After my daughter had been using my machine I was plagued by popups on Desktop asking me to subscribe to Antivirus2008, slowing the machine to a crawl.

I immediately did a check using ad-aware, deleting all the infected items.

I then did the same using AVG.

Now when booting it appears there are major problems with the registry, I still am getting popups from "performanceOptimizer.com" asking for a subscription to their service to clear things up.

The machine is now very 'twitchy' and slows down to an interminable crawl at increasingly more frequent intervals. Also during booting up a request box opens asking if I wish to install a screensaver, to which I always choose 'cancel' as I suspect this is where the problem arose from in the first place. (I think my daughter may have downloaded something nasty without my permission)

I am a relative beginner when it comes to the technical side of computers so I would be exceptionally gratefull for any help you can offer me.

Thanks. [Ross]

Logs are as follows:

Deckard's System Scanner v20071014.68
Run by The Allans on 2008-08-16 23:26:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-08-16 22:26:20 UTC - RP2 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as The Allans.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:30:1589, on 16/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Common Files\AOL\1113474842\ee\AOLHostManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Silvercrest OM1007 driver\KMWDSrv.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Silvercrest OM1007 driver\StartAutorun.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Silvercrest OM1007 driver\KMConfig.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Silvercrest OM1007 driver\KMProcess.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Program Files\PC Optimizer Trial\trayicon.exe
J:\Programs\PeerGuardian2\pg2.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\The Allans\Desktop\SmitfraudFix\Policies.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Documents and Settings\The Allans\Desktop\dss.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\DOCUME~1\THEALL~1\Desktop\The Allans.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Sky.com - Home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Live Search:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search - Web Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Web Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = GameSpot:Video Games PC PlayStation 2 Xbox 360 Wii PS3 GameCube PSP DS GBA PS2 PlayStation 3
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=???
?
F3 - REG:win.ini: run=???
?
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {b5b1a236-84f8-8f9a-5074-911b2298d611} - {116d8922-b119-4705-a9f8-8f48632a1b5b} - C:\WINDOWS\system32\hytpyy.dll
O2 - BHO: (no name) - {40087877-AE96-4465-9966-7626FCCC2ADA} - C:\WINDOWS\system32\urqRKCTM.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {661778F7-CDDA-4611-99B0-43245C7E971D} - C:\WINDOWS\system32\ddcBRiIa.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {96588d6d-b684-4cb2-b743-bdff7b562db5} - C:\WINDOWS\system32\bbkgnh.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1113474842\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Silvercrest OM1007 driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [10e39126] rundll32.exe "C:\WINDOWS\system32\uxcjyemc.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC_OPT] C:\Program Files\PC Optimizer Trial\trayicon.exe
O4 - HKCU\..\Run: [PeerGuardian] J:\Programs\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [98613] C:\WINDOWS/98613.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BT Broadband Desktop Help.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer with Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Sky.com - Home (file missing)
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21170c6d...p/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1195832005718
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - Kodak EasyShare Gallery Error Page
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\Resources\IntraLaunch.CAB
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbde...ivePreQual.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - AppInit_DLLs: xmxcog.dll hytpyy.dll
O20 - Winlogon Notify: ddcBRiIa - C:\WINDOWS\SYSTEM32\ddcBRiIa.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Silvercrest OM1007 driver\KMWDSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - http://i3.ebayimg.com/01/i/02/0b/04/6b_1.JPG
O24 - Desktop Component 2: PC-Aquarium Deluxe - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 16071 bytes

-- File Associations -----------------------------------------------------------

.scr - scrfile - shell\open\command - %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; Elaborate Bytes; CloneCD>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes; CDRTools>
R3 KMWDFilter - c:\windows\system32\drivers\kmwdfilter.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
R3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 pgfilter - j:\programs\peerguardian2\pgfilter.sys
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S1 Cdrdrv - c:\windows\system32\drivers\cdrdrv.sys (file missing)
S1 vobiw - c:\windows\system32\drivers\vobiw.sys (file missing)
S2 ADILOADER (General Purpose USB Driver (adildr.sys)) - c:\windows\system32\drivers\adildr.sys (file missing)
S3 adiusbaw (USB ADSL WAN Adapter) - c:\windows\system32\drivers\adiusbaw.sys (file missing)
S3 BTNDIS (SmartM - Bluetooth PAN Driver) - c:\windows\system32\drivers\btndis.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\packet.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 ##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 KMWDSERVICE (Keyboard And Mouse Communication Service) - c:\program files\silvercrest om1007 driver\kmwdsrv.exe <Not Verified; UASSOFT.COM; Keyboard And Mouse Communication Service>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Conexant HSF V92 56K PCI Modem
Device ID: PCI\VEN_14F1&DEV_2F00&SUBSYS_8D8913E0&REV_01\3&61A AA01&0&50
Manufacturer: Conexant
Name: Conexant HSF V92 56K PCI Modem
PNP Device ID: PCI\VEN_14F1&DEV_2F00&SUBSYS_8D8913E0&REV_01\3&61A AA01&0&50
Service: Modem


