Dear Forum members,

First of all I sincerely apologize for using the lame title to my prior posting. It was my first time using this forum, I really didn’t know it was wrong to request help on the title line. It won’t happen again :)))

On to my possessed computer: All the websites I go to show an “Error on page” message at the bottom left. Most important, I cannot seem to be able to check for Microsoft updates. I have downloaded and used most spyware programs I can think of. I was able to remove quite a few worms, spyware, Trojans, etc. My antivirus is up to date but I also tried to get an on-line scan by the programs suggested on these forums and none of them work, they simply don’t allow me to get it done.

When I try to run the “Windows Defender” It gives me a message that says “Application failed to initialize: 0x800106ba A problem caused Windows Defender service stop”
I also found over 900 MB of unknown files in my “download”, “shared” and “incomplete” folders. I have done a lot of cleaning but I just can get this PC to work properly.
After reading some of the posts here I have done additional things to my computer.

I downloaded, installed and am currently running Zone Alarm.
I also run CCleaner, but only deleted things I felt confident about, so things such as in the “System” folders I did not touch.
When I try to set a system restore, I get a blank window. It seems that nothing associated with Microsoft updates is working.
Also I should mention that when I restart my computer it sets itself back to March 2007.
When I start the internet Explorer I always get a second page which opens up to random websites.
When I go to IE/ Help/About I get a window that states “An error has occurred in the script on this page", the descriptions (line, char, error, etc) are all blank; in order to close this little message window I must click on the X about 50 times.

Here is my Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:00 AM, on 3/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\RegistrySmart\RegistrySmart.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BM43626ac2] Rundll32.exe "C:\WINDOWS\system32\jbshxlis.dll",s
O4 - HKLM\..\Run: [4051595e] rundll32.exe "C:\WINDOWS\system32\ummrbxoj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [skeysw] skeysw.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1200211951812
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/...ows-i586-jc.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 8231 bytes

Hey Tigrita,

IMPORTANT! You have a backdoor trojan on your computer that allows an attacker to access your computer from a remote area! It then sends information such as credit card numbers, passwords, account details and other personal information back to the attacker. I would strongly advise you to alert your bank or any other organizations required IMMEDIATELY and change your private information if you have used the Internet for commercial or business matters, this is urgent, as important information may have already been leaked out!

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

[*]Close all other windows before proceeding.
[*]Double-click on dss.exe and follow the prompts.
[*]When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Go!

~Ltangel~

Dear Ltangel,
Thank you for taking your time to help me, I really appreciate it :)
Please look at the files you requested :

MAIN.TXT

Deckard's System Scanner v20071014.68
Run by Betty on 2008-03-21 11:17:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
123: 2008-03-21 10:13:35 UTC - RP123 - Deckard's System Scanner Restore Point
122: 2008-03-21 09:52:50 UTC - RP122 - System Checkpoint
121: 2008-03-20 09:33:57 UTC - RP121 - System Checkpoint
120: 2007-03-19 16:58:51 UTC - RP120 - Installed Windows XP Windows Script.
119: 2008-03-19 13:46:27 UTC - RP119 - Installed Windows Defender


