Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nfected With Vundu/virtumonde


  • This topic is locked This topic is locked
8 replies to this topic

#1 itaylort

itaylort

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 05 April 2008 - 06:41 AM

I seem to be infected with the Vundu/ virtumonde virus. My PC keeps getting pop us in ie7 and the cookie control will moveitself to min no matter how many times i put it up to max.
I have tried to remove them as per the preperation guides and i thought i had suceeded but the pop up has just come up again, so guess not.
Here are thelog files that DSS has created.


Deckard's System Scanner v20071014.68
Run by ian on 2008-04-05 12:25:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
114: 2008-04-05 11:25:39 UTC - RP346 - Deckard's System Scanner Restore Point
113: 2008-04-05 11:01:16 UTC - RP345 - Last known good configuration
112: 2008-04-05 11:01:04 UTC - RP344 - System Checkpoint
111: 2008-04-05 11:01:03 UTC - RP343 - System Checkpoint
110: 2008-04-05 11:01:01 UTC - RP342 - System Checkpoint


-- First Restore Point --
1: 2008-04-05 11:00:21 UTC - RP233 - BricoPack Automatic Restore Point


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as ian.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:36, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS.0\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS.0\system32\TPSMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS.0\AGRSMMSG.exe
C:\WINDOWS.0\system32\igfxtray.exe
C:\WINDOWS.0\system32\TPSBattM.exe
C:\WINDOWS.0\system32\hkcmd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS.0\system32\igfxpers.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\system32\Wtablet\TabUserW.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\LeechGet 2007\LeechGet.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Documents and Settings\ian.IANS-F24742167D\Desktop\dss.exe
C:\WINDOWS.0\system32\igfxsrvc.exe
C:\DOCUME~1\IAN~1.IAN\Desktop\ian.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B1F2861-B009-450F-AFC6-7C0C198BD34C} - (no file)
O2 - BHO: (no name) - {11241072-58BB-40CE-9171-0B2BDFB22E97} - C:\WINDOWS.0\system32\byxvtrr.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {4d211749-6945-a7a9-2814-c89e8f652575} - {575256f8-e98c-4182-9a7a-5496947112d4} - C:\WINDOWS.0\system32\vsjcvhbi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {8432AB54-6096-46A7-9329-04B2B58D4DD8} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A07D75B5-F284-4212-8948-BD32E7E9943B} - C:\WINDOWS.0\system32\jkkjj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS.0\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS.0\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS.0\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS.0\system32\igfxpers.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-448539723-115176313-682003330-1005\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Girls')
O4 - HKUS\S-1-5-21-448539723-115176313-682003330-1005\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon (User 'Girls')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS.0\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.belkin.co.uk
O15 - Trusted Zone: http://www.belkin.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file:///E:/fastload_v3/software/authorware7/awswaxf.cab
O20 - Winlogon Notify: byxvtrr - C:\WINDOWS.0\SYSTEM32\byxvtrr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS.0\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15784 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PenClass (Pen Class) - c:\windows.0\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R1 SrvcSSIOMngr - c:\windows.0\system32\drivers\ssiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 TPwSav (Common Driver) - c:\windows.0\system32\drivers\tpwsav.sys <Not Verified; TOSHIBA; >
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.7.5.0) - c:\windows.0\system32\drivers\aegisp.sys <Not Verified; Cisco Systems, Inc.; AEGIS Protocol 3.7.5.0>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows.0\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 s24trans (WLAN Transport) - c:\windows.0\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows.0\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 tifm21 - c:\windows.0\system32\drivers\tifm21.sys <Not Verified; Texas Instruments; Texas Instruments PCIxx21/PCIxx12 Integrated FlashMedia Controller>
R3 Tvs (Toshiba Virtual Sound with SRS technologies) - c:\windows.0\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

S3 bkn50USB (Belkin 54Mbps Wireless USB Network Adapter) - c:\windows.0\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 NTIDrvr - c:\documents and settings\all users\start menu\programs\nti cd & dvd-maker 7\ntidrvr.sys (file missing)
S3 SE26bus (Sony Ericsson Device 038 Driver driver (WDM)) - c:\windows.0\system32\drivers\se26bus.sys <Not Verified; MCCI; Sony Ericsson Device 038 Driver>
S3 SE26mdfl (Sony Ericsson Device 038 USB WMC Modem Filter) - c:\windows.0\system32\drivers\se26mdfl.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB WMC Modem Filter Driver>
S3 SE26mdm (Sony Ericsson Device 038 USB WMC Modem Driver) - c:\windows.0\system32\drivers\se26mdm.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB WMC Data Modem>
S3 SE26mgmt (Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM)) - c:\windows.0\system32\drivers\se26mgmt.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB WMC Device Management>
S3 se26nd5 (Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS)) - c:\windows.0\system32\drivers\se26nd5.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB Ethernet Emulation>
S3 SE26obex (Sony Ericsson Device 038 USB WMC OBEX Interface) - c:\windows.0\system32\drivers\se26obex.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB WMC OBEX Interface>
S3 se26unic (Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM)) - c:\windows.0\system32\drivers\se26unic.sys <Not Verified; MCCI; Sony Ericsson Device 038 USB Ethernet Emulation>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Autodata Limited License Service - "c:\program files\common files\autodata limited shared\service\adcdlicsvc.exe" <Not Verified; Autodata Limited; Autodata Limited License Service>
R2 Belkin 54g Wireless USB Network Adapter Service (Belkin 54g Wireless USB Network Adapter) - c:\program files\belkin\belkin wireless network utility\wlservice.exe
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 TabletService - c:\windows.0\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-05 09:00:04 460 --a------ C:\WINDOWS.0\Tasks\SyncBack ians ext hard drive back up.job
2008-04-04 20:25:00 452 --a------ C:\WINDOWS.0\Tasks\SyncBackSE ians lappy docs.job
2008-04-04 20:00:00 458 --a------ C:\WINDOWS.0\Tasks\SyncBack ians lappy my docs back up.job
2008-03-31 15:54:02 284 --a------ C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-05 and 2008-04-05 -----------------------------