-- Scheduled Tasks -------------------------------------------------------------

2008-08-16 21:28:06 396 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-08-14 08:26:00 330 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-08-07 19:21:10 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-16 and 2008-08-16 -----------------------------

2008-08-16 20:14:21 98688 --a----c- C:\WINDOWS\system32\uxcjyemc.dll
2008-08-16 20:11:22 131328 --a----c- C:\WINDOWS\system32\mbaifufq.dll
2008-08-16 20:11:22 131328 --a------ C:\WINDOWS\system32\hytpyy.dll
2008-08-15 13:28:00 131328 --a------ C:\WINDOWS\system32\xmxcog.dll
2008-08-15 13:28:00 131328 --a----c- C:\WINDOWS\system32\mktouxxp.dll
2008-08-15 09:01:29 0 d------c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Application Data\AVG7
2008-08-15 07:11:06 0 d------c- C:\Program Files\uTorrent
2008-08-15 06:59:06 0 d------c- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-15 06:58:43 0 d------c- C:\Program Files\Enigma Software Group
2008-08-15 06:36:47 0 d------c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Application Data\Mozilla
2008-08-15 06:35:05 0 d------c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Application Data\Adobe
2008-08-15 06:35:04 0 dr-h---c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Application Data
2008-08-15 06:35:04 0 d------c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Application Data\Sun
2008-08-15 06:35:04 0 d---s--c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Application Data\Microsoft
2008-08-15 06:35:04 0 d------c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Application Data\InterTrust
2008-08-15 06:35:04 0 d------c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Application Data\Identities
2008-08-15 06:35:03 0 dr-----c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Favorites
2008-08-15 06:35:03 0 d------c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Desktop
2008-08-15 06:35:03 0 d---s--c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Cookies
2008-08-15 06:35:02 0 d------c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\WINDOWS
2008-08-15 06:35:02 0 d--h---c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Templates
2008-08-15 06:35:02 0 dr-----c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Start Menu
2008-08-15 06:35:02 0 dr-h---c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\SendTo
2008-08-15 06:35:02 0 dr-h---c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Recent
2008-08-15 06:35:02 0 d--h---c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\PrintHood
2008-08-15 06:35:02 786432 --ah----- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\NTUSER.DAT
2008-08-15 06:35:02 0 d--h---c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\NetHood
2008-08-15 06:35:02 0 dr-----c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\My Documents
2008-08-15 06:35:02 0 d--h---c- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Local Settings
2008-08-15 06:27:14 0 dr-h---c- C:\Documents and Settings\The Allans\Recent
2008-08-15 03:47:01 120448 --a----c- C:\WINDOWS\system32\ucgdxggo.dll
2008-08-15 03:47:01 120448 --a------ C:\WINDOWS\system32\bbkgnh.dll
2008-08-15 03:45:35 546411 --ahs---- C:\WINDOWS\system32\MTCKRqru.ini2
2008-08-15 03:45:28 323328 --a------ C:\WINDOWS\system32\urqRKCTM.dll
2008-08-15 03:40:17 34688 --a------ C:\WINDOWS\system32\rqRlkHYQ.dll
2008-08-15 03:40:15 34688 --a------ C:\WINDOWS\system32\ddcBRiIa.dll
2008-08-15 01:39:17 43698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-08-13 21:56:00 0 d------c- C:\Documents and Settings\The Allans\Application Data\Media Player Classic
2008-08-12 01:38:35 0 d------c- C:\Documents and Settings\The Allans\Application Data\Nero
2008-08-12 01:32:01 0 d------c- C:\Program Files\Nero
2008-08-12 01:32:01 0 d-------- C:\Program Files\Common Files\Nero
2008-08-12 01:32:01 0 d------c- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-11 21:12:36 0 d------c- C:\Program Files\Gabest
2008-08-10 01:25:50 0 d------c- C:\Program Files\Bonjour
2008-08-10 01:05:23 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-09 23:06:24 0 d------c- C:\Documents and Settings\The Allans\Application Data\Screenshot Studio Files
2008-08-07 10:05:24 0 d------c- C:\Documents and Settings\All Users\Application Data\Screenshot Studio
2008-08-06 15:14:43 0 d------c- C:\Documents and Settings\The Allans\Application Data\FireShot
2008-08-06 15:14:43 0 d--hs--c- C:\Documents and Settings\All Users\Application Data\System Restore
2008-08-06 13:43:23 0 d------c- C:\Documents and Settings\All Users\Application Data\TomTom
2008-08-06 13:43:05 0 d------c- C:\Documents and Settings\The Allans\Application Data\InstallShield
2008-08-06 13:42:54 0 d------c- C:\Program Files\Intuwave
2008-08-05 23:35:25 332 --a------ C:\WINDOWS\desctemp.dat