-- First Restore Point --
1: 2008-03-17 22:42:21 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Betty.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:59 AM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Betty\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Betty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {b5ba26ee-84b5-b7f9-6014-75ceb49c2427} - {7242c94b-ec57-4106-9f7b-5b48ee62ab5b} - C:\WINDOWS\system32\jhoywbcp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {85A611CA-CA0F-469B-8220-B70221A545BB} - C:\WINDOWS\system32\qomlmjg.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B0489F2A-DC6B-4B2F-B673-883177BB6D27} - C:\WINDOWS\system32\ssttq.dll
O2 - BHO: (no name) - {F7981234-6B88-40E7-BEA5-F6BB90E9BCBA} - C:\WINDOWS\system32\ssttt.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4051595e] rundll32.exe "C:\WINDOWS\system32\qjemygns.dll",b
O4 - HKLM\..\Run: [BM43626ac2] Rundll32.exe "C:\WINDOWS\system32\queqwnqa.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1200211951812
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/...ows-i586-jc.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: nnnkklj - nnnkklj.dll (file missing)
O20 - Winlogon Notify: qomlmjg - C:\WINDOWS\SYSTEM32\qomlmjg.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 8610 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080320-191448-121 O4 - HKLM\..\Run: [4051595e] rundll32.exe "C:\WINDOWS\system32\ettglcyy.dll",b
backup-20080320-191448-153 O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
backup-20080320-191448-331 O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
backup-20080320-191448-420 O4 - HKCU\..\Policies\Explorer\Run: [skeysw] skeysw.exe
backup-20080320-191448-516 O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
backup-20080320-191448-619 O4 - Global Startup: AutorunsDisabled
backup-20080320-191448-873 O4 - HKLM\..\Run: [BM43626ac2] Rundll32.exe "C:\WINDOWS\system32\mloiotut.dll",s
backup-20080320-191448-956 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
backup-20080320-191452-306 O15 - Trusted Zone: http://www.msi.com.tw
backup-20080320-191452-551 O15 - Trusted Zone: http://global.msi.com.tw
backup-20080320-191452-558 O15 - Trusted Zone: http://asia.msi.com.tw
backup-20080320-191452-566 O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-03-20 03:30:05 426 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job


