF6E9.dat
C:\WINDOWS\system32__c00B0AE2.dat
C:\WINDOWS\system32__c00B3E59.dat
C:\WINDOWS\system32__c00B5900.dat
C:\WINDOWS\system32__c00C04AC.dat
C:\WINDOWS\system32__c00C94F9.dat
C:\WINDOWS\system32__c00C9B19.dat
C:\WINDOWS\system32__c00D0C91.dat
C:\WINDOWS\system32__c00D2F6A.dat
C:\WINDOWS\system32__c00D4C1A.dat
C:\WINDOWS\system32__c00DACCE.dat
C:\WINDOWS\system32__c00DB100.dat
C:\WINDOWS\system32__c00DFB31.dat
C:\WINDOWS\system32__c00E3155.dat
C:\WINDOWS\system32__c00E3354.dat
C:\WINDOWS\system32__c00E6936.dat
C:\WINDOWS\system32__c00E9531.dat
C:\WINDOWS\system32__c00EEFD9.dat
C:\WINDOWS\system32__c00F4F1E.dat
C:\WINDOWS\system32__c00F5844.dat
C:\WINDOWS\system32__c00F6F5C.dat
C:\WINDOWS\system32__c00FC1A5.dat
C:\WINDOWS\system32\akrddgak.dll
C:\WINDOWS\system32\app.exe
C:\WINDOWS\system32\arvgxvfc.dll
C:\WINDOWS\system32\asrbmvae.dll
C:\WINDOWS\system32\aucnqwob.dll
C:\WINDOWS\system32\aukkmnte.dll
C:\WINDOWS\system32\bcrsrxql.dll
C:\WINDOWS\system32\bnlaujrt.dll
C:\WINDOWS\system32\busgbgmk.dll
C:\WINDOWS\system32\ccjvxcqt.dll
C:\WINDOWS\system32\cdcruvoj.dll
C:\WINDOWS\system32\cdmiayqn.dll
C:\WINDOWS\system32\ceptjhtm.dll
C:\WINDOWS\system32\clfblsor.dll
C:\WINDOWS\system32\cooaltgt.dll
C:\WINDOWS\system32\ctpndxyj.dll
C:\WINDOWS\system32\cuqubdhw.dll
C:\WINDOWS\system32\cygnjnvr.dll
C:\WINDOWS\system32\dgoewxxa.dll
C:\WINDOWS\system32\dkcaxvco.dll
C:\WINDOWS\system32\dksqgqrd.dll
C:\WINDOWS\system32\dmtyqfan.dll
C:\WINDOWS\system32\dnedkajb.dll
C:\WINDOWS\system32\dnrbqeql.dll
C:\WINDOWS\system32\drshrykn.dll
C:\WINDOWS\system32\dtncyxbq.dll
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\edeeg.ini2
C:\WINDOWS\system32\edeeg.tmp
C:\WINDOWS\system32\ejqavcmp.dll
C:\WINDOWS\system32\ekvgbjkl.dll
C:\WINDOWS\system32\etijjawr.dll
C:\WINDOWS\system32\eucxesei.dll
C:\WINDOWS\system32\exqmifsi.dll
C:\WINDOWS\system32\exuwommr.dll
C:\WINDOWS\system32\eyiailei.dll
C:\WINDOWS\system32\fbbfiuwj.dll
C:\WINDOWS\system32\fcinhmtd.dll
C:\WINDOWS\system32\fknnfjma.dll
C:\WINDOWS\system32\fmhvjddd.dll
C:\WINDOWS\system32\ftdyeolt.exe
C:\WINDOWS\system32\g34
C:\WINDOWS\system32\gaaqxyhh.ini
C:\WINDOWS\system32\gcxjvkdb.dll
C:\WINDOWS\system32\geede.dll
C:\WINDOWS\system32\ghykpsua.dll
C:\WINDOWS\system32\gixqrvgf.dll
C:\WINDOWS\system32\gkwbmjvf.dll
C:\WINDOWS\system32\gvogdufb.dll
C:\WINDOWS\system32\hbwmuwkr.dll
C:\WINDOWS\system32\hcxnemgl.dll
C:\WINDOWS\system32\hhyxqaag.dll
C:\WINDOWS\system32\hohpiygj.dll
C:\WINDOWS\system32\hvlbpurl.dll
C:\WINDOWS\system32\iaimkwef.dll
C:\WINDOWS\system32\ihxxxpmc.dll
C:\WINDOWS\system32\intrprng.dll
C:\WINDOWS\system32\inxfmctc.dll
C:\WINDOWS\system32\iqeewekd.dll
C:\WINDOWS\system32\iqxuhart.dll
C:\WINDOWS\system32\issyqsrv.dll
C:\WINDOWS\system32\iudfmvmo.dll
C:\WINDOWS\system32\iurikdui.dll
C:\WINDOWS\system32\iwaeucwh.dll
C:\WINDOWS\system32\iwiytoxv.dll
C:\WINDOWS\system32\jiwedbvv.dll
C:\WINDOWS\system32\jmicxjqk.dll
C:\WINDOWS\system32\jusawcmg.dll
C:\WINDOWS\system32\jyrekemn.dll
C:\WINDOWS\system32\kaffrcgo.dll
C:\WINDOWS\system32\kgveoavl.dll
C:\WINDOWS\system32\kiynkjjm.dll
C:\WINDOWS\system32\krvvabee.dll
C:\WINDOWS\system32\krwfqydw.dll
C:\WINDOWS\system32\ktlfisly.dll
C:\WINDOWS\system32\kuirmmff.dll
C:\WINDOWS\system32\kyrinjdr.dll
C:\WINDOWS\system32\lwpkebcv.dll
C:\WINDOWS\system32\lwxrgkdh.dll
C:\WINDOWS\system32\lymdwdyi.dll
C:\WINDOWS\system32\mbkputod.dll
C:\WINDOWS\system32\mkchdcjl.dll
C:\WINDOWS\system32\mlxwnqbl.dll
C:\WINDOWS\system32\mvawhlur.dll
C:\WINDOWS\system32\neggrjvr.dll
C:\WINDOWS\system32\npceexlv.dll
C:\WINDOWS\system32\nqqfkfek.dll
C:\WINDOWS\system32\nqtwa.bak1