-- Find3M Report ---------------------------------------------------------------

2008-08-16 23:25:55 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-08-16 23:03:49 0 d------c- C:\Documents and Settings\The Allans\Application Data\AVG7
2008-08-16 22:41:28 0 d------c- C:\Program Files\Paint Shop Pro 5
2008-08-16 21:29:58 0 d------c- C:\Documents and Settings\The Allans\Application Data\WTablet
2008-08-15 07:35:55 0 d------c- C:\Documents and Settings\The Allans\Application Data\uTorrent
2008-08-15 03:06:01 576 --a----c- C:\Documents and Settings\The Allans\Application Data\AutoGK.ini
2008-08-15 01:39:06 0 d-------- C:\Program Files\AviSynth 2.5
2008-08-14 13:09:31 0 d------c- C:\Documents and Settings\The Allans\Application Data\U3
2008-08-13 22:38:07 134 --a----c- C:\Documents and Settings\The Allans\Application Data\default.pls
2008-08-12 01:32:01 0 d-------- C:\Program Files\Common Files
2008-08-12 01:20:14 0 d-------- C:\Program Files\Ahead
2008-08-12 01:18:47 0 d-------- C:\Program Files\Common Files\Ahead
2008-08-10 11:52:33 0 d-------- C:\Program Files\DVD Decrypter
2008-08-10 10:57:58 0 d------c- C:\Documents and Settings\The Allans\Application Data\Adobe
2008-08-10 01:57:47 0 d------c- C:\Program Files\Microsoft AutoRoute Express GB 2000
2008-08-10 01:25:43 0 d-------- C:\Program Files\Common Files\Adobe
2008-08-07 09:14:32 0 d-------- C:\Program Files\Google
2008-08-06 15:06:06 0 d------c- C:\Program Files\Windows Media Connect 2
2008-08-06 15:06:04 0 d-------- C:\Program Files\DivX
2008-08-06 13:43:39 0 d------c- C:\Program Files\Last.fm
2008-08-06 13:43:08 0 d------c- C:\Program Files\TomTom HOME
2008-08-06 08:57:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-02 10:26:55 0 d-------- C:\Program Files\Java
2008-07-03 08:38:05 0 d-------- C:\Program Files\Lavasoft
2008-07-03 08:36:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-25 12:19:27 0 d------c- C:\Documents and Settings\The Allans\Application Data\Opera
2008-06-24 12:15:07 0 d------c- C:\Documents and Settings\The Allans\Application Data\Mozilla
2008-06-13 14:02:41 733727 --a------ C:\WINDOWS\76140.exe
2008-05-16 09:45:03 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{116d8922-b119-4705-a9f8-8f48632a1b5b}]
16/08/2008 20:11 131328 --a------ C:\WINDOWS\system32\hytpyy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40087877-AE96-4465-9966-7626FCCC2ADA}]
15/08/2008 03:45 323328 --a------ C:\WINDOWS\system32\urqRKCTM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{661778F7-CDDA-4611-99B0-43245C7E971D}]
15/08/2008 03:40 34688 --a------ C:\WINDOWS\system32\ddcBRiIa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96588d6d-b684-4cb2-b743-bdff7b562db5}]
15/08/2008 03:47 120448 --a------ C:\WINDOWS\system32\bbkgnh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"@"="" []
"VTTimer"="VTTimer.exe" [02/10/2003 20:05 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [23/09/2003 09:09 C:\WINDOWS\SOUNDMAN.EXE]
"Disk Monitor"="C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [18/06/2003 10:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCh eck.exe" [28/02/2003 16:46]
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [15/04/2008 13:17]
"HostManager"="C:\Program Files\Common Files\AOL\1113474842\ee\AOLHostManager.exe" [02/08/2005 23:26]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [12/07/2005 15:35]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [27/07/2004 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [27/07/2004 16:50]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [16/08/2005 18:16]
"Nokia Tray Application"="C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [10/02/2003 15:30]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 08:56 C:\WINDOWS\system32\bthprops.cpl]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.ex e" [21/07/2006 17:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 23:46]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [06/12/2001 13:09]
"CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [15/04/2002 09:12]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [30/11/2006 11:51]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 17:17]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [31/08/2006 17:01]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [29/06/2007 06:24]
"KMCONFIG"="C:\Program Files\Silvercrest OM1007 driver\StartAutorun.exe" [06/03/2007 14:51]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [07/08/2007 01:05]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [26/05/2007 21:21]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [19/06/2008 09:53]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/06/2008 09:31]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [10/06/2008 12:29]
"InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [10/06/2008 12:29]
"10e39126"="C:\WINDOWS\system32\uxcjyemc.dll" [16/08/2008 20:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"PC_OPT"="C:\Program Files\PC Optimizer Trial\trayicon.exe" [27/01/2006 13:53]
"PeerGuardian"="J:\Programs\PeerGuardian2\pg2. exe" [18/09/2005 18:40]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [24/06/2008 16:06]
"98613"="C:\WINDOWS/98613.exe" [23/03/2008 12:04]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\The Allans\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [25/06/2007 23:35:24]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoFavoritesMenu"=00000000
"NoFind"=00000000
"NoRun"=00000000
"NoLogOff"=00000000
"NoClose"=00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{661778F7-CDDA-4611-99B0-43245C7E971D}"= C:\WINDOWS\system32\ddcBRiIa.dll [15/08/2008 03:40 34688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdpco.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcBRiIa]
ddcBRiIa.dll 15/08/2008 03:40 34688 C:\WINDOWS\system32\ddcBRiIa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=xmxcog.dll hytpyy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqRKCTM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCSuiteForNokia6600 Detect.lnk]
backup=C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCSuiteForNokia6600 TS.lnk]
backup=C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME\TomTomHOME.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{34a5ae7e-d16c-11dc-b525-000a9416c560}]
AutoRun\command- L:\LaunchU3.exe -a