-- Files created between 2008-02-21 and 2008-03-21 -----------------------------

2008-03-20 23:37:59 92736 --a------ C:\WINDOWS\system32\jopmvjyw.dll
2008-03-20 23:31:59 91200 --a------ C:\WINDOWS\system32\srwwmsur.dll
2008-03-20 23:30:06 91200 --a------ C:\WINDOWS\system32\iugxyleu.dll
2008-03-20 23:29:59 92736 --a------ C:\WINDOWS\system32\hsohfiyr.dll
2008-03-20 22:19:59 91200 --a------ C:\WINDOWS\system32\jyxpmjqg.dll
2008-03-20 22:17:06 92736 --a------ C:\WINDOWS\system32\dlatpvwx.dll
2008-03-20 22:17:01 91200 --a------ C:\WINDOWS\system32\rkoecert.dll
2008-03-20 20:09:44 87104 --a------ C:\WINDOWS\system32\qjemygns.dll
2008-03-20 20:07:30 91712 --a------ C:\WINDOWS\system32\jhoywbcp.dll
2008-03-20 20:07:25 89664 --a------ C:\WINDOWS\system32\queqwnqa.dll
2008-03-20 20:06:43 170892 --ahs---- C:\WINDOWS\system32\qttss.ini2
2008-03-20 20:06:42 290816 --a------ C:\WINDOWS\system32\ssttq.dll
2008-03-20 19:41:50 0 d-------- C:\VundoFix Backups
2008-03-20 18:50:42 0 d-------- C:\!KillBox
2008-03-20 16:42:53 0 dr-h----- C:\Documents and Settings\Betty\Recent
2008-03-20 09:44:35 93248 -----n--- C:\WINDOWS\system32\jncixdct.dll
2008-03-19 17:11:52 93248 --a------ C:\WINDOWS\system32\tcrgeidd.dll
2008-03-19 17:11:45 90688 --a------ C:\WINDOWS\system32\ovxyjgoi.dll
2008-03-19 17:11:04 175733 --ahs---- C:\WINDOWS\system32\tttss.ini2
2008-03-19 15:11:02 0 d-------- C:\Program Files\Trend Micro
2008-03-19 15:04:00 0 d-------- C:\WINDOWS\Internet Logs
2008-03-19 14:46:29 0 d-------- C:\Program Files\Windows Defender
2008-03-19 13:37:58 0 d-------- C:\Program Files\NoAdware5.0
2008-03-19 10:22:10 0 d-------- C:\Documents and Settings\Betty\Application Data\RegistrySmart
2008-03-19 10:21:59 0 d-------- C:\Program Files\RegistrySmart
2008-03-19 09:31:05 0 d-------- C:\Documents and Settings\Betty\Application Data\Sammsoft
2008-03-19 09:31:00 0 d-------- C:\Program Files\Advanced Registry Optimizer
2008-03-19 08:58:07 92736 --a------ C:\WINDOWS\system32\gqrfbruy.dll
2008-03-19 08:57:59 91200 --a------ C:\WINDOWS\system32\qfirsehw.dll
2008-03-19 08:06:35 92736 --a------ C:\WINDOWS\system32\dbsxfits.dll
2008-03-19 08:06:29 91200 --a------ C:\WINDOWS\system32\emqmxtgy.dll
2008-03-19 07:29:44 92736 --a------ C:\WINDOWS\system32\apldkejn.dll
2008-03-19 07:26:44 91200 --a------ C:\WINDOWS\system32\kemwjfcb.dll
2008-03-18 23:49:58 91200 --a------ C:\WINDOWS\system32\bmoxpgnu.dll
2008-03-18 16:11:31 92736 --a------ C:\WINDOWS\system32\femeyuxf.dll
2008-03-18 16:06:27 91200 --a------ C:\WINDOWS\system32\kqbdtktw.dll
2008-03-18 12:00:04 92736 --a------ C:\WINDOWS\system32\tiuccqxu.dll
2008-03-18 11:58:07 91200 --a------ C:\WINDOWS\system32\omnmbqkg.dll
2008-03-18 11:45:07 92736 --a------ C:\WINDOWS\system32\xjhywfub.dll
2008-03-18 11:44:56 91200 --a------ C:\WINDOWS\system32\lqwfskhw.dll
2008-03-17 23:42:11 169561 --ahs---- C:\WINDOWS\system32\hjkmp.ini2
2008-03-17 13:29:11 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-17 12:45:56 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-17 12:45:56 0 d-------- C:\Documents and Settings\Betty\Application Data\Vso
2008-03-17 12:45:56 47360 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-17 12:45:51 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-03-17 12:45:51 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-03-17 12:45:51 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-03-17 12:45:51 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-03-17 12:45:51 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-03-17 12:45:49 0 d-------- C:\Program Files\VSO
2008-03-17 12:42:29 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-03-17 12:42:20 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-17 09:07:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-17 08:36:45 0 d-------- C:\Program Files\Elaborate Bytes
2008-03-17 08:36:16 0 d-------- C:\Program Files\SlySoft
2008-03-16 13:16:08 0 d-------- C:\Documents and Settings\Betty\Application Data\BitTorrent
2008-03-16 13:16:01 0 d-------- C:\Program Files\DNA
2008-03-16 13:16:01 0 d-------- C:\Program Files\BitTorrent
2008-03-16 13:16:01 0 d-------- C:\Documents and Settings\Betty\Application Data\DNA
2008-03-13 13:40:48 0 d-------- C:\Documents and Settings\Betty\Application Data\Help
2008-03-13 13:36:47 0 d-------- C:\Program Files\mIRC
2008-03-13 13:32:13 0 d-------- C:\IRCap
2008-03-11 11:42:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-03 18:38:20 0 d-------- C:\Documents and Settings\Betty\Application Data\vlc
2008-03-03 18:37:16 0 d-------- C:\Program Files\VideoLAN