C:\WINDOWS\system32__c006047A.dat
C:\WINDOWS\system32__c0062168.dat
C:\WINDOWS\system32__c0063084.dat
C:\WINDOWS\system32__c006415C.dat
C:\WINDOWS\system32__c0064184.dat
C:\WINDOWS\system32__c0064A19.dat
C:\WINDOWS\system32__c006F444.dat
C:\WINDOWS\system32__c00702D4.dat
C:\WINDOWS\system32__c0071610.dat
C:\WINDOWS\system32__c0074039.dat
C:\WINDOWS\system32__c007812B.dat
C:\WINDOWS\system32__c007833A.dat
C:\WINDOWS\system32__c0078802.dat
C:\WINDOWS\system32__c007E241.dat
C:\WINDOWS\system32__c00886CF.dat
C:\WINDOWS\system32__c0088AA.dat
C:\WINDOWS\system32__c008BC8C.dat
C:\WINDOWS\system32__c008BC9A.dat
C:\WINDOWS\system32__c008C3C1.dat
C:\WINDOWS\system32__c008DA17.dat
C:\WINDOWS\system32__c008DE32.dat
C:\WINDOWS\system32__c008F42D.dat
C:\WINDOWS\system32__c0095774.dat
C:\WINDOWS\system32__c0095C3A.dat
C:\WINDOWS\system32__c009655E.dat
C:\WINDOWS\system32__c0098610.dat
C:\WINDOWS\system32__c009A1B9.dat
C:\WINDOWS\system32__c009AC5D.dat
C:\WINDOWS\system32__c009AED3.dat
C:\WINDOWS\system32__c009E419.dat
C:\WINDOWS\system32__c00A2CAC.dat
C:\WINDOWS\system32__c00A3586.dat
C:\WINDOWS\system32__c00A53EE.dat
C:\WINDOWS\system32__c00A6D76.dat
C:\WINDOWS\system32__c00A7359.dat
C:\WINDOWS\system32__c00A91BC.dat
C:\WINDOWS\system32__c00AC900.dat
C:\WINDOWS\system32__c00AF6E9.dat
C:\WINDOWS\system32__c00B0AE2.dat
C:\WINDOWS\system32__c00B3E59.dat
C:\WINDOWS\system32__c00B5900.dat
C:\WINDOWS\system32__c00C04AC.dat
C:\WINDOWS\system32__c00C94F9.dat
C:\WINDOWS\system32__c00C9B19.dat
C:\WINDOWS\system32__c00D0C91.dat
C:\WINDOWS\system32__c00D2F6A.dat
C:\WINDOWS\system32__c00D4C1A.dat
C:\WINDOWS\system32__c00DACCE.dat
C:\WINDOWS\system32__c00DB100.dat
C:\WINDOWS\system32__c00DFB31.dat
C:\WINDOWS\system32__c00E3155.dat
C:\WINDOWS\system32__c00E3354.dat
C:\WINDOWS\system32__c00E6936.dat
C:\WINDOWS\system32__c00E9531.dat
C:\WINDOWS\system32__c00EEFD9.dat
C:\WINDOWS\system32__c00F4F1E.dat
C:\WINDOWS\system32__c00F5844.dat
C:\WINDOWS\system32__c00F6F5C.dat
C:\WINDOWS\system32__c00FC1A5.dat
C:\WINDOWS\system32\akrddgak.dll
C:\WINDOWS\system32\app.exe
C:\WINDOWS\system32\arvgxvfc.dll
C:\WINDOWS\system32\asrbmvae.dll
C:\WINDOWS\system32\aucnqwob.dll
C:\WINDOWS\system32\aukkmnte.dll
C:\WINDOWS\system32\bcrsrxql.dll
C:\WINDOWS\system32\bnlaujrt.dll
C:\WINDOWS\system32\busgbgmk.dll
C:\WINDOWS\system32\ccjvxcqt.dll
C:\WINDOWS\system32\cdcruvoj.dll
C:\WINDOWS\system32\cdmiayqn.dll
C:\WINDOWS\system32\ceptjhtm.dll
C:\WINDOWS\system32\clfblsor.dll
C:\WINDOWS\system32\cooaltgt.dll
C:\WINDOWS\system32\ctpndxyj.dll
C:\WINDOWS\system32\cuqubdhw.dll
C:\WINDOWS\system32\cygnjnvr.dll
C:\WINDOWS\system32\dgoewxxa.dll
C:\WINDOWS\system32\dkcaxvco.dll
C:\WINDOWS\system32\dksqgqrd.dll
C:\WINDOWS\system32\dmtyqfan.dll
C:\WINDOWS\system32\dnedkajb.dll
C:\WINDOWS\system32\dnrbqeql.dll
C:\WINDOWS\system32\drshrykn.dll
C:\WINDOWS\system32\dtncyxbq.dll
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\edeeg.ini2
C:\WINDOWS\system32\edeeg.tmp
C:\WINDOWS\system32\ejqavcmp.dll
C:\WINDOWS\system32\ekvgbjkl.dll
C:\WINDOWS\system32\etijjawr.dll
C:\WINDOWS\system32\eucxesei.dll
C:\WINDOWS\system32\exqmifsi.dll
C:\WINDOWS\system32\exuwommr.dll
C:\WINDOWS\system32\eyiailei.dll
C:\WINDOWS\system32\fbbfiuwj.dll
C:\WINDOWS\system32\fcinhmtd.dll
C:\WINDOWS\system32\fknnfjma.dll
C:\WINDOWS\system32\fmhvjddd.dll
C:\WINDOWS\system32\ftdyeolt.exe
C:\WINDOWS\system32\g34
C:\WINDOWS\system32\gaaqxyhh.ini
C:\WINDOWS\system32\gcxjvkdb.dll
C:\WINDOWS\system32\geede.dll
C:\WINDOWS\system32\ghykpsua.dll
C:\WINDOWS\system32\gixqrvgf.dll
C:\WINDOWS\system32\gkwbmjvf.dll
C:\WINDOWS\system32\gvogdufb.dll
C:\WINDOWS\system32\hbwmuwkr.dll
C:\WINDOWS\system32\hcxnemgl.dll
C:\WINDOWS\system32\hhyxqaag.dll
C:\WINDOWS\system32\hohpiygj.dll
C:\WINDOWS\system32\hvlbpurl.dll
C:\WINDOWS\system32\iaimkwef.dll
C:\WINDOWS\system32\ihxxxpmc.dll
C:\WINDOWS\system32\intrprng.dll
C:\WINDOWS\system32\inxfmctc.dll
C:\WINDOWS\system32\iqeewekd.dll
C:\WINDOWS\system32\iqxuhart.dll
C:\WINDOWS\system32\issyqsrv.dll
C:\WINDOWS\system32\iudfmvmo.dll
C:\WINDOWS\system32\iurikdui.dll
C:\WINDOWS\system32\iwaeucwh.dll
C:\WINDOWS\system32\iwiytoxv.dll
C:\WINDOWS\system32\jiwedbvv.dll
C:\WINDOWS\system32\jmicxjqk.dll
C:\WINDOWS\system32\jusawcmg.dll
C:\WINDOWS\system32\jyrekemn.dll
C:\WINDOWS\system32\kaffrcgo.dll
C:\WINDOWS\system32\kgveoavl.dll
C:\WINDOWS\system32\kiynkjjm.dll
C:\WINDOWS\system32\krvvabee.dll
C:\WINDOWS\system32\krwfqydw.dll
C:\WINDOWS\system32\ktlfisly.dll
C:\WINDOWS\system32\kuirmmff.dll
C:\WINDOWS\system32\kyrinjdr.dll
C:\WINDOWS\system32\lwpkebcv.dll
C:\WINDOWS\system32\lwxrgkdh.dll
C:\WINDOWS\system32\lymdwdyi.dll
C:\WINDOWS\system32\mbkputod.dll
C:\WINDOWS\system32\mkchdcjl.dll
C:\WINDOWS\system32\mlxwnqbl.dll
C:\WINDOWS\system32\mvawhlur.dll
C:\WINDOWS\system32\neggrjvr.dll
C:\WINDOWS\system32\npceexlv.dll
C:\WINDOWS\system32\nqqfkfek.dll
C:\WINDOWS\system32\nqtwa.bak1

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{4849a9c1-c7c4-4f8c-9fd1-60fc3c22fa88}]
2007-11-23 16:49 83520 --a------ C:\WINDOWS\system32\ymmterde.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{74605DD9-2871-480C-8B4B-0302A966CB92}]
C:\WINDOWS\SYSTEM32\AWTQN.DLL

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{99DE9A8F-2E4E-4781-86C6-F2A2B25C24B6}]
C:\WINDOWS\system32\qdfsssjj.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{99E41A24-6F7C-4531-A4B5-EAD6F371473B}]
C:\Program Files\MSN Gaming Zone\holemunyz4444.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{CD726424-B9CD-4C34-9DC9-152C67761FDE}]
C:\Program Files\MSN Gaming Zone\holemunyz83122.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{EA959CC3-D52A-4388-3B87-985A96131158}]
C:\Program Files\Windows NT\lawug.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-14 02:54]
“SpyClean”=“C:\Program Files\Netcom3 Cleaner\SpyClean.exe”
“Play Tool”=“C:\DOCUME~1\user\APPLIC~1\GREYCD~1\Atom Tray.exe”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SoundMan”=“SOUNDMAN.EXE” [2006-08-03 07:42 C:\WINDOWS\SOUNDMAN.EXE]
“NvCplDaemon”=“RUNDLL32.exe” [2004-08-04 22:30 C:\WINDOWS\system32\rundll32.exe]
“nwiz”=“nwiz.exe” [2004-10-29 17:50 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“RUNDLL32.exe” [2004-08-04 22:30 C:\WINDOWS\system32\rundll32.exe]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2006-11-23 16:10]
“LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-12-05 23:55]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 03:41]
“NGServer”=“C:\Program Files\Symantec\Ghost\ngserver.exe”
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 05:00]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 16:40]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 04:06]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-09-21 10:29]
“cctray”=“C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe” [2007-10-15 15:13]
“CaPPcl”=“C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe” [2007-10-15 15:13]
“eTrustPPAP”=“C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPActiveDetection.exe”
“PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-06-18 15:10]
“Anti Dog Beep Grid”=“C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog\online each.exe”
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 19:36]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-11-09 22:41]
“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 19:55]
“88441475”=“C:\WINDOWS\system32\ushfylcr.dll” [2007-11-23 16:52]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 22:30]
“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-06-19 10:17]

C:\Documents and Settings\user\Start Menu\Programs\Startup
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 20:42:22]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 23:24:38]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 23:44:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableRegistryTools”= 0 (0x0)

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 14:11 233472]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkklkj]
jkkklkj.dll 2007-10-11 10:36 36352 C:\WINDOWS\system32\jkkklkj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
“Authentication Packages”= msv1_0 nwprovau C:\WINDOWS\system32\geede.dll

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
S3 qcusbser;ZTE USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\ZTEusbser.sys
S3 SetupNTGLM7X;SetupNTGLM7X;??\D:\NTGLM7X.sys

.
Contents of the ‘Scheduled Tasks’ folder
“2007-11-23 06:30:00 C:\WINDOWS\Tasks\AFACBAA7906F3003.job”

• c:\docume~1\user\applic~1\greycd~1\FlawLocksSend.exe
  “2007-11-09 00:18:41 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as user at 1 53 AM.job”
• C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe

“2007-11-23 06:33:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job”

• C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
  .