*Newly Created Service* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AB072FA3-300A-7D69-0336-3392B7DFCDF5}]
C:\WINDOWS\MSN\svchost.exe s



-- End of Deckard's System Scanner: finished at 2008-08-16 23:33:17 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 2400+
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 703.48 MiB / 357.46 MiB
Pagefile Memory (total/avail): 2226.7 MiB / 426.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.65 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.27 GiB total, 17.83 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Fixed (NTFS) - 465.76 GiB total, 378.65 GiB free.
K: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400EB-00CPF0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:

\\.\PHYSICALDRIVE1 - IC USB Storage-CFC USB Device

\\.\PHYSICALDRIVE3 - IC USB Storage-MMC USB Device

\\.\PHYSICALDRIVE4 - IC USB Storage-MSC USB Device

\\.\PHYSICALDRIVE2 - IC USB Storage-SMC USB Device

\\.\PHYSICALDRIVE5 - Maxtor 3200 USB Device - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.76 GiB - J:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"="C:\\Progra m Files\\Real\\RealPlayer\\RealPlay.exe:*isabled:R ealPlayer"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btd ownloadgui"
"C:\\Program Files\\KaZaA Lite\\Kazaa.exe"="C:\\Program Files\\KaZaA Lite\\Kazaa.exe:*isabled:KaZaA Lite"
"C:\\Program Files\\KAZAA LITE TOOLS K++\\KazaaLite.kpp"="C:\\Program Files\\KAZAA LITE TOOLS K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\SmartM\\BlueOpal\\Utilities\\BlueTray.exe"= "C:\\Program Files\\SmartM\\BlueOpal\\Utilities\\BlueTray.exe:* :Enabled:BTSystemTrayApp"
"C:\\Program Files\\mobile PhoneTools\\mPhonetools.exe"="C:\\Program Files\\mobile PhoneTools\\mPhonetools.exe:*:Enabled:Mobile Phone Software"
"C:\\Program Files\\Common Files\\AOL\\1113474842\\EE\\AOLServiceHost.exe"="C :\\Program Files\\Common Files\\AOL\\1113474842\\EE\\AOLServiceHost.exe:*:E nabled:AOL"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"D:\\fscommand\\Vividas.exe"="D:\\fscommand\\Vivid as.exe:*isabled:Vividas Player"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Prog ram Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled: Bluetooth Application"
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Enabled:Yah oo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
"C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRu ntime.exe"="C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRu ntime.exe:*:Enabled:mRouterRuntime"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:E nabled:LimeWire swarmed installer"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\ WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*isabled: TrueVector Service"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BT Broadband Desktop Help\\bin\\BTHelpBrowser.exe"="C:\\Program Files\\BT Broadband Desktop Help\\bin\\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help Browser"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM"
"C:\\Program Files\\SymplisIT\\DriverMagic\\DriverMagic.exe"="C :\\Program Files\\SymplisIT\\DriverMagic\\DriverMagic.exe:*:E nabledriverMagic Utilities"
"C:\\Documents and Settings\\The Allans\\My Documents\\Shared Folder\\3DUCPool\\coolpool.exe"="C:\\Documents and Settings\\The Allans\\My Documents\\Shared Folder\\3DUCPool\\coolpool.exe:*isabled:Cool Pool."
"C:\\Program Files\\BT Broadband Desktop Help\\SmartBridge\\BTHelpNotifier.exe"="C:\\Progra m Files\\BT Broadband Desktop Help\\SmartBridge\\BTHelpNotifier.exe:*:Enabled:BT HelpNotifier Module"
"C:\\Program Files\\BT Broadband 210\\Help\\SmartBridge\\BTHelpNotifier.exe"="C:\\P rogram Files\\BT Broadband 210\\Help\\SmartBridge\\BTHelpNotifier.exe:*:Enabl ed:BTHelpNotifier Module"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Documents and Settings\\The Allans\\Application Data\\U3\\000016783773F7D2\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\skype.exe"="C:\\Documents and Settings\\The Allans\\Application Data\\U3\\000016783773F7D2\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer .exe:*:Enabled:Windows Explorer"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\sys tem32\\ftp.exe:*:Enabled:File Transfer Protocol"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\The Allans\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OEM-YUHE5L757QR
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\The Allans
LOGONSERVER=\\OEM-YUHE5L757QR
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYS TEM32\WBEM;C:\PROGRAM FILES\SONIC\MYDVD;C:\PROGRA~1\COMMON~1\SONICS~1\;C :\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime Alternative\QTSystem\;V5.00;C:\WINDOWS\LHSP;C:\Pro gram Files\Common Files\Nero\Lib\;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\THEALL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\THEALL~1\LOCALS~1\Temp
USERDOMAIN=OEM-YUHE5L757QR
USERNAME=The Allans
USERPROFILE=C:\Documents and Settings\The Allans
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

The Allans (admin)
Administrator.OEM-YUHE5L757QR (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> %

Hi... Welcome to PCHF.

Forum Rules require that HJT logs must be analyzed by experienced Security Team Analysts. This is for your protection... and to give you our best service.

Our Security Team is always very busy-- and as we live all over the Earth...
Time-Zones are also an important factor.

Your patience is greatly appreciated.

Thank You

Looks like you have picked up a few nasties..


Please download Malwarebytes' Anti-Malware from one of these places:

|MG| Malwarebytes Anti-Malware 1.24

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


==============================================


Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

First of all I would like to thank you for your ridiculously quick response to my request .. top service.

Now, I have progressed through the steps outlined in your previous post resulting in this log:

ComboFix 08-08-16.01 - The Allans 2008-08-17 10:42:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.259 [GMT 1:00]
Running from: C:\Documents and Settings\The Allans\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\The Allans\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
C:\WINDOWS\76140.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\gmglsmpf.ini
C:\WINDOWS\system32\mktouxxp.dll
C:\WINDOWS\system32\uxcjyemc.dll
C:\WINDOWS\system32\xmxcog.dll
C:\WINDOWS\system32\yxwpjesn.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))
.