-- Find3M Report ---------------------------------------------------------------

2008-03-18 17:51:11 0 d-------- C:\Program Files\Java
2008-03-18 11:48:49 668 --a------ C:\Documents and Settings\Betty\Application Data\vso_ts_preview.xml
2008-03-18 06:45:04 0 d-------- C:\Documents and Settings\Betty\Application Data\LimeWire
2008-03-17 12:46:00 34 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.log
2008-03-17 12:45:56 1144 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.inf
2008-03-17 12:45:56 7887 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.cat
2008-03-17 09:55:28 0 d-------- C:\Documents and Settings\Betty\Application Data\Ahead
2008-02-18 14:29:06 0 d-------- C:\Program Files\Common Files\Logishrd
2008-02-18 14:28:58 0 d-------- C:\Program Files\Common Files\Logitech
2008-02-18 14:28:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-18 14:28:42 0 d-------- C:\Program Files\Common Files
2008-02-18 14:28:37 0 d-------- C:\Documents and Settings\Betty\Application Data\InstallShield
2008-02-18 14:25:28 0 d-------- C:\Program Files\Online Services
2008-02-18 14:25:19 0 d-------- C:\Program Files\Windows NT
2008-02-14 11:54:13 0 d-------- C:\Documents and Settings\Betty\Application Data\Apple Computer
2008-02-12 13:09:42 0 d-------- C:\Program Files\Easy Duplicate Finder
2008-02-08 15:52:19 0 d-------- C:\Program Files\iTunes
2008-02-08 15:52:12 0 d-------- C:\Program Files\iPod
2008-02-08 15:51:54 0 d-------- C:\Program Files\Bonjour
2008-02-08 15:51:50 0 d-------- C:\Program Files\QuickTime
2008-02-08 15:51:26 0 d-------- C:\Program Files\Apple Software Update
2008-02-08 15:51:12 0 d-------- C:\Program Files\Common Files\Apple
2008-02-06 13:49:00 17920 --a------ C:\WINDOWS\WebFerretUninstall.exe
2008-02-06 13:49:00 8192 --a------ C:\WINDOWS\system32\NetFerret.dll
2008-02-06 13:49:00 0 d-------- C:\Program Files\WebFerret
2008-01-31 12:22:39 0 d-------- C:\Documents and Settings\Betty\Application Data\Canon
2008-01-28 15:35:50 0 d-------- C:\Documents and Settings\Betty\Application Data\Lavasoft
2008-01-28 15:35:38 0 d-------- C:\Program Files\Lavasoft
2008-01-28 13:34:45 0 d-------- C:\Program Files\eMule
2008-01-28 12:00:42 0 d-------- C:\Documents and Settings\Betty\Application Data\Real
2008-01-28 11:37:22 0 d-------- C:\Program Files\Common Files\xing shared
2008-01-28 11:37:21 0 d-------- C:\Program Files\Real
2008-01-28 11:37:16 0 d-------- C:\Program Files\Common Files\Real
2008-01-27 03:00:31 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-27 03:00:28 0 d-------- C:\Program Files\MSXML 4.0
2008-01-26 11:18:20 0 d-------- C:\Documents and Settings\Betty\Application Data\Jasc
2008-01-25 17:09:41 0 d-------- C:\Documents and Settings\Betty\Application Data\ScanSoft
2008-01-25 17:09:37 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-01-25 17:09:36 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-25 17:09:17 0 d-------- C:\Program Files\ScanSoft
2008-01-25 17:00:36 0 d-------- C:\Program Files\Canon
2008-01-25 16:59:29 0 d-------- C:\Program Files\Common Files\CANON
2008-01-25 16:56:54 0 d--h----- C:\Program Files\CanonBJ
2008-01-25 08:22:22 0 d-------- C:\Documents and Settings\Betty\Application Data\WinRAR
2008-01-23 11:31:27 0 d-------- C:\Documents and Settings\Betty\Application Data\Sun
2008-01-16 19:15:35 27210 --a------ C:\Documents and Settings\Betty\Application Data\Personal Address Book.ADR
2008-01-16 04:21:22 38439 --a------ C:\Documents and Settings\Betty\Application Data\Comma Separated Values (Windows).ADR
2007-12-21 23:53:35 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-12-21 22:24:23 21640 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2007-12-21 14:14:42 62 --ahs---- C:\Documents and Settings\Betty\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7242c94b-ec57-4106-9f7b-5b48ee62ab5b}]
03/20/2008 08:07 PM 91712 --a------ C:\WINDOWS\system32\jhoywbcp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85A611CA-CA0F-469B-8220-B70221A545BB}]
03/19/2007 01:01 PM 39424 --------- C:\WINDOWS\system32\qomlmjg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0489F2A-DC6B-4B2F-B673-883177BB6D27}]
03/20/2008 08:06 PM 290816 --a------ C:\WINDOWS\system32\ssttq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7981234-6B88-40E7-BEA5-F6BB90E9BCBA}]
C:\WINDOWS\system32\ssttt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [04/29/2006 04:36 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 02:00 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/07/2007 05:00 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/28/2008 11:37 AM]
"4051595e"="C:\WINDOWS\system32\qjemygns.dll" [03/20/2008 08:09 PM]
"BM43626ac2"="C:\WINDOWS\system32\queqwnqa.dll" [03/20/2008 08:07 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [07/27/2007 01:00 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2/18/2008 2:28:55 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{85A611CA-CA0F-469B-8220-B70221A545BB}"= C:\WINDOWS\system32\qomlmjg.dll [03/19/2007 01:01 PM 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 11/15/2007 10:10 AM 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkklj]
nnnkklj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomlmjg]
qomlmjg.dll 03/19/2007 01:01 PM 39424 C:\WINDOWS\system32\qomlmjg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssttq.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4051595e]
rundll32.exe "C:\WINDOWS\system32\aacgptld.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM43626ac2]
Rundll32.exe "C:\WINDOWS\system32\vopgebir.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
C:\Program Files\RegistrySmart\RegistrySmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-03-21 11:18:34 ------------