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 17:15:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
Completion time: 2007-11-23 17:28:57 - machine was rebooted
.
— E O F —

Deckard’s System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

– System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2600+
Percentage of Memory in Use: 84%
Physical Memory (total/avail): 511.48 MiB / 77.31 MiB
Pagefile Memory (total/avail): 1249.25 MiB / 628.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.76 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 37.27 GiB total, 4.31 GiB free.
D: is CDROM (No Media)

\.\PHYSICALDRIVE0 - WDC WD400JB-00FSA0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:

– Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1043 [VPS 071120-0] v4.7.1043 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019”

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe::Enabled:hpqtra08.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe::Enabled:hpqste08.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe::Enabled:hpofxm08.exe”
“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe::Enabled:hposfx08.exe"
“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe::Enabled:hposid01.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe::Enabled:hpqscnvw.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe::Enabled:hpqkygrp.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe::Enabled:hpqcopy.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe::Enabled:hpfccopy.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe::Enabled:hpzwiz01.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe::Enabled:hpoews01.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe::Enabled:hpqnrs08.exe"
“C:\Program Files\Messenger\msmsgs.exe”="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger”
“C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe”=“C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe::Enabled:Nero ProductSetup"
“C:\Documents and Settings\user\Local Settings\Temp\Nero Web\SetupXu.exe”="C:\Documents and Settings\user\Local Settings\Temp\Nero Web\SetupXu.exe::Enabled:Nero ProductSetup”
“C:\Sierra\Empire Earth\Empire Earth.exe”=“C:\Sierra\Empire Earth\Empire Earth.exe::Enabled:Empire Earth"
“C:\Program Files\Google\Google Talk\googletalk.exe”="C:\Program Files\Google\Google Talk\googletalk.exe::Enabled:Google Talk”
“C:\WINDOWS\system32\fxsclnt.exe”=“C:\WINDOWS\system32\fxsclnt.exe::Enabled:Microsoft Fax Console"
“C:\Program Files\LimeWire\LimeWire.exe”="C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire”
“C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype"
“C:\WINDOWS\system32\vervakmb.exe”=“C:\WINDOWS\system32\ver”
“C:\Documents and Settings\user\My Documents\LimeWire\LimeWire.exe”="C:\Documents and Settings\user\My Documents\LimeWire\LimeWire.exe::Enabled:LimeWire”
“C:\WINDOWS\system32\dpvsetup.exe”=“C:\WINDOWS\system32\dpvsetup.exe::Enabled:Microsoft DirectPlay Voice Test"
“C:\WINDOWS\system32\rundll32.exe”="C:\WINDOWS\system32\rundll32.exe::Enabled:Run a DLL as an App”
“C:\WINDOWS\system32\ottedeus.exe”=“C:\WINDOWS\system32\ott”
“C:\Program Files\BitDownload\BitDownload.exe”=“C:\Program Files\BitDownload\BitDownload.exe::Enabled:Warez3"
“C:\WINDOWS\system32\xniiuuob.exe”=“C:\WINDOWS\system32\xni”
“C:\WINDOWS\system32\qwfrnkhw.exe”=“C:\WINDOWS\system32\qwf”
“C:\WINDOWS\system32\fyflxxlm.exe”=“C:\WINDOWS\system32\fyf”
“C:\WINDOWS\system32\sguoymdc.exe”=“C:\WINDOWS\system32\sgu”
“C:\WINDOWS\system32\timwqpwy.exe”=“C:\WINDOWS\system32\tim”
“C:\WINDOWS\system32\gkaaskex.exe”=“C:\WINDOWS\system32\gka”
“C:\WINDOWS\system32\ufmhfvdw.exe”=“C:\WINDOWS\system32\ufm”
“C:\WINDOWS\system32\ieoxvijp.exe”=“C:\WINDOWS\system32\ieo”
“C:\WINDOWS\system32\xdcqjurk.exe”=“C:\WINDOWS\system32\xdc”
“C:\WINDOWS\system32\diabpixq.exe”=“C:\WINDOWS\system32\dia”
“C:\WINDOWS\system32\swsooaoa.exe”=“C:\WINDOWS\system32\sws”
“C:\WINDOWS\system32\mmc.exe”="C:\WINDOWS\system32\mmc.exe::Enabled:Microsoft Management Console”
“C:\WINDOWS\system32\gmubbuyy.exe”=“C:\WINDOWS\system32\gmu”

– Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-42891FB261
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\USER-42891FB261
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=USER-42891FB261
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

– User Profiles ---------------------------------------------------------------

user I[/I]
EmMa JaNe I[/I]
Jamey Rose (new local, admin)
Guest I[/I]

– Add/Remove Programs ---------------------------------------------------------

→ C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
→ C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
→ C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
→ C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
→ C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
→ C:\WINDOWS\UNNeroVision.exe /UNINSTALL
→ C:\WINDOWS\UNRecode.exe /UNINSTALL
→ rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX → C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 8.1.0 → MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
avast! Antivirus → rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 → C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bingo Cafe → C:\PROGRA~1\BINGOC~1\UNWISE.EXE C:\PROGRA~1\BINGOC~1\INSTALL.LOG
CA Internet Security Suite → “C:\Program Files\CA\CA Internet Security Suite\caunst.exe” /u
CiD Help → C:\DOCUME~1\user\APPLIC~1\GREYCD~1\Atom Tray.exe -uninstall
DVD Shrink 3.2 → “C:\Program Files\DVD Shrink\unins000.exe”
eMusic Remote 1.0.0.2 → C:\Program Files\eMusic Remote\uninst.exe
Google Web Accelerator → MsiExec.exe /X{6A1975EB-27E6-491D-94BC-6355FA25F40F}
HijackThis 2.0.2 → “C:\Program Files\Trend Micro\HijackThis\HijackThis.exe” /uninstall
HP Customer Participation Program 7.0 → C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0 → C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential → MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A → C:\Program Files\HP\Digital Imaging{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Solution Center 7.0 → C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update → MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Java™ 6 Update 2 → MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Join ME → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{72FD5F2E-1F7A-4E9B-8838-29E842E178CD}\Setup.exe” -l0x9 -removeonly
Microsoft Office Professional Edition 2003 → MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Word Viewer 97 → C:\Program Files\WordView\setup\setup.exe
My Web Search (Cursor Mania) → rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsbar.dll,O
Nero 7 Essentials → MsiExec.exe /X{ADD9E56D-2DD8-448A-8887-B3AF76AB1033}
neroxml → MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver → MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite → C:\Documents and Settings\All Users\Application Data\Installations{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_eng.exe
Nokia PC Suite → MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
NVIDIA Drivers → C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OneCare Advisor (Windows Live Toolbar) → MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
OpenOffice.org 2.0 → MsiExec.exe /I{686BB230-DE5B-44F4-8DB0-4F9BEE7310F7}
PC Connectivity Solution → MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
Picasa 2 → “C:\Program Files\Picasa2\Uninstall.exe”
Popup Blocker (Windows Live Toolbar) → MsiExec.exe /X{66034137-F1CE-4CEF-8180-46553C54DB18}
PowerDVD → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe” -uninstall
QuickTime 3.0 → C:\WINDOWS\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\WINDOWS\system32\QTUninst.dll
RealArcade → C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer → C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC’97 Audio → Alcrmv.exe -r -m
Smart Menus (Windows Live Toolbar) → MsiExec.exe /X{1306C737-0AF4-46C7-B282-64E099304712}
SUPERAntiSpyware Free Edition → MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tabbed Browsing (Windows Live Toolbar) → MsiExec.exe /X{FDB226E3-D55D-4922-894F-20CE4646077D}
The Hoggs Harley Davidson Screen Saver → C:\WINDOWS\system32\THEHOG~1.SCR /U
VIA Platform Device Manager → C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VSO CopyToDVD 4 → “C:\Program Files\VSO\unins000.exe”
Windows Desktop Search → “C:\WINDOWS$NtUninstallKB911993-V2$\spuninst\spuninst.exe”
Windows Live Outlook Toolbar (Windows Live Toolbar) → MsiExec.exe /X{71CB529E-21A4-42AD-BF38-564F08988633}
Windows Live Toolbar → “C:\Program Files\Windows Live Toolbar\UnInstall.exe” {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar → MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar Extension (Windows Live Toolbar) → MsiExec.exe /X{D3F28364-8B10-45F1-8C2D-0037F4538BBB}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) → MsiExec.exe /X{328420FA-7638-4AB1-81DF-E0FECEFF24E3}
Yahoo! Toolbar → C:\PROGRA~1\Yahoo!\Common\unyt.exe

– Application Event Log -------------------------------------------------------

Event Record #/Type6547 / Warning
Event Submitted/Written: 11/21/2007 10:04:58 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type6537 / Error
Event Submitted/Written: 11/21/2007 06:54:57 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Event Record #/Type6535 / Error
Event Submitted/Written: 11/21/2007 06:54:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type6531 / Warning
Event Submitted/Written: 11/21/2007 06:51:16 PM
Event ID/Source: 32066 / Microsoft Fax
Event Description:
At least one of the devices in the outgoing routing group is not valid.
Group name: ‘’

Event Record #/Type6505 / Error
Event Submitted/Written: 11/21/2007 11:05:08 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

– Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

– System Event Log ------------------------------------------------------------

Event Record #/Type5063 / Warning
Event Submitted/Written: 11/21/2007 10:17:46 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000461534716. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type5033 / Error
Event Submitted/Written: 11/21/2007 10:10:21 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Symantec Ghost Configuration Server service failed to start due to the following error:
%%3

Event Record #/Type4985 / Error
Event Submitted/Written: 11/21/2007 07:27:09 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Symantec Ghost Configuration Server service failed to start due to the following error:
%%3

Event Record #/Type4975 / Error
Event Submitted/Written: 11/21/2007 07:19:50 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register with DCOM within the required timeout.