2008-04-05 12:02:28 89664 --a------ C:\WINDOWS.0\system32\vsjcvhbi.dll
2008-04-05 12:00:11 274515 --ahs---- C:\WINDOWS.0\system32\jjkkj.ini2
2008-04-05 12:00:05 268288 --a------ C:\WINDOWS.0\system32\jkkjj.dll
2008-04-05 11:15:23 0 d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab
2008-04-05 11:15:20 0 d-------- C:\WINDOWS.0\system32\Kaspersky Lab
2008-04-05 11:15:18 0 d-------- C:\WINDOWS.0\LastGood
2008-04-02 16:50:44 0 d-------- C:\ComboFix-1
2008-04-02 09:31:33 0 d-------- C:\VundoFix Backups
2008-04-01 16:29:35 90688 --a------ C:\WINDOWS.0\system32\vgsianaq.dll
2008-03-29 09:19:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy
2008-03-29 08:45:36 0 d-------- C:\Program Files\AdwareAlert
2008-03-28 21:48:40 0 d-------- C:\Program Files\Enigma Software Group
2008-03-28 13:46:49 262144 --a------ C:\ntuser.dat
2008-03-27 12:09:58 271256 --ahs---- C:\WINDOWS.0\system32\ycbeg.ini2
2008-03-24 14:28:41 0 d-------- C:\Program Files\MagicISO
2008-03-24 14:17:33 37888 --a------ C:\WINDOWS.0\system32\byxvtrr.dll
2008-03-24 13:57:31 0 d-------- C:\Program Files\Smart Projects
2008-03-19 08:29:23 0 d-------- C:\Documents and Settings\Girls\Application Data\Macromedia
2008-03-19 08:26:14 0 d-------- C:\Documents and Settings\Girls\Application Data\Google
2008-03-19 08:23:01 0 d-------- C:\Documents and Settings\Girls\Application Data\Teleca
2008-03-19 08:22:31 0 d-------- C:\Documents and Settings\Girls\Application Data\Sony Ericsson
2008-03-19 08:22:23 0 d-------- C:\Documents and Settings\Girls\Application Data\Nero
2008-03-19 08:22:01 0 d-------- C:\Documents and Settings\Girls\Application Data\Identities
2008-03-19 08:21:52 0 d--hs---- C:\Documents and Settings\Girls\Cookies
2008-03-19 08:21:52 0 dr-h----- C:\Documents and Settings\Girls\Application Data
2008-03-19 08:21:52 0 d---s---- C:\Documents and Settings\Girls\Application Data\Microsoft
2008-03-19 08:21:52 0 d-------- C:\Documents and Settings\Girls\Application Data\Intel
2008-03-19 08:21:52 0 d-------- C:\Documents and Settings\Girls\Application Data\Apple Computer
2008-03-19 08:21:51 0 d--h----- C:\Documents and Settings\Girls\Templates
2008-03-19 08:21:51 0 dr------- C:\Documents and Settings\Girls\Start Menu
2008-03-19 08:21:51 0 dr-h----- C:\Documents and Settings\Girls\SendTo
2008-03-19 08:21:51 0 d--hs---- C:\Documents and Settings\Girls\Recent
2008-03-19 08:21:51 0 d--h----- C:\Documents and Settings\Girls\PrintHood
2008-03-19 08:21:51 1310720 --ah----- C:\Documents and Settings\Girls\NTUSER.DAT
2008-03-19 08:21:51 0 d--h----- C:\Documents and Settings\Girls\NetHood
2008-03-19 08:21:51 0 d---s---- C:\Documents and Settings\Girls\My Documents
2008-03-19 08:21:51 0 d--h----- C:\Documents and Settings\Girls\Local Settings
2008-03-19 08:21:51 0 d---s---- C:\Documents and Settings\Girls\Favorites
2008-03-19 08:21:51 0 d-------- C:\Documents and Settings\Girls\Desktop
2008-03-09 12:53:46 0 d-------- C:\Documents and Settings\ian.IANS-F24742167D\Application Data\Symantec
2008-03-08 22:04:10 0 d-------- C:\Documents and Settings\Default User.WINDOWS.0\Application Data\Apple Computer
2008-03-08 21:43:29 0 d-------- C:\Program Files\Norton 360
2008-03-08 21:40:44 0 d-------- C:\Program Files\Symantec
2008-03-08 21:40:41 0 d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Symantec
2008-03-08 21:30:43 262144 --a------ C:\Documents and Settings\IAN~1~IAN\NTUSER.DAT
2008-03-08 21:30:43 262144 --a------ C:\Documents and Settings\ian.IANS-F24742167D.IANS-F24742167D\NTUSER.DAT
2008-03-08 21:30:41 262144 --a------ C:\Documents and Settings\All Users.WINDOWS.0\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2008-04-05 12:28:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-02 11:51:36 336 --a------ C:\WINDOWS.0\system32\Tablet.dat
2008-04-02 09:17:30 57720 --ah----- C:\WINDOWS.0\system32\mlfcache.dat
2008-03-22 10:14:48 1324 --a------ C:\WINDOWS.0\system32\d3d9caps.dat
2008-03-21 21:38:01 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-21 11:36:33 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-03-20 12:45:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 22:27:28 0 d-------- C:\Program Files\Common Files
2008-03-08 21:30:36 0 d-------- C:\Documents and Settings\ian.IANS-F24742167D\Application Data\McAfee
2008-03-06 14:35:38 0 d-------- C:\Program Files\Avanquest update
2008-03-04 17:23:52 0 d-------- C:\Documents and Settings\ian.IANS-F24742167D\Application Data\Leadertech
2008-03-04 17:06:48 0 d-------- C:\Documents and Settings\ian.IANS-F24742167D\Application Data\Adobe
2008-03-04 15:40:16 0 d-------- C:\Documents and Settings\ian.IANS-F24742167D\Application Data\Sony
2008-03-04 15:36:55 0 d-------- C:\Program Files\Sony Ericsson
2008-03-04 14:54:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-03 23:09:21 0 d-------- C:\Program Files\Movie Maker
2008-03-03 18:23:50 0 d-------- C:\Program Files\iTunes
2008-03-03 18:23:39 0 d-------- C:\Program Files\iPod
2008-03-03 18:21:34 0 d-------- C:\Program Files\QuickTime
2008-02-18 21:24:17 0 d-------- C:\Program Files\AIM6
2008-02-13 20:11:08 0 d-------- C:\Program Files\Classic Menu for Office
2008-01-28 14:06:59 9387 --a------ C:\Documents and Settings\ian.IANS-F24742167D\Application Data\Comma Separated Values (Windows).EML
2008-01-27 16:12:03 48 --a------ C:\Documents and Settings\ian.IANS-F24742167D\Application Data\ItDb.enc