2008-08-17 10:06 . 2008-08-17 10:06 <DIR> d----c--- C:\Documents and Settings\The Allans\Application Data\Malwarebytes
2008-08-17 10:05 . 2008-08-17 10:06 <DIR> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-17 10:05 . 2008-08-17 10:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-17 10:05 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-17 10:05 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 23:25 . 2008-08-16 23:25 <DIR> d----c--- C:\Deckard
2008-08-15 09:01 . 2008-08-15 09:01 <DIR> d----c--- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Application Data\AVG7
2008-08-15 07:11 . 2008-08-15 07:11 <DIR> d----c--- C:\Program Files\uTorrent
2008-08-15 06:59 . 2008-08-15 06:59 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-15 06:58 . 2008-08-15 06:58 <DIR> d----c--- C:\Program Files\Enigma Software Group
2008-08-15 06:35 . 2003-12-29 13:31 <DIR> d----c--- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\WINDOWS
2008-08-15 06:35 . 2003-12-29 13:32 <DIR> d----c--- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR\Application Data\InterTrust
2008-08-15 06:35 . 2008-08-15 06:35 <DIR> d----c--- C:\Documents and Settings\Administrator.OEM-YUHE5L757QR
2008-08-15 01:39 . 2008-08-15 01:39 43,698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-08-13 22:06 . 2008-08-15 02:31 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-13 21:56 . 2008-08-13 21:57 <DIR> d----c--- C:\Documents and Settings\The Allans\Application Data\Media Player Classic
2008-08-12 01:38 . 2008-08-12 01:38 <DIR> d----c--- C:\Documents and Settings\The Allans\Application Data\Nero
2008-08-12 01:32 . 2008-08-12 01:32 <DIR> d----c--- C:\Program Files\Nero
2008-08-12 01:32 . 2008-08-12 01:36 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-08-12 01:32 . 2008-08-12 01:32 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-11 21:12 . 2008-08-11 21:12 <DIR> d----c--- C:\Program Files\Gabest
2008-08-10 01:25 . 2008-08-10 10:58 <DIR> d----c--- C:\Program Files\Bonjour
2008-08-10 01:05 . 2008-08-10 01:05 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-09 23:06 . 2008-08-09 23:06 <DIR> d----c--- C:\Documents and Settings\The Allans\Application Data\Screenshot Studio Files
2008-08-07 10:05 . 2008-08-09 23:02 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Screenshot Studio
2008-08-06 15:14 . 2008-08-06 15:15 <DIR> d----c--- C:\Documents and Settings\The Allans\Application Data\FireShot
2008-08-06 15:14 . 2008-08-06 15:14 <DIR> d--hsc--- C:\Documents and Settings\All Users\Application Data\System Restore
2008-08-06 13:43 . 2008-08-06 13:43 <DIR> d----c--- C:\Documents and Settings\The Allans\Application Data\InstallShield
2008-08-06 13:43 . 2008-08-06 13:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\TomTom
2008-08-06 13:42 . 2008-08-06 13:42 <DIR> d----c--- C:\Program Files\Intuwave
2008-08-05 23:35 . 2008-08-05 23:35 332 --a------ C:\WINDOWS\desctemp.dat
2008-07-28 12:37 . 2008-07-28 12:37 45 --a------ C:\WINDOWS\system32\initdebug.nfo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-17 09:53 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-08-17 09:50 --------- dc----w C:\Documents and Settings\The Allans\Application Data\WTablet
2008-08-17 08:54 177,664 ----a-w C:\WINDOWS\Internet Logs\xDB178.tmp
2008-08-17 02:17 5,955,072 ----a-w C:\WINDOWS\Internet Logs\xDB176.tmp
2008-08-17 02:17 5,955,072 ----a-w C:\WINDOWS\Internet Logs\xDB175.tmp
2008-08-16 22:03 --------- dc----w C:\Documents and Settings\The Allans\Application Data\AVG7
2008-08-16 21:41 --------- dc----w C:\Program Files\Paint Shop Pro 5
2008-08-15 08:02 --------- dc----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-08-15 07:54 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-15 06:35 --------- dc----w C:\Documents and Settings\The Allans\Application Data\uTorrent