Event Record #/Type4951 / Error
Event Submitted/Written: 11/21/2007 06:51:12 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Symantec Ghost Configuration Server service failed to start due to the following error:
%%3

– End of Deckard’s System Scanner: finished at 2007-11-22 00:32:34 ------------

eckard’s System Scanner v20071014.68
Run by user on 2007-11-22 11:20:02
Computer is in Normal Mode.

Percentage of Memory in Use: 80% (more than 75%).
System Drive C: has 4.29 GiB (less than 15%) free.

– HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:12 AM, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\LocalService\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://au.rd.yahoo.com/customize/ycomp/defaults/sp/*http://au.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {74605DD9-2871-480C-8B4B-0302A966CB92} - C:\WINDOWS\SYSTEM32\AWTQN.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {99DE9A8F-2E4E-4781-86C6-F2A2B25C24B6} - C:\WINDOWS\system32\qdfsssjj.dll (file missing)
O2 - BHO: (no name) - {99E41A24-6F7C-4531-A4B5-EAD6F371473B} - C:\Program Files\MSN Gaming Zone\holemunyz4444.dll (file missing)
O2 - BHO: (no name) - {BC0692C3-733F-48AB-8E03-D3C5A32B1716} - C:\WINDOWS\system32\geede.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: (no name) - {CD726424-B9CD-4C34-9DC9-152C67761FDE} - C:\Program Files\MSN Gaming Zone\holemunyz83122.dll (file missing)
O2 - BHO: (no name) - {EA959CC3-D52A-4388-3B87-985A96131158} - C:\Program Files\Windows NT\lawug.dll (file missing)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM..\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM..\Run: [cctray] “C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe”
O4 - HKLM..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup
O4 - HKLM..\Run: [eTrustPPAP] “C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPActiveDetection.exe”
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM..\Run: [Anti Dog Beep Grid] C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog\online each.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM..\Run: [88441475] rundll32.exe “C:\WINDOWS\system32\wbuwaswt.dll”,b
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe
O4 - HKCU..\Run: [Play Tool] C:\DOCUME~1\user\APPLIC~1\GREYCD~1\Atom Tray.exe
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm103YYAU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?75916c03fbbc4eeb82ca20dbc53ebe48
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?75916c03fbbc4eeb82ca20dbc53ebe48

–

O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm103YYAU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?75916c03fbbc4eeb82ca20dbc53ebe48
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?75916c03fbbc4eeb82ca20dbc53ebe48
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.westnet.com.au
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkklkj - C:\WINDOWS\SYSTEM32\jkkklkj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\gmubbuyy.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - (no file)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

–
End of file - 12680 bytes

– Files created between 2007-10-22 and 2007-11-22 -----------------------------

2007-11-22 11:20:04 10816 --a------ C:\WINDOWS\system32\oflvmhuy.dll
2007-11-22 11:19:28 71232 --a------ C:\WINDOWS\system32\doqbdhys.exe <Not Verified; ; DDC>
2007-11-22 11:18:55 10816 --a------ C:\WINDOWS\system32__c001E8FA.dat
2007-11-22 11:18:54 10816 --a------ C:\WINDOWS\system32\krwfqydw.dll
2007-11-22 11:18:21 80960 --a------ C:\WINDOWS\system32\suaakfoa.dll
2007-11-22 11:15:22 10816 --a------ C:\WINDOWS\system32__c008DA17.dat
2007-11-22 11:15:21 10816 --a------ C:\WINDOWS\system32\wvttpxxg.dll
2007-11-22 11:15:20 10816 --a------ C:\WINDOWS\system32\tqbfhhug.dll
2007-11-22 11:12:40 71232 --a------ C:\WINDOWS\system32\hmuspgvv.exe <Not Verified; ; DDC>
2007-11-22 10:36:51 10816 --a------ C:\WINDOWS\system32__c005349E.dat
2007-11-22 10:36:50 10816 --a------ C:\WINDOWS\system32\vgqvarbp.dll
2007-11-22 10:34:53 71232 --a------ C:\WINDOWS\system32\bhndarhp.exe <Not Verified; ; DDC>
2007-11-22 05:17:49 10816 --a------ C:\WINDOWS\system32\tunjqals.dll
2007-11-22 05:15:37 10816 --a------ C:\WINDOWS\system32__c0027B18.dat
2007-11-22 05:15:35 10816 --a------ C:\WINDOWS\system32\cuqubdhw.dll
2007-11-22 05:15:34 71232 --a------ C:\WINDOWS\system32\tqahiity.exe <Not Verified; ; DDC>
2007-11-22 05:12:54 10816 --a------ C:\WINDOWS\system32\lymdwdyi.dll
2007-11-22 05:10:49 85056 --a------ C:\WINDOWS\system32\wbuwaswt.dll
2007-11-22 05:10:44 71232 --a------ C:\WINDOWS\system32\llppcsdp.exe <Not Verified; ; DDC>
2007-11-22 05:08:10 10816 --a------ C:\WINDOWS\system32__c008DE32.dat
2007-11-22 05:08:09 10816 --a------ C:\WINDOWS\system32\ybjfdweg.dll
2007-11-22 05:03:19 71232 --a------ C:\WINDOWS\system32\yumvioah.exe <Not Verified; ; DDC>
2007-11-22 05:00:19 10816 --a------ C:\WINDOWS\system32__c00A91BC.dat
2007-11-22 05:00:18 10816 --a------ C:\WINDOWS\system32\iaimkwef.dll
2007-11-22 04:57:41 10816 --a------ C:\WINDOWS\system32\bnlaujrt.dll
2007-11-22 04:26:34 80960 --a------ C:\WINDOWS\system32\lxukivje.dll
2007-11-22 04:20:32 85056 --a------ C:\WINDOWS\system32\ygflchpf.dll
2007-11-22 04:17:32 10816 --a------ C:\WINDOWS\system32__c00DB100.dat
2007-11-22 04:17:31 10816 --a------ C:\WINDOWS\system32\xqkmmwod.dll
2007-11-22 04:14:50 71232 --a------ C:\WINDOWS\system32\ubnabnie.exe <Not Verified; ; DDC>
2007-11-22 04:12:42 10816 --a------ C:\WINDOWS\system32\drshrykn.dll
2007-11-22 04:10:03 10816 --a------ C:\WINDOWS\system32\dksqgqrd.dll
2007-11-22 04:07:51 80960 --a------ C:\WINDOWS\system32\vilwflxn.dll
2007-11-22 04:07:34 85056 --a------ C:\WINDOWS\system32\caltsyrf.dll
2007-11-22 04:01:35 10816 --a------ C:\WINDOWS\system32__c00DACCE.dat
2007-11-22 04:01:34 10816 --a------ C:\WINDOWS\system32\akrddgak.dll
2007-11-22 04:01:33 10816 --a------ C:\WINDOWS\system32\ykkadydp.dll