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B1F2861-B009-450F-AFC6-7C0C198BD34C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11241072-58BB-40CE-9171-0B2BDFB22E97}]
24/03/2008 14:17 37888 --a------ C:\WINDOWS.0\system32\byxvtrr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{575256f8-e98c-4182-9a7a-5496947112d4}]
05/04/2008 12:02 89664 --a------ C:\WINDOWS.0\system32\vsjcvhbi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8432AB54-6096-46A7-9329-04B2B58D4DD8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A07D75B5-F284-4212-8948-BD32E7E9943B}]
05/04/2008 12:00 268288 --a------ C:\WINDOWS.0\system32\jkkjj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [01/05/2004 13:45]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [05/04/2005 16:25]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [23/03/2004 23:40]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [06/09/2005 14:04]
"@"="" []
"NDSTray.exe"="NDSTray.exe" []
"TCtryIOHook"="TCtrlIOHook.exe" [22/08/2005 16:49 C:\WINDOWS.0\system32\TCtrlIOHook.exe]
"TFncKy"="TFncKy.exe" []
"HPDJ Taskbar Utility"="C:\WINDOWS.0\system32\spool\drivers\w32x86\3\hpztsb05.exe" [24/05/2002 13:46]
"TPSMain"="TPSMain.exe" [11/08/2005 14:33 C:\WINDOWS.0\system32\TPSMain.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 17:17]
"AGRSMMSG"="AGRSMMSG.exe" [22/12/2004 02:10 C:\WINDOWS.0\agrsmmsg.exe]
"IgfxTray"="C:\WINDOWS.0\system32\igfxtray.exe" [13/01/2007 10:47]
"HotKeysCmds"="C:\WINDOWS.0\system32\hkcmd.exe" [13/01/2007 10:47]
"Persistence"="C:\WINDOWS.0\system32\igfxpers.exe" [13/01/2007 10:46]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [14/03/2007 17:52]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 09:51]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [08/10/2007 15:18]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [08/10/2007 15:13]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [15/03/2007 04:10]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 18:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [04/08/2004 12:00]
"Aim6"="" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [13/11/2006 14:39]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/08/2007 21:33]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 19:23]
"LeechGet"="" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [23/10/2007 15:18]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [20/11/2007 16:29]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 12:43]

C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS.0\system32\Wtablet\TabUserW.exe [04/12/2003 16:48:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{11241072-58BB-40CE-9171-0B2BDFB22E97}"= C:\WINDOWS.0\system32\byxvtrr.dll [24/03/2008 14:17 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxvtrr]
byxvtrr.dll 24/03/2008 14:17 37888 C:\WINDOWS.0\system32\byxvtrr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS.0\system32\jkkjj

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS.0\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2baee745-54e0-11dc-8b7f-000fb0e402e7}]
AutoRun\command- G:\Info.exe folder.htt 480 480

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-04-05 12:29:51 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.86GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 1526.42 MiB / 594.85 MiB
Pagefile Memory (total/avail): 2879.8 MiB / 2098.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1887.74 MiB

C: is Fixed (NTFS) - 59.32 GiB total, 21.32 GiB free.
D: is Fixed (NTFS) - 15.21 GiB total, 6.74 GiB free.
E: is CDROM (No Media)
H: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - TOSHIBA MK8032GSX - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 59.32 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 15.21 GiB - D:

\\.\PHYSICALDRIVE1 - Kingston DataTraveler 2.0 USB Device - 7.51 GiB - 1 partition
\PARTITION0 - Unknown - 7.52 GiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\LeechGet 2006\\LeechGet.exe"="C:\\Program Files\\LeechGet 2006\\LeechGet.exe:*:Enabled:LeechGet Download Manager"
"C:\\Program Files\\Microsoft Games\\Golf '98\\msgolf98.exe"="C:\\Program Files\\Microsoft Games\\Golf '98\\msgolf98.exe:*:Disabled:Microsoft Golf '98"
"C:\\Program Files\\LeechGet 2007\\LeechGet.exe"="C:\\Program Files\\LeechGet 2007\\LeechGet.exe:*:Enabled:LeechGet Download Manager"
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Disabled:McAfee Data Backup"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Disabled:Nero Home"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"="C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS.0
APPDATA=C:\Documents and Settings\ian.IANS-F24742167D\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=IANS-F24742167D
ComSpec=C:\WINDOWS.0\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ian.IANS-F24742167D
LOGONSERVER=\\IANS-F24742167D
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS.0\system32;C:\WINDOWS.0;C:\WINDOWS.0\System32\Wbem;C:\Program Files\IMSI\FloorPlan 3D v8\Program;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\Program Files\Common Files\Ahead\Lib\;C:\Program Files\Common Files\Ahead\Lib\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\IMSI\FloorPlan 3D v8\Program;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\Program Files\Common Files\Nero\Lib\;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS.0
TEMP=C:\DOCUME~1\IAN~1.IAN\LOCALS~1\Temp
TMP=C:\DOCUME~1\IAN~1.IAN\LOCALS~1\Temp
USERDOMAIN=IANS-F24742167D
USERNAME=ian
USERPROFILE=C:\Documents and Settings\ian.IANS-F24742167D
windir=C:\WINDOWS.0