2008-08-15 04:43 172,544 ----a-w C:\WINDOWS\Internet Logs\xDB177.tmp
2008-08-15 03:40 5,863,936 ----a-w C:\WINDOWS\Internet Logs\xDB174.tmp
2008-08-15 00:39 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-14 12:09 --------- dc----w C:\Documents and Settings\The Allans\Application Data\U3
2008-08-12 01:46 1,024,000 ----a-w C:\WINDOWS\Internet Logs\xDB173.tmp
2008-08-12 01:24 5,819,392 ----a-w C:\WINDOWS\Internet Logs\xDB172.tmp
2008-08-12 00:20 --------- d-----w C:\Program Files\Ahead
2008-08-12 00:18 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-10 10:52 --------- d-----w C:\Program Files\DVD Decrypter
2008-08-10 01:22 --------- dc----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-10 00:57 --------- dc----w C:\Program Files\Microsoft AutoRoute Express GB 2000
2008-08-10 00:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-07 10:55 5,767,168 ----a-w C:\WINDOWS\Internet Logs\xDB171.tmp
2008-08-07 08:14 --------- d-----w C:\Program Files\Google
2008-08-06 14:06 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-08-06 14:06 --------- d-----w C:\Program Files\DivX
2008-08-06 12:43 --------- dc----w C:\Program Files\TomTom HOME
2008-08-06 12:43 --------- dc----w C:\Program Files\Last.fm
2008-08-06 07:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-04 10:56 350,720 ----a-w C:\WINDOWS\Internet Logs\xDB170.tmp
2008-08-03 17:22 5,757,440 ----a-w C:\WINDOWS\Internet Logs\xDB16E.tmp
2008-08-02 16:07 233,472 ----a-w C:\WINDOWS\Internet Logs\xDB16F.tmp
2008-08-02 15:34 1,492,992 ----a-w C:\WINDOWS\Internet Logs\xDB16C.tmp
2008-08-02 15:19 5,756,928 ----a-w C:\WINDOWS\Internet Logs\xDB16D.tmp
2008-08-02 15:19 5,756,928 ----a-w C:\WINDOWS\Internet Logs\xDB16B.tmp
2008-08-02 14:55 1,950,720 ----a-w C:\WINDOWS\Internet Logs\xDB16A.tmp
2008-08-02 09:49 5,756,928 ----a-w C:\WINDOWS\Internet Logs\xDB169.tmp
2008-08-02 09:26 --------- d-----w C:\Program Files\Java
2008-07-20 08:09 81,408 ----a-w C:\WINDOWS\Internet Logs\xDB168.tmp
2008-07-19 19:26 5,719,552 ----a-w C:\WINDOWS\Internet Logs\xDB167.tmp
2008-07-18 16:23 898,048 ----a-w C:\WINDOWS\Internet Logs\xDB166.tmp
2008-07-17 14:10 5,719,552 ----a-w C:\WINDOWS\Internet Logs\xDB165.tmp
2008-07-11 07:03 913,408 ----a-w C:\WINDOWS\Internet Logs\xDB164.tmp
2008-07-10 18:40 5,714,432 ----a-w C:\WINDOWS\Internet Logs\xDB163.tmp
2008-07-04 08:35 141,824 ----a-w C:\WINDOWS\Internet Logs\xDB162.tmp
2008-07-03 19:47 5,704,192 ----a-w C:\WINDOWS\Internet Logs\xDB161.tmp
2008-07-03 07:39 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-03 07:38 --------- d-----w C:\Program Files\Lavasoft
2008-07-03 07:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-27 09:15 187,904 ----a-w C:\WINDOWS\Internet Logs\xDB160.tmp
2008-06-26 13:27 5,695,488 ----a-w C:\WINDOWS\Internet Logs\xDB15F.tmp
2008-06-24 15:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-18 22:14 299,520 ----a-w C:\WINDOWS\Internet Logs\xDB15E.tmp
2008-06-18 09:22 5,679,104 ----a-w C:\WINDOWS\Internet Logs\xDB15D.tmp
2008-06-10 11:29 238,888 ----a-w C:\WINDOWS\NuNInst.exe
2008-06-06 13:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-06-06 13:54 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-06-02 10:05 610,304 ----a-w C:\WINDOWS\Internet Logs\xDB15C.tmp
2008-05-30 12:38 5,660,672 ----a-w C:\WINDOWS\Internet Logs\xDB15B.tmp
2008-02-11 12:53 31,368 -c--a-w C:\Documents and Settings\The Allans\Application Data\GDIPFONTCACHEV1.DAT
2007-03-17 06:00 35,979 -c--a-w C:\Program Files\Photoshop CS3 Read Me.html
2006-11-27 08:20 359,112 -c--a-w C:\Program Files\LimeWireWin.exe
2006-04-29 07:39 2,216,187 -c--a-w C:\Program Files\pco_trial.exe
2004-08-04 07:56 25,030 -c-h--w C:\Documents and Settings\The Allans\Application Data\system.dat