----- C:\WINDOWS\system32\nuysvfhl.dll
2007-11-21 22:16:02 10816 --a------ C:\WINDOWS\system32__c00886CF.dat
2007-11-21 22:16:01 10816 --a------ C:\WINDOWS\system32\tinyfajx.dll
2007-11-21 22:10:49 10816 --a------ C:\WINDOWS\system32\sfwxojas.dll
2007-11-21 19:41:59 80960 --a------ C:\WINDOWS\system32\ronblktv.dll
2007-11-21 19:32:55 10816 --a------ C:\WINDOWS\system32__c002FA59.dat
2007-11-21 19:32:54 10816 --a------ C:\WINDOWS\system32\uhwinvyt.dll
2007-11-21 19:30:01 10816 --a------ C:\WINDOWS\system32\mbkputod.dll
2007-11-21 19:29:58 71232 --a------ C:\WINDOWS\system32\brvqbgcw.exe <Not Verified; ; DDC>
2007-11-21 19:28:17 10816 --a------ C:\WINDOWS\system32\ctpndxyj.dll
2007-11-21 19:22:38 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-21 19:21:35 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-21 19:21:35 0 d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2007-11-21 18:54:00 80960 --a------ C:\WINDOWS\system32\rgsmdqoo.dll
2007-11-21 18:52:26 71232 --a------ C:\WINDOWS\system32\tltskrdj.exe <Not Verified; ; DDC>
2007-11-21 18:52:13 10816 --a------ C:\WINDOWS\system32\vxycetyw.dll
2007-11-21 18:47:18 10816 --a------ C:\WINDOWS\system32\pnbimxxk.dll
2007-11-21 18:47:17 10816 --a------ C:\WINDOWS\system32\hcxnemgl.dll
2007-11-21 18:44:44 71232 --a------ C:\WINDOWS\system32\fcxwujne.exe <Not Verified; ; DDC>
2007-11-21 16:55:21 80960 --a------ C:\WINDOWS\system32\odphbvre.dll
2007-11-21 16:52:21 10816 --a------ C:\WINDOWS\system32__c008BC8C.dat
2007-11-21 16:52:20 10816 --a------ C:\WINDOWS\system32\fmhvjddd.dll
2007-11-21 16:49:43 71232 --a------ C:\WINDOWS\system32\wawdfnck.exe <Not Verified; ; DDC>
2007-11-21 16:38:54 80960 --a------ C:\WINDOWS\system32\ivghudox.dll
2007-11-21 15:24:54 85056 --a------ C:\WINDOWS\system32\rxrulqfk.dll
2007-11-21 15:18:54 71232 --a------ C:\WINDOWS\system32\gjlekrka.exe <Not Verified; ; DDC>
2007-11-21 15:16:24 10816 --a------ C:\WINDOWS\system32__c00B0AE2.dat
2007-11-21 15:16:23 10816 --a------ C:\WINDOWS\system32\dtncyxbq.dll
2007-11-21 14:16:51 84544 --a------ C:\WINDOWS\system32\qboghyll.dll
2007-11-21 14:10:52 85056 --a------ C:\WINDOWS\system32\qhakqcds.dll
2007-11-21 14:07:51 71232 --a------ C:\WINDOWS\system32\ybgpxwtw.exe <Not Verified; ; DDC>
2007-11-21 14:05:14 10816 --a------ C:\WINDOWS\system32__c00FC1A5.dat
2007-11-21 14:05:13 10816 --a------ C:\WINDOWS\system32\ihxxxpmc.dll
2007-11-21 14:02:40 84544 --a------ C:\WINDOWS\system32\iyoxxren.dll
2007-11-21 14:00:48 85056 --a------ C:\WINDOWS\system32\vlmjcnmh.dll
2007-11-21 13:08:40 10816 --a------ C:\WINDOWS\system32__c0064184.dat
2007-11-21 13:08:38 10816 --a------ C:\WINDOWS\system32\ceptjhtm.dll
2007-11-21 13:05:41 71232 --a------ C:\WINDOWS\system32\sfecsbqr.exe <Not Verified; ; DDC>
2007-11-21 13:03:44 10816 --a------ C:\WINDOWS\system32\ejqavcmp.dll
2007-11-21 11:24:40 84544 --a------ C:\WINDOWS\system32\hcoeacke.dll
2007-11-21 11:18:41 10816 --a------ C:\WINDOWS\system32__c00E3354.dat
2007-11-21 11:18:40 10816 --a------ C:\WINDOWS\system32\issyqsrv.dll
2007-11-21 11:16:07 71232 --a------ C:\WINDOWS\system32\phntjgex.exe <Not Verified; ; DDC>
2007-11-21 11:15:08 84544 --a------ C:\WINDOWS\system32\xjgctvdy.dll
2007-11-21 11:15:02 10816 --a------ C:\WINDOWS\system32__c0088AA.dat
2007-11-21 11:15:01 10816 --a------ C:\WINDOWS\system32\yxtaaisk.dll
2007-11-21 11:15:00 10816 --a------ C:\WINDOWS\system32\fknnfjma.dll
2007-11-21 11:13:59 71232 --a------ C:\WINDOWS\system32\jqlgewpc.exe <Not Verified; ; DDC>
2007-11-21 11:04:17 84544 --a------ C:\WINDOWS\system32\crebufre.dll
2007-11-21 10:57:46 10816 --a------ C:\WINDOWS\system32__c00A7359.dat
2007-11-21 10:57:45 10816 --a------ C:\WINDOWS\system32\xhibwkym.dll
2007-11-21 10:57:32 71232 --a------ C:\WINDOWS\system32\wvoocxcs.exe <Not Verified; ; DDC>
2007-11-21 01:27:43 10816 --a------ C:\WINDOWS\system32\rkhfcdyo.dll
2007-11-21 01:25:05 71232 --a------ C:\WINDOWS\system32\cbvpilly.exe <Not Verified; ; DDC>
2007-11-21 01:14:29 84544 --a------ C:\WINDOWS\system32\rkqrtulp.dll
2007-11-21 01:11:28 85056 --a------ C:\WINDOWS\system32\uqqrgoyl.dll
2007-11-21 01:08:34 10816 --a------ C:\WINDOWS\system32__c00C04AC.dat
2007-11-21 01:08:33 10816 --a------ C:\WINDOWS\system32\uqanrmpp.dll
2007-11-21 01:08:31 10816 --a------ C:\WINDOWS\system32\wlxulpwg.dll
2007-11-21 01:07:49 71232 --a------ C:\WINDOWS\system32\owlxhoui.exe <Not Verified; ; DDC>
2007-11-21 01:01:01 10816 --a------ C:\WINDOWS\system32__c0074039.dat
2007-11-21 01:01:00 10816 --a------ C:\WINDOWS\system32\neggrjvr.dll
2007-11-21 01:00:59 10816 --a------ C:\WINDOWS\system32\iqeewekd.dll
2007-11-21 00:58:22 71232 --a------ C:\WINDOWS\system32\snyxkjaj.exe <Not Verified; ; DDC>
2007-11-21 00:55:10 84544 --a------ C:\WINDOWS\system32\xielkolq.dll
2007-11-21 00:49:08 10816 --a------ C:\WINDOWS\system32__c00AC900.dat
2007-11-21 00:49:07 10816 --a------ C:\WINDOWS\system32\vpexwjrv.dll
2007-11-21 00:46:32 71232 --a------ C:\WINDOWS\system32\leewtbkv.exe <Not Verified; ; DDC>
2007-11-21 00:43:40 84544 --a------ C:\WINDOWS\system32\cejrtqas.dll
2007-11-21 00:43:32 85056 --a------ C:\WINDOWS\system32\sfmhmmjt.dll
2007-11-21 00:40:27 71232 --a------ C:\WINDOWS\system32\xwckccyg.exe <Not Verified; ; DDC>
2007-11-21 00:37:50 10816 --a------ C:\WINDOWS\system32__c001F66C.dat