-- User Profiles ---------------------------------------------------------------

ian.IANS-F24742167D (admin)
Girls


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS.0\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS.0\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS.0\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS.0\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS.0\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS.0\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS.0\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS.0\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced Uninstaller PRO - Version 8 --> "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\unins000.exe"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
BBC iPlayer Library --> MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
Belkin 54g USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\Setup.exe" -l0x9
Bluetooth Monitor 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61539202-097E-487E-9237-B291AB56D54C}\Setup.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Bonus --> MsiExec.exe /I{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}
CC_ccProxyExt --> MsiExec.exe /I{4AAD206E-0557-440F-8A98-94921A64BF4B}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
ccPxyCore --> MsiExec.exe /I{47A86BDE-6871-4A8A-BB49-21FAF754E00E}
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
CIB --> MsiExec.exe /I{E8176C35-0C2D-4142-9ED4-81861ECAB403}
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EA SPORTS online 2008 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
FloorPlan 3D v8 --> MsiExec.exe /I{53F6009E-756A-4D3D-A0D3-B6D4CBEDA819}
Free iPod Video Converter 1.26 --> "C:\Program Files\Free iPod Video Converter\unins000.exe"
GearDrvs --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "H:\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS.0\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp photosmart 7150 series --> rundll32 hpzcon05.dll,VendorJettison hp photosmart 7150 series
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS.0\system32\igxpun.exe -uninstall
Intel® PROSet/Wireless Software --> C:\WINDOWS.0\Installer\iProInst.exe
IsoBuster 2.3 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTeddyConverter 1.0 --> C:\Program Files\iTeddyConverter\uninst.exe
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS.0\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LeechGet 2007 Version 2.1 --> "C:\Program Files\LeechGet 2007\unins000.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Authorware 7.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69DEB2BE-5948-4C25-85A4-1C0B0A7F95CD}\Setup.exe" -l0x9 UNINSTALL
Macromedia Authorware Web Player --> C:\WINDOWS.0\system32\Macromed\AUTHORWA\UNWISE.EXE C:\WINDOWS.0\system32\Macromed\AUTHORWA\Install.log
Magic ISO Maker v5.3 (build 0221) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS.0\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS.0\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 8 Demo --> MsiExec.exe /X{88589E19-665C-4575-A4A0-CE9C43C51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 --> MsiExec.exe /I{F413B69D-4AD6-42ab-AEA5-0548989FAD50}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Add-on Pack (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}_1_1_0_38\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}.exe" /X
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4E9E-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security Bonus Pack --> MsiExec.exe /I{D4BB907A-623E-4F07-8787-041ABAE088E4}
Parental Control --> MsiExec.exe /I{66B9BD1F-4189-4f35-BD82-9948720A04CF}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Safari --> MsiExec.exe /I{0CD7D421-C850-4271-8533-0269A3D39FAA}
SD Secure Module --> MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Sony Ericsson Media Manager 1.0 --> MsiExec.exe /X{06AC45D1-CB9B-48CC-B5C8-1A55DEE26AD0}
Sony Ericsson PC Suite --> MsiExec.exe /I{26B5D684-75D6-44B9-BBFF-D4100F43092A}
Sony Ericsson PC Suite 3.108.00 --> C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0009 -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
SyncBack --> "C:\Program Files\2BrightSparks\SyncBack\unins000.exe"
Tablet --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D643A9C5-EAAA-4681-8EDE-6B3462F3ACE3} /l1033
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E18E644D-4FC1-4E7F-87B7-A0288A14A322} /l1033
Tiger Woods PGA TOUR 08 --> C:\Program Files\EA Sports\Tiger Woods PGA TOUR 08\EAUninstall.exe
TomTom HOME --> C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Hardware Setup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
TOSHIBA Hotkey Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7900D3A6-A9E8-4954-ACCB-AB15867978BF} /l1033
TOSHIBA PC Diagnostic Tool --> C:\WINDOWS.0\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver --> C:\WINDOWS.0\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS.0\system32\TPSDel.dll"
TOSHIBA SD Memory Card Format --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\setup.exe"
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Virtual Sound --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\setup.exe" /uninstall
Update for Outlook 2007 Junk Email Filter (kb947945) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E397056B-7AE5-4FF1-8B13-276BF8201847}
V1 Home 2.0 --> C:\Program Files\InstallShield Installation Information\{E75594A0-B088-4635-B4F6-99654B5DDF96}\setup.exe -runfromtemp -l0x0409
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WinAVI VideoConverter --> "C:\Program Files\WinAVI VideoConverter\unins000.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS.0\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Vista Upgrade Advisor --> MsiExec.exe /I{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type17826 / Warning
Event Submitted/Written: 03/29/2008 00:15:42 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{99052DB7-9592-4522-A558-5417BBAD48EE}', feature 'ActiveSync' failed during request for component '{AF38CF8F-2D3A-4F81-B679-EF829A63A6E7}'

Event Record #/Type17825 / Warning
Event Submitted/Written: 03/29/2008 00:15:42 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{99052DB7-9592-4522-A558-5417BBAD48EE}', feature 'ActiveSync', component '{13611E77-B9F9-43C7-85A6-1CB12FD67A1D}' failed. The resource 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows CE Services\Defname' does not exist.

Event Record #/Type17823 / Error
Event Submitted/Written: 03/29/2008 00:15:29 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Microsoft ActiveSync -- Error.No valid source could be found for product Microsoft ActiveSync. The Windows Installer cannot continue.