1999-03-26 14:09 2,739,206 -c--a-w C:\Program Files\matrix.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\NB HShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-06-10 12:29 97064 --a--c--- C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"PC_OPT"="C:\Program Files\PC Optimizer Trial\trayicon.exe" [2006-01-27 13:53 63488]
"PeerGuardian"="J:\Programs\PeerGuardian2\pg2. exe" [2005-09-18 18:40 1421824]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 16:06 1840424]
"98613"="C:\WINDOWS/98613.exe" [2008-03-23 12:04 4009114]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Disk Monitor"="C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 10:57 466944]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCh eck.exe" [2003-02-28 16:46 393216]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [2008-04-15 13:17 579584]
"HostManager"="C:\Program Files\Common Files\AOL\1113474842\ee\AOLHostManager.exe" [2005-08-02 23:26 159832]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 15:35 473928]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2005-08-16 18:16 690176]
"Nokia Tray Application"="C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [2003-02-10 15:30 425984]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.ex e" [2006-07-21 17:19 129536]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 13:09 45056]
"CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-04-15 09:12 57344]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-11-30 11:51 935936]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-08-31 17:01 448040]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2007-06-29 06:24 286720]
"KMCONFIG"="C:\Program Files\Silvercrest OM1007 driver\StartAutorun.exe" [2007-03-06 14:51 212992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05 200704]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-05-26 21:21 936960]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [2008-06-10 12:29 2049320]
"InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [2008-06-10 12:29 1083176]
"VTTimer"="VTTimer.exe" [2003-10-02 20:05 36864 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-09-23 09:09 57344 C:\WINDOWS\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:56 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw. exe" [2007-10-23 14:19 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 08:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\The Allans\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-25 23:35:24 106496]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoFavoritesMenu"= 00000000
"NoFind"= 00000000
"NoRun"= 00000000
"NoLogOff"= 00000000
"NoClose"= 00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xmxcog.dll hytpyy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.I420"= i420vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCSuiteForNokia6600 Detect.lnk]
backup=C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCSuiteForNokia6600 TS.lnk]
backup=C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a--c--- 2007-03-14 16:52 3770024 C:\Program Files\TomTom HOME\TomTomHOME.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\Program Files\\mobile PhoneTools\\mPhonetools.exe"=
"C:\\Program Files\\Common Files\\AOL\\1113474842\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRu ntime.exe"=
"C:\\StubInstaller.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BT Broadband Desktop Help\\bin\\BTHelpBrowser.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Documents and Settings\\The Allans\\My Documents\\Shared Folder\\3DUCPool\\coolpool.exe"=
"C:\\Program Files\\BT Broadband Desktop Help\\SmartBridge\\BTHelpNotifier.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"60801:TCP"= 60801:TCP:utorrent