2007-11-20 20:29:48 10816 --a------ C:\WINDOWS\system32\gcxjvkdb.dll
2007-11-20 20:29:47 10816 --a------ C:\WINDOWS\system32\pnqagldo.dll
2007-11-20 20:27:06 71232 --a------ C:\WINDOWS\system32\xdpakdkn.exe <Not Verified; ; DDC>
2007-11-20 20:24:25 10816 --a------ C:\WINDOWS\system32__c0071610.dat
2007-11-20 20:24:24 10816 --a------ C:\WINDOWS\system32\ekvgbjkl.dll
2007-11-20 20:21:35 84544 --a------ C:\WINDOWS\system32\qthrflfp.dll
2007-11-20 20:15:47 85056 --a------ C:\WINDOWS\system32\cjtdsvtf.dll
2007-11-20 20:15:43 71232 --a------ C:\WINDOWS\system32\uhsynyge.exe <Not Verified; ; DDC>
2007-11-20 20:12:55 10816 --a------ C:\WINDOWS\system32__c00C94F9.dat
2007-11-20 20:12:54 10816 --a------ C:\WINDOWS\system32\iurikdui.dll
2007-11-20 20:11:42 10816 --a------ C:\WINDOWS\system32\rsatnjwh.dll
2007-11-20 20:09:02 71232 --a------ C:\WINDOWS\system32\njalsdms.exe <Not Verified; ; DDC>
2007-11-20 20:08:27 10816 --a------ C:\WINDOWS\system32__c0062168.dat
2007-11-20 20:08:26 10816 --a------ C:\WINDOWS\system32\jmicxjqk.dll
2007-11-20 20:00:24 71232 --a------ C:\WINDOWS\system32\vwpemrag.exe <Not Verified; ; DDC>
2007-11-20 19:57:11 10816 --a------ C:\WINDOWS\system32__c008C3C1.dat
2007-11-20 19:56:48 10816 --a------ C:\WINDOWS\system32__c00D4C1A.dat
2007-11-20 19:56:46 10816 --a------ C:\WINDOWS\system32__c005A28.dat
2007-11-20 19:55:56 10816 --a------ C:\WINDOWS\system32__c00E9531.dat
2007-11-20 19:55:46 71232 --a------ C:\WINDOWS\system32\fhspjcoo.exe <Not Verified; ; DDC>
2007-11-20 19:53:11 10816 --a------ C:\WINDOWS\system32\qamudofx.dll
2007-11-20 17:43:42 84544 --a------ C:\WINDOWS\system32\tfmasjfr.dll
2007-11-20 17:40:43 85056 --a------ C:\WINDOWS\system32\qiutfrdi.dll
2007-11-20 17:34:42 10816 --a------ C:\WINDOWS\system32__c002BC9C.dat
2007-11-20 17:34:41 10816 --a------ C:\WINDOWS\system32\kyrinjdr.dll
2007-11-20 17:29:06 10816 --a------ C:\WINDOWS\system32\arvgxvfc.dll
2007-11-20 15:47:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 14:41:43 0 d-------- C:\Documents and Settings\user\DoctorWeb
2007-11-20 14:34:44 10816 --a------ C:\WINDOWS\system32\vowqdeyy.dll
2007-11-20 14:32:28 83008 --a------ C:\WINDOWS\system32\rlggvthp.dll
2007-11-20 14:26:25 10816 --a------ C:\WINDOWS\system32__c00F5844.dat
2007-11-20 14:26:23 10816 --a------ C:\WINDOWS\system32\clfblsor.dll
2007-11-20 14:23:46 10816 --a------ C:\WINDOWS\system32\iwiytoxv.dll
2007-11-20 14:12:56 24185 --a------ C:\WINDOWS\system32\tpxhbumy.dll
2007-11-20 14:12:49 10816 --a------ C:\WINDOWS\system32\kgveoavl.dll
2007-11-20 14:11:54 10816 --a------ C:\WINDOWS\system32\iwaeucwh.dll
2007-11-20 14:08:12 10816 --a------ C:\WINDOWS\system32\bcrsrxql.dll
2007-11-20 14:03:42 10816 --a------ C:\WINDOWS\system32\onsmfwhx.dll
2007-11-20 13:57:09 85056 --a------ C:\WINDOWS\system32\crqfvuna.dll
2007-11-20 13:48:05 10816 --a------ C:\WINDOWS\system32__c00E6936.dat
2007-11-20 13:48:04 10816 --a------ C:\WINDOWS\system32\dkcaxvco.dll
2007-11-20 13:43:46 10816 --a------ C:\WINDOWS\system32__c004CB45.dat
2007-11-20 13:43:45 10816 --a------ C:\WINDOWS\system32\dnrbqeql.dll
2007-11-20 13:41:18 10816 --a------ C:\WINDOWS\system32\uqmfyiwd.dll
2007-11-20 13:32:18 83008 --a------ C:\WINDOWS\system32\ymxwkojb.dll
2007-11-20 13:29:12 85056 --a------ C:\WINDOWS\system32\hhgficqu.dll
2007-11-20 13:23:36 10816 --a------ C:\WINDOWS\system32__c0095C3A.dat
2007-11-20 13:23:35 10816 --a------ C:\WINDOWS\system32\cdcruvoj.dll
2007-11-20 13:20:52 83008 --a------ C:\WINDOWS\system32\yhncrikt.dll
2007-11-20 13:14:53 10816 --a------ C:\WINDOWS\system32__c00F4F1E.dat
2007-11-20 13:14:52 10816 --a------ C:\WINDOWS\system32\dnedkajb.dll
2007-11-20 13:04:33 83008 --a------ C:\WINDOWS\system32\uhmegyqc.dll
2007-11-20 12:55:52 10816 --a------ C:\WINDOWS\system32__c00B5900.dat
2007-11-20 12:55:51 10816 --a------ C:\WINDOWS\system32\eyiailei.dll
2007-11-20 12:40:35 10816 --a------ C:\WINDOWS\system32__c0040ED9.dat
2007-11-20 12:40:34 10816 --a------ C:\WINDOWS\system32\purjaagy.dll
2007-11-20 12:37:58 10816 --a------ C:\WINDOWS\system32\vtdlwgnl.dll
2007-11-20 12:19:02 85056 --a------ C:\WINDOWS\system32\srtumlyh.dll
2007-11-20 12:13:07 10816 --a------ C:\WINDOWS\system32__c006F444.dat
2007-11-20 12:13:06 10816 --a------ C:\WINDOWS\system32\yguopmco.dll
2007-11-20 12:07:07 10816 --a------ C:\WINDOWS\system32\kuirmmff.dll
2007-11-20 12:04:32 10816 --a------ C:\WINDOWS\system32\gvogdufb.dll
2007-11-20 11:43:18 85056 --a------ C:\WINDOWS\system32\ssbmbdvq.dll
2007-11-20 11:40:18 83008 --a------ C:\WINDOWS\system32\eywnrdbx.dll
2007-11-20 11:28:37 10816 --a------ C:\WINDOWS\system32__c0036621.dat
2007-11-20 11:28:36 10816 --a------ C:\WINDOWS\system32\cooaltgt.dll
2007-11-20 11:24:52 10816 --a------ C:\WINDOWS\system32__c007812B.dat
2007-11-20 11:24:51 10816 --a------ C:\WINDOWS\system32\exqmifsi.dll
2007-11-20 11:19:16 10816 --a------ C:\WINDOWS\system32\kaffrcgo.dll
2007-11-20 11:18:37 10816 --a------ C:\WINDOWS\system32__c00D0C91.dat
2007-11-20 11:18:35 10816 --a------ C:\WINDOWS\system32\kiynkjjm.dll
2007-11-19 21:49:35 10816 --a------ C:\WINDOWS\system32\inxfmctc.dll
2007-11-19 21:42:10 85056 --a------ C:\WINDOWS\system32\uygbiaus.dll
2007-11-19 21:41:52 10816 --a------ C:\WINDOWS\system32__c009AC5D.dat
2007-11-19 21:41:51 10816 --a------ C:\WINDOWS\system32\wimevxbk.dll
2007-11-19 21:39:11 10816 --a------ C:\WINDOWS\system32\sfukkakn.dll
2007-11-19 21:37:34 10816 --a------ C:\WINDOWS\system32\ktlfisly.dll
2007-11-19 21:29:41 10816 --a------ C:\WINDOWS\system32\ycegvqhn.dll
2007-11-19 20:40:50 83008 --a------ C:\WINDOWS\system32\jcpnmiay.dll
2007-11-19 20:35:11 85056 --a------ C:\WINDOWS\system32\iegvvjdq.dll
2007-11-19 20:08:11 83008 --a------ C:\WINDOWS\system32\uwuvrien.dll
2007-11-19 20:05:36 0 d-------- C:\Documents and Settings\user\Application Data\Grisoft
2007-11-19 20:05:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