Event Record #/Type17821 / Warning
Event Submitted/Written: 03/29/2008 00:10:27 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{99052DB7-9592-4522-A558-5417BBAD48EE}', feature 'ActiveSync' failed during request for component '{25AE009D-012F-4A42-A341-259F0FB629A0}'

Event Record #/Type17820 / Warning
Event Submitted/Written: 03/29/2008 00:10:27 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{99052DB7-9592-4522-A558-5417BBAD48EE}', feature 'ActiveSync', component '{13611E77-B9F9-43C7-85A6-1CB12FD67A1D}' failed. The resource 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows CE Services\Defname' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type24507 / Error
Event Submitted/Written: 04/05/2008 11:56:02 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.0.3 for the Network Card with network address 00166F4FD179 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type24485 / Error
Event Submitted/Written: 04/05/2008 03:47:52 AM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Event Record #/Type24481 / Warning
Event Submitted/Written: 04/04/2008 10:14:43 PM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type24474 / Warning
Event Submitted/Written: 04/04/2008 02:37:35 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

Event Record #/Type24473 / Warning
Event Submitted/Written: 04/04/2008 02:16:21 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-04-05 12:29:51 ------------

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:02 PM

Posted 06 April 2008 - 03:13 AM

Hi,

First of all, I see your Norton Antivirus is disabled/outdated.
A priority here is to have an active - up to date Antivirus present. That's why I suggest you uninstall Norton and install another Antivirus instead.
Look in my signature below for the ones I recommend.

To uninstall Norton, uninstall next via software > add/remove programs:

LiveUpdate 3.2
LiveUpdate Notice
Norton 360
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
Norton Internet Security Bonus Pack

Reboot after uninstalling Norton and installing your next Antivirus.

Also, I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Then,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 itaylort

itaylort
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 06 April 2008 - 03:53 AM

Many Thanks for the help, I havent unistalled Norton because i had manually turned it off to run kapersky as per the prep guide, but the scan didnt complete.
I hope the logs now say its up to date now.
Here are the 2 logs you requested.

Edited infoafter the scan :I see i missed outthe recovery console load which i have now done and re scanned with combo fix,which is now postedat the bottom sorry


ComboFix 08-04-04.1 - ian 2008-04-06 9:27:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.609 [GMT 1:00]
Running from: C:\Documents and Settings\ian.IANS-F24742167D\Desktop\ComboFix-4.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS.0\system32\awtqo.dll
C:\WINDOWS.0\system32\byxvtrr.dll
C:\WINDOWS.0\system32\hjreyrpm.dll
C:\WINDOWS.0\system32\hufmrpku.dll
C:\WINDOWS.0\system32\oqtwa.ini
C:\WINDOWS.0\system32\oqtwa.ini2
C:\WINDOWS.0\system32\vsjcvhbi.dll
C:\WINDOWS.0\system32\ycbeg.ini
C:\WINDOWS.0\system32\ycbeg.ini2