EXTRA.TXT


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
CPU 1: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 2047.23 MiB / 1580.03 MiB
Pagefile Memory (total/avail): 3943.72 MiB / 3613.48 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1946.85 MiB

C: is Fixed (NTFS) - 147.03 GiB total, 126.44 GiB free.
D: is Fixed (NTFS) - 225.58 GiB total, 194.48 GiB free.
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
Y: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HD403LJ - 372.61 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 147.03 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 225.58 GiB - D:

\\.\PHYSICALDRIVE5 - Canon MP610 series USB Device

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.408.000 (Check Point, LTD.)
AV: avast! antivirus 4.7.1098 [VPS 080321-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"\\\\TIGRITA\\d\\Installation Programs After 09-07\\Emule-Unzipped\\eMule0.48a\\emule.exe"="\\\\TIGRITA\\d\\Installation Programs After 09-07\\Emule-Unzipped\\eMule0.48a\\emule.exe:*:Enabled:emule.exe"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\WebFerret\\WebFerret.exe"="C:\\Program Files\\WebFerret\\WebFerret.exe:*:Enabled:WebFerret 6.0"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Macky\\mirc32.exe"="C:\\Macky\\mirc32.exe:*:Enabled:mIRC Internet Relay Chat Client"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"\\\\TIGRITA\\d\\Macky\\mirc.exe"="\\\\TIGRITA\\d\\Macky\\mirc.exe:*:Enabled:mirc.exe"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Betty\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TIGRITAS-NEW-PC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Betty
LOGONSERVER=\\TIGRITAS-NEW-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Betty\LOCALS~1\Temp
TMP=C:\DOCUME~1\Betty\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=TIGRITAS-NEW-PC
USERNAME=Betty
USERPROFILE=C:\Documents and Settings\Betty
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Betty (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 7.0.9 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Advanced Registry Optimizer --> "C:\Program Files\Advanced Registry Optimizer\unins000.exe" /silent
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP610 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series /L0x0009
Canon MP610 series User Registration --> C:\Program Files\Canon\IJEREG\MP610 series\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX --> C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
ConvertXtoDVD 3.0.0.1 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
Easy Duplicate Finder v. 1.5.1 --> "C:\Program Files\Easy Duplicate Finder\unins000.exe"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iPod for Windows 2005-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iTunes --> MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LimeWire PRO 4.10.0 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Script 5.7 --> "C:\WINDOWS\$NtUninstallscripten$\spuninst\spuninst.exe"
mIRC --> "C:\Documents and Settings\Betty\My Documents\Macky\mirc.exe" -uninstall
Nero 7 Essentials --> MsiExec.exe /X{B28B351F-1232-46EA-85EF-B8EA91641033}
NoAdware v5.0 --> "C:\Program Files\NoAdware5.0\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RegistrySmart --> MsiExec.exe /X{9716B4F1-AFD8-4162-B99F-708F39009E73}
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
ScanSoft OmniPage SE 4 --> MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VoipBuster --> "C:\Program Files\VoipBuster.com\VoipBuster\unins000.exe"
WebFerret --> C:\WINDOWS\WebFerretUninstall.exe C:\Program Files\WebFerret
Windows Defender --> MsiExec.exe /I{CAB99E06-B92F-4AE0-89AD-D9AC5991046F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2460 / Error
Event Submitted/Written: 03/21/2008 11:16:48 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00011639.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type2459 / Error
Event Submitted/Written: 03/21/2008 11:14:46 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f83.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type2457 / Error
Event Submitted/Written: 03/21/2008 07:52:31 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2449 / Error
Event Submitted/Written: 03/20/2008 07:30:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ahijackthis.exe, version 2.0.0.2, faulting module ssttt.dll, version 0.0.0.0, fault address 0x00061bf3.
Processing media-specific event for [ahijackthis.exe!ws!]