007-11-19 20:05:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-19 18:35:51 85056 --a------ C:\WINDOWS\system32\ctfukatm.dll
2007-11-19 18:35:44 83008 --a------ C:\WINDOWS\system32\klxofkwk.dll
2007-11-19 18:10:16 83008 --a------ C:\WINDOWS\system32\puoswkhb.dll
2007-11-19 18:07:22 85056 --a------ C:\WINDOWS\system32\qropuskt.dll
2007-11-19 14:40:32 85056 --a------ C:\WINDOWS\system32\tdbdettu.dll
2007-11-19 13:01:00 79424 --a------ C:\WINDOWS\system32\fulsirun.dll
2007-11-19 12:43:22 79424 --a------ C:\WINDOWS\system32\hjwfdgws.dll
2007-11-19 12:33:42 79424 --a------ C:\WINDOWS\system32\unmypext.dll
2007-11-17 20:53:52 85056 --a------ C:\WINDOWS\system32\tnscmqqj.dll
2007-11-16 21:11:50 85056 --a------ C:\WINDOWS\system32\ceiyjynq.dll
2007-11-16 10:37:04 0 d-------- C:\Program Files\Registry Defender
2007-11-14 21:14:29 85056 --a------ C:\WINDOWS\system32\hdfghwuf.dll
2007-11-14 21:10:34 0 d------c- C:\Do=?
2007-11-14 21:07:00 0 d------c- C:\aadc3612925cefdb590bf5
2007-11-13 20:30:02 88128 --a------ C:\WINDOWS\system32\sapsvldq.dll
2007-11-13 19:08:10 88128 --a------ C:\WINDOWS\system32\gemayaxi.dll
2007-11-13 16:24:30 88128 --a------ C:\WINDOWS\system32\ranqnqwv.dll
2007-11-12 15:09:26 88128 --a------ C:\WINDOWS\system32\ddqpvwcb.dll
2007-11-12 14:01:59 88128 --a------ C:\WINDOWS\system32\ntmhirqr.dll
2007-11-11 19:42:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-11 19:41:35 0 d-------- C:\Program Files\Yahoo!
2007-11-11 15:43:59 88128 --a------ C:\WINDOWS\system32\vcnamhyy.dll
2007-11-11 13:07:26 85056 --a------ C:\WINDOWS\system32\jdoemquo.dll
2007-11-10 17:18:05 85056 --a------ C:\WINDOWS\system32\oupubfbq.dll
2007-11-09 22:26:21 0 d-------- C:\Program Files\BingoCafe
2007-11-09 20:46:20 88128 --a------ C:\WINDOWS\system32\odujphcr.dll
2007-11-09 20:07:34 88128 --a------ C:\WINDOWS\system32\ijwujfjg.dll
2007-11-09 18:29:44 0 d-------- C:\Program Files\Alwil Software
2007-11-09 18:10:11 88128 --a------ C:\WINDOWS\system32\gghckaaf.dll
2007-11-09 06:44:27 0 d-------- C:\Program Files\Grey Cdrom Boob
2007-11-08 22:23:37 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-08 22:15:35 0 d-------- C:\Program Files\Common Files\PCSuite
2007-11-08 22:15:35 0 d-------- C:\Program Files\Common Files\Nokia
2007-11-08 22:14:35 0 d-------- C:\Program Files\PC Connectivity Solution
2007-11-08 22:14:10 0 d-------- C:\Program Files\Nokia
2007-11-08 11:02:57 86080 --a------ C:\WINDOWS\system32\iottqcpy.dll
2007-11-07 12:23:22 87104 --a------ C:\WINDOWS\system32\wckkkbuk.dll
2007-11-06 22:04:20 87104 --a------ C:\WINDOWS\system32\ivjkndfn.dll
2007-11-06 21:48:59 87104 --a------ C:\WINDOWS\system32\pybwlcxh.dll
2007-11-06 21:01:59 87104 --a------ C:\WINDOWS\system32\ofdvvbig.dll
2007-11-06 17:30:09 0 d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2007-11-06 15:32:57 85568 --a------ C:\WINDOWS\system32\shkpvamo.dll
2007-11-05 23:36:57 85568 --a------ C:\WINDOWS\system32\pkrfhkyl.dll
2007-11-05 19:46:44 85568 --a------ C:\WINDOWS\system32\jweswqhl.dll
2007-11-05 18:29:14 0 d-------- C:\WINDOWS\system32\FxsTmp
2007-11-05 18:13:19 85568 --a------ C:\WINDOWS\system32\liqlsrcm.dll
2007-11-05 15:02:42 86080 -----n— C:\WINDOWS\system32\tqhqrppf.dll
2007-11-05 14:59:01 86080 --a------ C:\WINDOWS\system32\gfhvafif.dll
2007-11-04 13:26:04 85568 --a------ C:\WINDOWS\system32\rmoqtems.dll
2007-11-04 12:39:22 87616 --a------ C:\WINDOWS\system32\nkwtdprp.dll
2007-11-03 15:56:45 87616 --a------ C:\WINDOWS\system32\twjlqwty.dll
2007-11-02 10:26:10 85056 --a------ C:\WINDOWS\system32\hhyxqaag.dll
2007-11-01 09:44:39 335785 —hs---- C:\WINDOWS\system32\edeeg.ini2
2007-10-31 16:01:03 0 d—s---- C:\WINDOWS\Cookies
2007-10-31 16:01:00 0 d------c- C:\DoF
2007-10-31 16:00:59 0 d------c- C:\DoF
2007-10-31 03:13:43 0 d------c- C:\31.2.5253
2007-10-27 17:07:09 0 d-------- C:\Documents and Settings\user\Application Data\eMusic
2007-10-27 15:57:32 0 d-------- C:\Program Files\eMusic Remote
2007-10-27 02:55:11 0 --a------ C:\Documents and Settings\user\core
2007-10-26 21:30:32 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMonitor
2007-10-26 15:30:18 83008 --a------ C:\WINDOWS\system32\hbwmuwkr.dll
2007-10-24 14:59:10 0 d-------- C:\WINDOWS\pss
2007-10-24 14:52:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog

– Find3M Report ---------------------------------------------------------------

2007-11-22 11:20:04 344697 —hs---- C:\WINDOWS\system32\edeeg.bak2
2007-11-22 11:13:59 0 d-------- C:\Documents and Settings\user\Application Data\OpenOffice.org2
2007-11-22 10:45:07 657 --a------ C:\Documents and Settings\user\Application Data.googlewebacchosts
2007-11-20 15:47:11 0 d-------- C:\Program Files\Common Files
2007-11-11 14:03:43 0 d–h----- C:\Program Files\InstallShield Installation Information
2007-11-09 22:41:42 0 d-------- C:\Program Files\QuickTime
2007-11-09 18:34:32 0 d-------- C:\Documents and Settings\user\Application Data\Grey Cdrom Boob
2007-11-09 10:53:30 0 d-------- C:\Documents and Settings\user\Application Data\Nokia
2007-11-08 22:23:59 0 d-------- C:\Documents and Settings\user\Application Data\PC Suite
2007-11-08 22:15:13 0 d-------- C:\Program Files\DIFX
2007-10-31 19:37:54 0 d-------- C:\Program Files\Join ME
2007-10-27 04:00:28 0 d-------- C:\Documents and Settings\user\Application Data\Vso
2007-10-24 14:52:13 0 d-------- C:\Documents and Settings\user\Application Data\StumbleUpon
2007-10-24 14:52:09 0 d-------- C:\Program Files\Common Files\Scanner
2007-10-24 14:52:04 0 d–hs---- C:\Program Files\outlook
2007-10-24 14:52:04 0 d-------- C:\Program Files\Network Monitor
2007-10-24 14:52:00 0 d-------- C:\Program Files\MSN Gaming Zone
2007-10-24 14:51:22 0 d-------- C:\Program Files\RegistrySmart
2007-10-24 01:19:04 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire

2007-10-19 06:27:25 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-17 13:03:56 6474 —hs---- C:\WINDOWS\system32\edeeg.bak1
2007-10-17 13:03:32 311904 --a------ C:\WINDOWS\system32\geede.dll
2007-10-15 14:23:37 0 d-------- C:\Program Files\Windows NT
2007-10-15 13:34:03 0 d-------- C:\Program Files\CA
2007-10-15 11:58:35 0 d-------- C:\Documents and Settings\user\Application Data\RegistrySmart
2007-10-14 18:04:13 64 --a------ C:\WINDOWS\system32\extdfxjd.dll
2007-10-14 17:59:53 472817 --ahs---- C:\WINDOWS\system32\nqtwa.bak2
2007-10-12 13:22:56 0 d-------- C:\Program Files\Google
2007-10-12 13:18:47 0 d-------- C:\Documents and Settings\user\Application Data\MSNInstaller
2007-10-11 17:46:18 18 --a------ C:\WINDOWS\system32\CC.dll
2007-10-11 17:45:10 60928 --a------ C:\WINDOWS\system32\zip32.dll <Not Verified; Info-ZIP; Info-ZIP’s WiZ>
2007-10-11 10:42:30 6465 --ahs---- C:\WINDOWS\system32\nqtwa.bak1
2007-10-11 10:38:10 249 --a------ C:\WINDOWS\system32\5329.bat
2007-10-11 10:38:06 86 --a------ C:\WINDOWS\system32\n.bat
2007-10-11 10:37:32 2411 --a------ C:\WINDOWS\system32\x.dat
2007-10-11 10:37:17 52687 --a------ C:\WINDOWS\system32\z.dat
2007-10-11 10:36:30 36352 --a------ C:\WINDOWS\system32\jkkklkj.dll
2007-10-11 10:36:28 58880 --a------ C:\WINDOWS\system32\app.exe
2007-10-11 10:36:22 32768 --a------ C:\WINDOWS\system32\winlogo.exe <Not Verified; w00t; fhjdh456746dhfjdfjfdjfkk>
2007-10-11 10:35:36 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP’s WiZ>
2007-09-29 16:43:33 0 d-------- C:\Documents and Settings\user\Application Data\Identities
2007-09-29 13:35:48 0 d-------- C:\Program Files\Symantec
2007-09-29 09:55:27 0 d-------- C:\Program Files\The Weather Channel FW
2007-09-29 09:51:28 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-29 09:34:04 0 d-------- C:\Program Files\Binary Boy
2007-09-29 09:27:39 0 d-------- C:\Program Files\ezr
2007-09-29 09:18:33 0 d-------- C:\Program Files\ezt
2007-09-29 07:08:00 0 d-------- C:\Program Files\eBay
2007-09-28 11:09:04 0 d-------- C:\Documents and Settings\user\Application Data\WholeSecurity
2007-09-27 16:12:55 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-09-27 16:10:39 0 d-------- C:\Program Files\Microsoft.NET
2007-09-26 19:49:10 0 d-------- C:\Program Files\Real
2007-09-26 19:49:08 0 d-------- C:\Program Files\Common Files\Real
2007-09-23 01:49:22 0 d-------- C:\Documents and Settings\user\Application Data\DataLayer
2007-09-19 15:53:05 9728 --a------ C:\WINDOWS\system32\UnInstall The Hoggs Harley Davidson.exe
2007-09-19 15:53:05 5530273 --a------ C:\WINDOWS\system32\The Hoggs Harley Davidson.scr
2007-09-17 17:54:39 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat

– Registry Dump ---------------------------------------------------------------

Note empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{74605DD9-2871-480C-8B4B-0302A966CB92}]
C:\WINDOWS\SYSTEM32\AWTQN.DLL