.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-05 17:00 . 2008-04-06 09:39 54,156 --ah----- C:\WINDOWS.0\QTFont.qfn
2008-04-05 17:00 . 2008-04-05 17:00 1,409 --a------ C:\WINDOWS.0\QTFont.for
2008-04-05 12:25 . 2008-04-05 12:25 <DIR> d-------- C:\Deckard
2008-04-05 11:15 . 2008-04-05 11:15 <DIR> d-------- C:\WINDOWS.0\system32\Kaspersky Lab
2008-04-05 11:15 . 2008-04-05 11:15 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab
2008-04-02 16:50 . 2008-04-02 16:50 <DIR> d-------- C:\ComboFix-1
2008-04-02 09:31 . 2008-04-05 17:07 <DIR> d-------- C:\VundoFix Backups
2008-03-29 09:19 . 2008-03-29 09:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-29 09:19 . 2008-03-29 10:03 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy
2008-03-29 08:45 . 2008-03-29 10:18 <DIR> d-------- C:\Program Files\AdwareAlert
2008-03-28 21:48 . 2008-03-28 21:48 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-28 13:46 . 2008-03-29 09:20 262,144 --a------ C:\ntuser.dat
2008-03-24 14:28 . 2008-03-24 14:28 <DIR> d-------- C:\Program Files\MagicISO
2008-03-24 13:57 . 2008-03-24 13:57 <DIR> d-------- C:\Program Files\Smart Projects
2008-03-19 08:23 . 2008-03-19 08:23 <DIR> d-------- C:\Documents and Settings\Girls\Application Data\Teleca
2008-03-19 08:22 . 2008-03-19 08:22 <DIR> d-------- C:\Documents and Settings\Girls\Application Data\Sony Ericsson
2008-03-19 08:22 . 2008-03-19 08:22 <DIR> d-------- C:\Documents and Settings\Girls\Application Data\Nero
2008-03-19 08:21 . 2008-01-27 14:29 <DIR> d-------- C:\Documents and Settings\Girls\Application Data\Intel
2008-03-19 08:21 . 2008-03-08 22:04 <DIR> d-------- C:\Documents and Settings\Girls\Application Data\Apple Computer
2008-03-14 15:51 . 2008-03-14 15:51 18 --a------ C:\WINDOWS.0\NKNIGHTS.INI
2008-03-14 10:07 . 2008-03-14 16:05 29 --a------ C:\WINDOWS.0\Battle.ini
2008-03-09 12:53 . 2008-03-09 12:53 <DIR> d-------- C:\Documents and Settings\ian.IANS-F24742167D\Application Data\Symantec
2008-03-09 09:30 . 2008-03-06 22:32 23,904 --a------ C:\WINDOWS.0\system32\drivers\COH_Mon.sys
2008-03-09 09:30 . 2008-03-06 22:32 10,537 --a------ C:\WINDOWS.0\system32\drivers\COH_Mon.cat
2008-03-09 09:30 . 2008-03-06 22:32 706 --a------ C:\WINDOWS.0\system32\drivers\COH_Mon.inf
2008-03-08 22:04 . 2008-03-08 22:04 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS.0\Application Data\Apple Computer
2008-03-08 22:04 . 2008-03-08 22:04 16 --a------ C:\WINDOWS.0\system32\coh.cache
2008-03-08 21:43 . 2008-03-14 18:33 <DIR> d-------- C:\Program Files\Norton 360
2008-03-08 21:42 . 2008-03-08 22:29 123,952 --a------ C:\WINDOWS.0\system32\drivers\SYMEVENT.SYS
2008-03-08 21:42 . 2008-03-08 22:29 60,800 --a------ C:\WINDOWS.0\system32\S32EVNT1.DLL
2008-03-08 21:42 . 2008-03-08 22:29 10,740 --a------ C:\WINDOWS.0\system32\drivers\SYMEVENT.CAT
2008-03-08 21:42 . 2008-03-08 22:29 805 --a------ C:\WINDOWS.0\system32\drivers\SYMEVENT.INF
2008-03-08 21:40 . 2008-03-08 22:29 <DIR> d-------- C:\Program Files\Symantec
2008-03-08 21:40 . 2008-04-05 17:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 08:37 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Kontiki
2008-04-06 08:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Viewpoint
2008-04-05 12:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-21 20:38 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-21 10:36 --------- d-----w C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-03-21 10:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft Corporation
2008-03-20 11:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-13 08:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft Help
2008-03-08 20:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\McAfee
2008-03-08 20:30 --------- d-----w C:\Documents and Settings\ian.IANS-F24742167D\Application Data\McAfee
2008-03-08 20:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SiteAdvisor
2008-03-06 13:35 --------- d-----w C:\Program Files\Avanquest update
2008-03-04 16:23 --------- d-----w C:\Documents and Settings\ian.IANS-F24742167D\Application Data\Leadertech
2008-03-04 14:40 --------- d-----w C:\Documents and Settings\ian.IANS-F24742167D\Application Data\Sony
2008-03-04 14:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Sony
2008-03-04 14:36 --------- d-----w C:\Program Files\Sony Ericsson
2008-03-04 13:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 13:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\BVRP Software
2008-03-04 13:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Sony Ericsson
2008-03-03 17:23 --------- d-----w C:\Program Files\iTunes
2008-03-03 17:23 --------- d-----w C:\Program Files\iPod
2008-03-03 17:21 --------- d-----w C:\Program Files\QuickTime
2008-02-18 20:24 --------- d-----w C:\Program Files\AIM6
2008-02-18 20:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AOL Downloads
2008-02-18 20:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AOL
2008-02-13 19:12 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP
2008-02-13 19:11 --------- d-----w C:\Program Files\Classic Menu for Office
2006-08-15 11:38 3,548,160 ----a-w C:\Documents and Settings\Ian\kitchen.exe
2006-08-15 11:14 7,111,962 ----a-w C:\Documents and Settings\Ian\ihp_Kitchen.exe
2006-07-14 19:36 25,600 ----a-w C:\Documents and Settings\Ian\usbsermptxp.sys
2006-07-14 19:36 22,768 ----a-w C:\Documents and Settings\Ian\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BCBE15E-C5C1-45FB-8406-14667B4422A3}]
C:\WINDOWS.0\system32\pmnlk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A07D75B5-F284-4212-8948-BD32E7E9943B}]
C:\WINDOWS.0\system32\jkkjj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"Aim6"="" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 21:33 68856]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 19:23 1032640]
"LeechGet"="" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 16:29 356352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 13:45 28672]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 16:25 73728]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 23:40 196608]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 14:04 671744]
"NDSTray.exe"="NDSTray.exe" []
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 16:49 28672 C:\WINDOWS.0\system32\TCtrlIOHook.exe]
"TFncKy"="TFncKy.exe" []
"HPDJ Taskbar Utility"="C:\WINDOWS.0\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 13:46 188416]
"TPSMain"="TPSMain.exe" [2005-08-11 14:33 266240 C:\WINDOWS.0\system32\TPSMain.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 02:10 88358 C:\WINDOWS.0\agrsmmsg.exe]
"IgfxTray"="C:\WINDOWS.0\system32\igfxtray.exe" [2007-01-13 10:47 131072]
"HotKeysCmds"="C:\WINDOWS.0\system32\hkcmd.exe" [2007-01-13 10:47 163840]
"Persistence"="C:\WINDOWS.0\system32\igfxpers.exe" [2007-01-13 10:46 135168]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 17:52 3770024]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 04:10 116328]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]

C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS.0\system32\Wtablet\TabUserW.exe [2003-12-04 16:48:40 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.wmv3"= wmv9vcm.dll
"msacm.imc"= imc32.acm
"msacm.l3codecp"= l3codecp.acm
"VIDC.i263"= i263_32.drv
"vidc.mjpg"= mcmjpg32.dll
"vidc.dvsd"= mcdvd_32.dll
"MSVideo8"= VfWWDM32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS.0\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-06 21:33 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\LeechGet 2006\\LeechGet.exe"=
"C:\\Program Files\\LeechGet 2007\\LeechGet.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 16:08]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS.0\system32\DRIVERS\rt2500usb.sys [2006-05-20 00:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2baee745-54e0-11dc-8b7f-000fb0e402e7}]
\Shell\AutoRun\command - G:\Info.exe folder.htt 480 480

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 14:54:02 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-06 08:00:00 C:\WINDOWS.0\Tasks\SyncBack ians ext hard drive back up.job"
- C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe!-m
"2008-04-04 19:00:00 C:\WINDOWS.0\Tasks\SyncBack ians lappy my docs back up.job"
- C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe -m
"2008-04-05 19:25:00 C:\WINDOWS.0\Tasks\SyncBackSE ians lappy docs.job"
- C:\Program Files\2BrightSparks\SyncBackSE\SyncBackSE.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 09:39:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS.0\system32\TPSBattM.exe
C:\WINDOWS.0\system32\Tablet.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-04-06 9:46:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 08:46:14
Pre-Run: 22,818,455,552 bytes free
Post-Run: 23,008,387,072 bytes free
.
2008-03-13 08:35:10 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:52:08, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS.0\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS.0\system32\TPSMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS.0\AGRSMMSG.exe
C:\WINDOWS.0\system32\igfxtray.exe
C:\WINDOWS.0\system32\hkcmd.exe
C:\WINDOWS.0\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\TPSBattM.exe
C:\WINDOWS.0\system32\Tablet.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS.0\system32\Wtablet\TabUserW.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\explorer.exe
C:\WINDOWS.0\system32\notepad.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\ian.IANS-F24742167D\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {8BCBE15E-C5C1-45FB-8406-14667B4422A3} - C:\WINDOWS.0\system32\pmnlk.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A07D75B5-F284-4212-8948-BD32E7E9943B} - C:\WINDOWS.0\system32\jkkjj.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS.0\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS.0\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS.0\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS.0\system32\igfxpers.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS.0\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.belkin.co.uk
O15 - Trusted Zone: http://www.belkin.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file:///E:/fastload_v3/software/authorware7/awswaxf.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS.0\system32\Tablet.exe