Event Record #/Type2448 / Error
Event Submitted/Written: 03/20/2008 07:28:13 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hijackthis.exe, version 2.0.0.2, faulting module ssttt.dll, version 0.0.0.0, fault address 0x00061bf3.
Processing media-specific event for [hijackthis.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2956 / Warning
Event Submitted/Written: 03/21/2008 07:51:34 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0019DBB06964. The IP address being used is 169.254.213.254.

Event Record #/Type2955 / Warning
Event Submitted/Written: 03/21/2008 07:51:28 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0019DBB06964. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type2954 / Warning
Event Submitted/Written: 03/21/2008 07:51:00 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0019DBB06964. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type2933 / Warning
Event Submitted/Written: 03/21/2008 07:49:08 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0019DBB06964. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type2865 / Warning
Event Submitted/Written: 03/20/2008 04:09:54 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0019DBB06964. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-03-21 11:18:34 ------------

Hey Tigrita,

Thanks for posting the logs required, please be patient while I review the logs. Meanwhile, please do not download anything or visit any other sites other than the forums here. Also, please do not attempt to fix anything with HijackThis.

Thanks for your understanding. :)

~Ltangel~

Hey Tigrita

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

[*]Please, never rename Combofix unless instructed.
[*]Close any open browsers.
[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
[*]Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------


[*]Close any open browsers.
[*]WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
[*]Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[*]If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------
[*]Double click on combofix.exe & follow the prompts.
[*]When finished, it will produce a report for you.
[*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Go!

~Ltangel~

Dear Ltangel:
As instructed, here are the logs:

ComboFix 08-03-20.5 - Betty 2008-03-21 12:56:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1643 [GMT 1:00]
Running from: C:\Documents and Settings\Betty\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Betty\Application Data\inst.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\apldkejn.dll
C:\WINDOWS\system32\bmoxpgnu.dll
C:\WINDOWS\system32\dbsxfits.dll
C:\WINDOWS\system32\dlatpvwx.dll
C:\WINDOWS\system32\emqmxtgy.dll
C:\WINDOWS\system32\femeyuxf.dll
C:\WINDOWS\system32\gqrfbruy.dll
C:\WINDOWS\system32\hsohfiyr.dll
C:\WINDOWS\system32\iugxyleu.dll
C:\WINDOWS\system32\jhoywbcp.dll
C:\WINDOWS\system32\jncixdct.dll
C:\WINDOWS\system32\jopmvjyw.dll
C:\WINDOWS\system32\jyxpmjqg.dll
C:\WINDOWS\system32\kemwjfcb.dll
C:\WINDOWS\system32\kqbdtktw.dll
C:\WINDOWS\system32\ksanophs.dll
C:\WINDOWS\system32\lqwfskhw.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\omnmbqkg.dll
C:\WINDOWS\system32\ovxyjgoi.dll
C:\WINDOWS\system32\qfirsehw.dll
C:\WINDOWS\system32\qjemygns.dll
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini2
C:\WINDOWS\system32\queqwnqa.dll
C:\WINDOWS\system32\rkoecert.dll
C:\WINDOWS\system32\sngymejq.ini
C:\WINDOWS\system32\srwwmsur.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\tcrgeidd.dll
C:\WINDOWS\system32\tiuccqxu.dll
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.ini2
C:\WINDOWS\system32\xjhywfub.dll
C:\WINDOWS\system32\yjoqkafc.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-21 11:13 . 2008-03-21 11:13 <DIR> d-------- C:\Deckard
2008-03-20 23:34 . 2008-03-18 23:48 1,526,077 ---hs---- C:\WINDOWS\system32\pbptwjie.ini
2008-03-20 23:30 . 2008-03-20 23:30 354 ---hs---- C:\WINDOWS\system32\tyslcunr.ini
2008-03-20 22:23 . 2008-03-20 22:23 294 ---hs---- C:\WINDOWS\system32\vtnigbmw.ini
2008-03-20 19:41 . 2008-03-20 19:53 <DIR> d-------- C:\VundoFix Backups
2008-03-20 09:41 . 2008-03-20 17:46 1,540,176 ---hs---- C:\WINDOWS\system32\yyclgtte.ini
2008-03-19 17:12 . 2007-03-19 17:20 1,534,825 ---hs---- C:\WINDOWS\system32\fxwodjpi.ini
2008-03-19 15:11 . 2008-03-19 15:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-19 15:04 . 2008-03-21 12:05 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-19 15:04 . 2008-03-19 15:04 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-19 14:46 . 2008-03-19 14:46 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-19 13:37 . 2008-03-19 14:20 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-03-19 11:05 . 2007-03-19 11:30 <DIR> d-------- C:\SDFix
2008-03-19 10:22 . 2008-03-19 10:22 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\RegistrySmart
2008-03-19 10:21 . 2008-03-19 10:22 <DIR> d-------- C:\Program Files\RegistrySmart
2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Sammsoft
2008-03-19 09:00 . 2007-03-19 11:10 1,525,531 ---hs---- C:\WINDOWS\system32\tkdulbpy.ini
2008-03-19 08:08 . 2008-03-19 08:57 1,525,099 ---hs---- C:\WINDOWS\system32\uytajghn.ini
2008-03-19 07:27 . 2008-03-19 08:05 1,524,664 ---hs---- C:\WINDOWS\system32\caabjwjs.ini
2008-03-18 23:50 . 2007-03-19 07:14 1,526,197 ---hs---- C:\WINDOWS\system32\ostcxxlp.ini
2008-03-18 16:08 . 2007-03-18 17:59 1,521,492 ---hs---- C:\WINDOWS\system32\xhartsjb.ini
2008-03-18 12:00 . 2008-03-18 12:00 1,390,596 ---hs---- C:\WINDOWS\system32\bijctraq.ini
2008-03-17 23:42 . 2007-03-19 12:29 169,561 --ahs---- C:\WINDOWS\system32\hjkmp.ini2
2008-03-17 13:29 . 2008-03-17 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-17 12:45 . 2008-03-17 12:45 <DIR> d-------- C:\Program Files\VSO
2008-03-17 12:45 . 2008-03-18 11:48 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Vso
2008-03-17 12:45 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-03-17 12:45 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-03-17 12:45 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-03-17 12:45 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-03-17 12:45 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-03-17 12:45 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-03-17 12:45 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.sys
2008-03-17 12:42 . 2008-03-19 17:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-17 12:42 . 2008-03-17 12:47 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-03-17 09:51 . 2007-03-19 12:33 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-17 09:08 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-03-17 09:07 . 2008-03-17 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\SlySoft
2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-03-16 13:16 . 2008-03-16 13:16 <DIR> d-------- C:\Program Files\DNA
2008-03-16 13:16 . 2008-03-16 13:16 <DIR> d-------- C:\Program Files\BitTorrent
2008-03-16 13:16 . 2008-03-20 19:06 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\DNA
2008-03-16 13:16 . 2008-03-16 22:12 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\BitTorrent
2008-03-13 13:36 . 2008-03-21 11:06 <DIR> d-------- C:\Program Files\mIRC
2008-03-13 13:32 . 2008-03-13 14:05 <DIR> d-------- C:\IRCap
2008-03-11 11:42 . 2008-03-11 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-03 18:38 . 2008-03-03 18:38 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\vlc