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cine msup.sys [2003-12-19 02:00]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Silvercrest OM1007 driver\KMWDSrv.exe [2007-06-16 09:30]
R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-06-10 12:29]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilte r.sys [2006-02-14 13:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-02-14 13:19]
S1 Cdrdrv;Cdrdrv;C:\WINDOWS\System32\Drivers\Cdrdrv.s ys []
S1 vobiw;vobiw;C:\WINDOWS\System32\Drivers\vobIW.sys []
S3 BTNDIS;SmartM - Bluetooth PAN Driver;C:\WINDOWS\system32\DRIVERS\btndis.sys []
S3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_ BSC2.sys [2002-07-08 19:32]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{34a5ae7e-d16c-11dc-b525-000a9416c560}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

*Newly Created Service* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AB072FA3-300A-7D69-0336-3392B7DFCDF5}]
C:\WINDOWS\MSN\svchost.exe s
.
Contents of the 'Scheduled Tasks' folder

2008-08-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]

2008-08-17 C:\WINDOWS\Tasks\RegCure Program Check.job
- J:\Programs\RegCure.exe [2007-08-02 09:20]

2008-08-14 C:\WINDOWS\Tasks\RegCure.job
- J:\Programs\RegCure.exe [2007-08-02 09:20]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - (no file)
HKLM-Run-WildTangent CDA - C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\The Allans\Application Data\Mozilla\Firefox\Profiles\k8hkhrq8.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - J:\Programs\opera\program\plugins\npdsplay.dll
FF -: plugin - J:\Programs\opera\program\plugins\npwmsdrm.dll


************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 10:53:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\Program Files\Mozilla Firefox\firefox.exe [1672] 0x830A5990

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\AOL\1113474842\EE\AOLServiceHost.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Silvercrest OM1007 driver\KMCONFIG.exe
C:\Program Files\Common Files\AOL\1113474842\EE\AOLServiceHost.exe
C:\Program Files\Silvercrest OM1007 driver\KMProcess.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
.
************************************************** ************************
.
Completion time: 2008-08-17 11:10:07 - machine was rebooted [The Allans]
ComboFix-quarantined-files.txt 2008-08-17 10:09:29

Pre-Run: 19,415,842,816 bytes free
Post-Run: 19,424,612,352 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

323


-------------------------------------------------------------------------

The machine appears to be more stable but still asks me to install the screensaver during the bootup procedure.

Also I am continually requested to run the Microsoft XP Boot Recovery Console application your instructions told me to download .. when I do this it asks me to back-up to 6 floppy discs.

Is this normal?

Once again, the machine appears to be a lot more stable with just one or two minor issues left hanging on so I can only thank you for your help so far and hope you can resolve these niggling issues remaining.

Yours Appreciatively .. Ross.

Update to last post:

After normal use for around an hour or so 'Vista antivirus 2008' pop ups have reappeared and all the previous problems have re-occurred.

Any help as to what to do next will be gratefully received.

Pancake was not done yet-- some of these things take several scans/removals to get all the bad stuff.
Follow Pancake's instructions and you'll be fine.

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*



I need the MalwareBytes results and a new HJT log please.