--
End of file - 14222 bytes

New combo fix

ComboFix 08-04-04.1 - ian 2008-04-06 10:15:33.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.819 [GMT 1:00]
Running from: C:\Documents and Settings\ian.IANS-F24742167D\Desktop\ComboFix-4.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-05 12:25 . 2008-04-05 12:25 <DIR> d-------- C:\Deckard
2008-04-05 11:15 . 2008-04-05 11:15 <DIR> d-------- C:\WINDOWS.0\system32\Kaspersky Lab
2008-04-05 11:15 . 2008-04-05 11:15 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab
2008-04-02 16:50 . 2008-04-02 16:50 <DIR> d-------- C:\ComboFix-1
2008-04-02 09:31 . 2008-04-05 17:07 <DIR> d-------- C:\VundoFix Backups
2008-03-29 09:19 . 2008-03-29 09:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-29 09:19 . 2008-03-29 10:03 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy
2008-03-29 08:45 . 2008-03-29 10:18 <DIR> d-------- C:\Program Files\AdwareAlert
2008-03-28 21:48 . 2008-03-28 21:48 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-28 13:46 . 2008-03-29 09:20 262,144 --a------ C:\ntuser.dat
2008-03-24 14:28 . 2008-03-24 14:28 <DIR> d-------- C:\Program Files\MagicISO
2008-03-24 13:57 . 2008-03-24 13:57 <DIR> d-------- C:\Program Files\Smart Projects
2008-03-19 08:23 . 2008-03-19 08:23 <DIR> d-------- C:\Documents and Settings\Girls\Application Data\Teleca
2008-03-19 08:22 . 2008-03-19 08:22 <DIR> d-------- C:\Documents and Settings\Girls\Application Data\Sony Ericsson
2008-03-19 08:22 . 2008-03-19 08:22 <DIR> d-------- C:\Documents and Settings\Girls\Application Data\Nero
2008-03-19 08:21 . 2008-01-27 14:29 <DIR> d-------- C:\Documents and Settings\Girls\Application Data\Intel
2008-03-19 08:21 . 2008-03-08 22:04 <DIR> d-------- C:\Documents and Settings\Girls\Application Data\Apple Computer
2008-03-14 15:51 . 2008-03-14 15:51 18 --a------ C:\WINDOWS.0\NKNIGHTS.INI
2008-03-14 10:07 . 2008-03-14 16:05 29 --a------ C:\WINDOWS.0\Battle.ini
2008-03-09 12:53 . 2008-03-09 12:53 <DIR> d-------- C:\Documents and Settings\ian.IANS-F24742167D\Application Data\Symantec
2008-03-09 09:30 . 2008-03-06 22:32 23,904 --a------ C:\WINDOWS.0\system32\drivers\COH_Mon.sys
2008-03-09 09:30 . 2008-03-06 22:32 10,537 --a------ C:\WINDOWS.0\system32\drivers\COH_Mon.cat
2008-03-09 09:30 . 2008-03-06 22:32 706 --a------ C:\WINDOWS.0\system32\drivers\COH_Mon.inf
2008-03-08 22:04 . 2008-03-08 22:04 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS.0\Application Data\Apple Computer
2008-03-08 22:04 . 2008-03-08 22:04 16 --a------ C:\WINDOWS.0\system32\coh.cache
2008-03-08 21:43 . 2008-03-14 18:33 <DIR> d-------- C:\Program Files\Norton 360
2008-03-08 21:42 . 2008-03-08 22:29 123,952 --a------ C:\WINDOWS.0\system32\drivers\SYMEVENT.SYS
2008-03-08 21:42 . 2008-03-08 22:29 60,800 --a------ C:\WINDOWS.0\system32\S32EVNT1.DLL
2008-03-08 21:42 . 2008-03-08 22:29 10,740 --a------ C:\WINDOWS.0\system32\drivers\SYMEVENT.CAT
2008-03-08 21:42 . 2008-03-08 22:29 805 --a------ C:\WINDOWS.0\system32\drivers\SYMEVENT.INF
2008-03-08 21:40 . 2008-03-08 22:29 <DIR> d-------- C:\Program Files\Symantec
2008-03-08 21:40 . 2008-04-05 17:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 09:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Kontiki
2008-04-06 08:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Viewpoint
2008-04-05 12:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-21 20:38 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-21 10:36 --------- d-----w C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-03-21 10:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft Corporation
2008-03-20 11:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-13 08:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft Help
2008-03-08 20:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\McAfee
2008-03-08 20:30 --------- d-----w C:\Documents and Settings\ian.IANS-F24742167D\Application Data\McAfee
2008-03-08 20:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SiteAdvisor
2008-03-06 13:35 --------- d-----w C:\Program Files\Avanquest update
2008-03-04 16:23 --------- d-----w C:\Documents and Settings\ian.IANS-F24742167D\Application Data\Leadertech
2008-03-04 14:40 --------- d-----w C:\Documents and Settings\ian.IANS-F24742167D\Application Data\Sony
2008-03-04 14:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Sony
2008-03-04 14:36 --------- d-----w C:\Program Files\Sony Ericsson
2008-03-04 13:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 13:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\BVRP Software
2008-03-04 13:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Sony Ericsson
2008-03-03 17:23 --------- d-----w C:\Program Files\iTunes
2008-03-03 17:23 --------- d-----w C:\Program Files\iPod
2008-03-03 17:21 --------- d-----w C:\Program Files\QuickTime
2008-02-18 20:24 --------- d-----w C:\Program Files\AIM6
2008-02-18 20:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AOL Downloads
2008-02-18 20:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AOL
2008-02-14 20:00 12,632 ----a-w C:\WINDOWS.0\system32\lsdelete.exe
2008-02-13 19:12 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP
2008-02-13 19:11 --------- d-----w C:\Program Files\Classic Menu for Office
2006-08-15 11:38 3,548,160 ----a-w C:\Documents and Settings\Ian\kitchen.exe
2006-08-15 11:14 7,111,962 ----a-w C:\Documents and Settings\Ian\ihp_Kitchen.exe
2006-07-14 19:36 25,600 ----a-w C:\Documents and Settings\Ian\usbsermptxp.sys
2006-07-14 19:36 22,768 ----a-w C:\Documents and Settings\Ian\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-06_ 9.45.57.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-06 08:41:21 16,384 ----atw C:\WINDOWS.0\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_228.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BCBE15E-C5C1-45FB-8406-14667B4422A3}]
C:\WINDOWS.0\system32\pmnlk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A07D75B5-F284-4212-8948-BD32E7E9943B}]
C:\WINDOWS.0\system32\jkkjj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"Aim6"="" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 21:33 68856]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 19:23 1032640]
"LeechGet"="" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 16:29 356352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 13:45 28672]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 16:25 73728]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 23:40 196608]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 14:04 671744]
"NDSTray.exe"="NDSTray.exe" []
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 16:49 28672 C:\WINDOWS.0\system32\TCtrlIOHook.exe]
"TFncKy"="TFncKy.exe" []
"HPDJ Taskbar Utility"="C:\WINDOWS.0\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 13:46 188416]
"TPSMain"="TPSMain.exe" [2005-08-11 14:33 266240 C:\WINDOWS.0\system32\TPSMain.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 02:10 88358 C:\WINDOWS.0\agrsmmsg.exe]
"IgfxTray"="C:\WINDOWS.0\system32\igfxtray.exe" [2007-01-13 10:47 131072]
"HotKeysCmds"="C:\WINDOWS.0\system32\hkcmd.exe" [2007-01-13 10:47 163840]
"Persistence"="C:\WINDOWS.0\system32\igfxpers.exe" [2007-01-13 10:46 135168]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 17:52 3770024]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 04:10 116328]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]