2008-03-03 18:37 . 2008-03-03 18:37 <DIR> d-------- C:\Program Files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 12:02 438,304 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-21 12:01 7,208 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-18 16:51 --------- d-----w C:\Program Files\Java
2008-03-18 05:45 --------- d-----w C:\Documents and Settings\Betty\Application Data\LimeWire
2008-03-17 13:42 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-03-17 13:42 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-17 13:42 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-17 08:55 --------- d-----w C:\Documents and Settings\Betty\Application Data\Ahead
2008-02-18 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-02-18 13:29 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-02-18 13:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 13:28 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-18 13:28 --------- d-----w C:\Documents and Settings\Betty\Application Data\InstallShield
2008-02-14 10:54 --------- d-----w C:\Documents and Settings\Betty\Application Data\Apple Computer
2008-02-12 12:09 --------- d-----w C:\Program Files\Easy Duplicate Finder
2008-02-08 14:52 --------- d-----w C:\Program Files\iTunes
2008-02-08 14:52 --------- d-----w C:\Program Files\iPod
2008-02-08 14:51 --------- d-----w C:\Program Files\QuickTime
2008-02-08 14:51 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-08 14:51 --------- d-----w C:\Program Files\Bonjour
2008-02-08 14:51 --------- d-----w C:\Program Files\Apple Software Update
2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-08 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-06 12:49 17,920 ----a-w C:\WINDOWS\WebFerretUninstall.exe
2008-02-06 12:49 --------- d-----w C:\Program Files\WebFerret
2008-01-31 11:22 --------- d-----w C:\Documents and Settings\Betty\Application Data\Canon
2008-01-28 14:35 --------- d-----w C:\Program Files\Lavasoft
2008-01-28 14:35 --------- d-----w C:\Documents and Settings\Betty\Application Data\Lavasoft
2008-01-28 12:34 --------- d-----w C:\Program Files\eMule
2008-01-28 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-28 10:37 --------- d-----w C:\Program Files\Real
2008-01-28 10:37 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-28 10:37 --------- d-----w C:\Program Files\Common Files\Real
2008-01-27 02:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-27 02:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-26 10:18 --------- d-----w C:\Documents and Settings\Betty\Application Data\Jasc
2008-01-25 16:09 --------- d-----w C:\Program Files\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\Betty\Application Data\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-25 16:00 --------- d-----w C:\Program Files\Canon
2008-01-25 15:59 --------- d-----w C:\Program Files\Common Files\CANON
2008-01-25 15:57 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-01-25 15:56 --------- d--h--w C:\Program Files\CanonBJ
2008-01-16 02:04 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-12-21 22:53 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-03-19 11:29 169,561 --sha-w C:\WINDOWS\system32\hjkmp.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85A611CA-CA0F-469B-8220-B70221A545BB}]
2007-03-19 13:01 39424 --------- C:\WINDOWS\system32\qomlmjg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7981234-6B88-40E7-BEA5-F6BB90E9BCBA}]
C:\WINDOWS\system32\ssttt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-04-29 04:36 208896]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 05:00 8523776]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14 919016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 11:37 185896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-18 14:28:55 784912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{85A611CA-CA0F-469B-8220-B70221A545BB}"= C:\WINDOWS\system32\qomlmjg.dll [2007-03-19 13:01 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkklj]
nnnkklj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomlmjg]
qomlmjg.dll 2007-03-19 13:01 39424 C:\WINDOWS\system32\qomlmjg.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4051595e]
C:\WINDOWS\system32\aacgptld.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 20:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-03-17 08:37 454144 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
--a------ 2007-07-23 09:34 2084480 C:\Program Files\Advanced Registry Optimizer\ARO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-24 03:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM43626ac2]
--a------ 2007-03-19 17:21 90688 C:\WINDOWS\system32\vopgebir.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-04-03 17:50 1603152 C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-05-14 17:01 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 14:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-13 00:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-11-07 05:00 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
--a------ 2008-03-14 15:09 4351216 C:\Program Files\RegistrySmart\RegistrySmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-28 11:37 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-02-10 16:27 1420560 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)