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{99DE9A8F-2E4E-4781-86C6-F2A2B25C24B6}]
C:\WINDOWS\system32\qdfsssjj.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{99E41A24-6F7C-4531-A4B5-EAD6F371473B}]
C:\Program Files\MSN Gaming Zone\holemunyz4444.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{BC0692C3-733F-48AB-8E03-D3C5A32B1716}]
17/10/2007 01:03 PM 311904 --a------ C:\WINDOWS\system32\geede.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{CD726424-B9CD-4C34-9DC9-152C67761FDE}]
C:\Program Files\MSN Gaming Zone\holemunyz83122.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{EA959CC3-D52A-4388-3B87-985A96131158}]
C:\Program Files\Windows NT\lawug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SoundMan”=“SOUNDMAN.EXE” [03/08/2006 07:42 AM C:\WINDOWS\SOUNDMAN.EXE]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [29/10/2004 05:50 PM]
“nwiz”=“nwiz.exe” [29/10/2004 05:50 PM C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [29/10/2004 05:50 PM]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [23/11/2006 04:10 PM]
“LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [05/12/2006 11:55 PM]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [19/02/2006 03:41 AM]
“NGServer”=“C:\Program Files\Symantec\Ghost\ngserver.exe”
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [12/07/2007 05:00 AM]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [12/01/2006 04:40 PM]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [11/05/2007 04:06 AM]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [21/09/2007 10:29 AM]
“KernelFaultCheck”=“C:\WINDOWS\system32\dumprep 0 -k”
“cctray”=“C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe” [15/10/2007 03:13 PM]
“@”=“”
“CaPPcl”=“C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe” [15/10/2007 03:13 PM]
“eTrustPPAP”=“C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPActiveDetection.exe”
“PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [18/06/2007 03:10 PM]
“Anti Dog Beep Grid”=“C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog\online each.exe”
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [06/09/2007 07:36 PM]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [09/11/2007 10:41 PM]
“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [11/06/2007 07:55 PM]
“88441475”=“C:\WINDOWS\system32\wbuwaswt.dll” [22/11/2007 05:10 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [14/10/2004 02:54 AM]
“SpyClean”=“C:\Program Files\Netcom3 Cleaner\SpyClean.exe”
“Play Tool”=“C:\DOCUME~1\user\APPLIC~1\GREYCD~1\Atom Tray.exe”

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“Nokia.PCSync”=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\user\Start Menu\Programs\Startup
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [25/01/2006 8:42:22 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 5:21:22 AM]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [9/07/2007 11:24:38 PM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [26/03/2006 11:44:08 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableRegistryTools”=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [13/03/2006 02:11 PM 233472]
“{4E78714D-2D26-4965-AECE-501024825423}”= C:\WINDOWS\SYSTEM32\JKKKLKJ.DLL [11/10/2007 10:36 AM 36352]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkklkj]
jkkklkj.dll 11/10/2007 10:36 AM 36352 C:\WINDOWS\system32\jkkklkj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
“Authentication Packages”= msv1_0 nwprovau C:\WINDOWS\system32\geede.dll

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:19 PM, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: {88af22c3-cf06-1df9-c8f4-4c7c1c9a9484} - {4849a9c1-c7c4-4f8c-9fd1-60fc3c22fa88} - C:\WINDOWS\system32\ymmterde.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {74605DD9-2871-480C-8B4B-0302A966CB92} - C:\WINDOWS\SYSTEM32\AWTQN.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {99DE9A8F-2E4E-4781-86C6-F2A2B25C24B6} - C:\WINDOWS\system32\qdfsssjj.dll (file missing)
O2 - BHO: (no name) - {99E41A24-6F7C-4531-A4B5-EAD6F371473B} - C:\Program Files\MSN Gaming Zone\holemunyz4444.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: (no name) - {CD726424-B9CD-4C34-9DC9-152C67761FDE} - C:\Program Files\MSN Gaming Zone\holemunyz83122.dll (file missing)
O2 - BHO: (no name) - {EA959CC3-D52A-4388-3B87-985A96131158} - C:\Program Files\Windows NT\lawug.dll (file missing)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM..\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [cctray] “C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe”
O4 - HKLM..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup
O4 - HKLM..\Run: [eTrustPPAP] “C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPActiveDetection.exe”
O4 - HKLM..\Run: [

PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM..\Run: [Anti Dog Beep Grid] C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog\online each.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM..\Run: [88441475] rundll32.exe “C:\WINDOWS\system32\ushfylcr.dll”,b
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe
O4 - HKCU..\Run: [Play Tool] C:\DOCUME~1\user\APPLIC~1\GREYCD~1\Atom Tray.exe
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm103YYAU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?75916c03fbbc4eeb82ca20dbc53ebe48
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?75916c03fbbc4eeb82ca20dbc53ebe48
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.westnet.com.au
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkklkj - C:\WINDOWS\SYSTEM32\jkkklkj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - (no file)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

–
End of file - 12175 bytes

Sorry, Oldman it was the only way I could get it to post. I don’t know what I’m doing wrong with my attachments not posting. Anyhow, I need to log off. That was a draining lot of logs and posts etc. I hope you can make something of it. By the was my PC is running pretty good!!! THanks again Honeyk :-* :-* :-*

Good. Now to try to hold on to the progress you have made.

Turn on windows firewall

Click start, control panel, open the security center, click on the firewall and change the setting to on.

We’re going to do a little registry repair and get you fitted with a decent firewall. Tonight we’ll get rid of the rest of the critters.

Download ERUNT from

http://www.larshederer.homepage.t-online.de/erunt/

and backup your registry

Now for the fix

REGISTRY FIX

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
“Authentication Packages”=hex(7):6d,73,76,31,5f,30,00,00

Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
Make sure that in the top box Save in is set to desktop
This will create a fix.reg file on your desktop
http://img127.imageshack.us/img127/433/regtg8.jpg

To use this file you will need to right click the icon and select merge, accept the warning if it appears and the reg fix is done.

Clean out some old restore points.

Create a new restore point

You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point

Remove old restore points

Disk Cleanup

• Go to Start - All Programs - Accessories, Launch the Disk Cleanup tool let it run. When it finishes a box with tabs will appear, select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.

Get a firewall

A discussion on free firewalls can be found here.

http://forum.avast.com/index.php?topic=30808.0

They’ll all do the job, but zone alarm free is limited in user configuarability, so I’d pass one that one. Comodo is being used by many forum users with xp. It’s easy to set up and has a good help file.

It can be downloaded from

http://filehippo.com/download_comodo/

and a setup video tutorial here

http://forums.comodo.com/frequently_asked_questions_faq_for_comodo_firewall/noob_install_video_guide-t4766.0.html

Check out the link to the discussion and please install one, it will help keep the bad guys out while we finish this.(I only mention the two firewalls above because it is the only 2 that I have any experience with.)

Regardless of which one you go with, the following avast components need internet access.

avast.setup
ashwebsrv.exe
ashmaisrv.exe

Please try to limit your internet activity to a bare minimum, you a still very vulnerable.

Please post a new DSS log in your next reply. There will only be a main text this time.

We’ll see you tonight. 8)

Again any problems or questions, post back. Copy and paste is fine, we’ll work on attaching after.

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:47 PM, on 24/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Windows Desktop Search\wds_sl.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: {88af22c3-cf06-1df9-c8f4-4c7c1c9a9484} - {4849a9c1-c7c4-4f8c-9fd1-60fc3c22fa88} - C:\WINDOWS\system32\ymmterde.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {74605DD9-2871-480C-8B4B-0302A966CB92} - C:\WINDOWS\SYSTEM32\AWTQN.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {99DE9A8F-2E4E-4781-86C6-F2A2B25C24B6} - C:\WINDOWS\system32\qdfsssjj.dll (file missing)
O2 - BHO: (no name) - {99E41A24-6F7C-4531-A4B5-EAD6F371473B} - C:\Program Files\MSN Gaming Zone\holemunyz4444.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: (no name) - {CD726424-B9CD-4C34-9DC9-152C67761FDE} - C:\Program Files\MSN Gaming Zone\holemunyz83122.dll (file missing)
O2 - BHO: (no name) - {EA959CC3-D52A-4388-3B87-985A96131158} - C:\Program Files\Windows NT\lawug.dll (file missing)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM..\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [cctray] “C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe”
O4 - HKLM..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup
O4 - HKLM..\Run: [eTrustPPAP] “C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPActiveDetection.exe”
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM..\Run: [Anti Dog Beep Grid] C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog\online each.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM..\Run: [88441475] rundll32.exe “C:\WINDOWS\system32\ushfylcr.dll”,b
O4 - HKLM..\Run: [COMODO Firewall Pro] “C:\Program Files\COMODO\Firewall\cfp.exe” -s
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe
O4 - HKCU..\Run: [Play Tool] C:\DOCUME~1\user\APPLIC~1\GREYCD~1\Atom Tray.exe
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\C