C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS.0\system32\Wtablet\TabUserW.exe [2003-12-04 16:48:40 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.wmv3"= wmv9vcm.dll
"msacm.imc"= imc32.acm
"msacm.l3codecp"= l3codecp.acm
"VIDC.i263"= i263_32.drv
"vidc.mjpg"= mcmjpg32.dll
"vidc.dvsd"= mcdvd_32.dll
"MSVideo8"= VfWWDM32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS.0\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-06 21:33 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\LeechGet 2006\\LeechGet.exe"=
"C:\\Program Files\\LeechGet 2007\\LeechGet.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 16:08]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS.0\system32\DRIVERS\rt2500usb.sys [2006-05-20 00:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2baee745-54e0-11dc-8b7f-000fb0e402e7}]
\Shell\AutoRun\command - G:\Info.exe folder.htt 480 480

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 14:54:02 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-06 08:00:00 C:\WINDOWS.0\Tasks\SyncBack ians ext hard drive back up.job"
- C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe!-m
"2008-04-04 19:00:00 C:\WINDOWS.0\Tasks\SyncBack ians lappy my docs back up.job"
- C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe -m
"2008-04-05 19:25:00 C:\WINDOWS.0\Tasks\SyncBackSE ians lappy docs.job"
- C:\Program Files\2BrightSparks\SyncBackSE\SyncBackSE.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 10:16:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-06 10:17:31
ComboFix-quarantined-files.txt 2008-04-06 09:17:12
ComboFix2.txt 2008-04-06 09:08:48
ComboFix3.txt 2008-04-06 08:46:24
Pre-Run: 22,976,040,960 bytes free
Post-Run: 22,958,981,120 bytes free
.
2008-03-13 08:35:10 --- E O F ---

Edited by itaylort, 06 April 2008 - 04:22 AM.


#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:02 PM

Posted 06 April 2008 - 05:36 AM

Hi,

I know you disabled Norton, but the fact that it is outdated makes me wonder if you purchased it.
If you didn't purchase Norton, then it's useless, because outdated databases won't protect you against newest threats.

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.

Then,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {8BCBE15E-C5C1-45FB-8406-14667B4422A3} - C:\WINDOWS.0\system32\pmnlk.dll (file missing)
O2 - BHO: (no name) - {A07D75B5-F284-4212-8948-BD32E7E9943B} - C:\WINDOWS.0\system32\jkkjj.dll (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 itaylort

itaylort
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 06 April 2008 - 12:31 PM

Many Thanks things seem to be ok at the moment. I did have a brain lapse moment and uninstalled tea timer. ihave since reinstalled it and disabled it as per your instructions.

I am very suprised that norton still looks out of date as i only purchased it about 1 month ago and it says it has been updating itself, i shall manually update it to see what happens.

Is there anything else left to do?

Many Thanks again.

Ian

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:02 PM

Posted 06 April 2008 - 02:05 PM

Hi,

About your Norton, this is what it says in the Deckard system scanner log:

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation) Disabled Outdated

So make sure you update it. :thumbsup:

Good to hear everything is OK again.

Glad I could help. :blink:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 itaylort

itaylort
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 06 April 2008 - 02:50 PM

Thanks again, i see the norton info was in the extra llog file created by DSS. Is there any way to create another one to make sure norton is now ok?

Ian

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:02 PM

Posted 06 April 2008 - 02:55 PM

Well, if your Norton Antivirus says that it is up to date, then you should be OK :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:02 PM

Posted 09 April 2008 - 01:50 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users