[bdruff]

Following your guide to the T

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:52 AM, on 1/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\BRIANR~1\LOCALS~1\Temp\Rar$EX00.528\Hi jackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: TSkin.lnk = C:\Documents and Settings\Default User\Local Settings\Temp\TSkin.bat (User 'SYSTEM')
O4 - .DEFAULT Startup: TSkin.lnk = C:\Documents and Settings\Default User\Local Settings\Temp\TSkin.bat (User 'Default user')
O4 - .DEFAULT User Startup: TSkin.lnk = C:\Documents and Settings\Default User\Local Settings\Temp\TSkin.bat (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125359106369
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://photoservices.van.fedex.com/s...eUploader4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://metlifeinvest.webex.com/clie...ex/ieatgpc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

--
End of file - 9020 bytes

[bdruff]

Combofix log and Trojan remover log are too long to post

[Osiris]

post half the log and then the other half.

[bdruff]

ComboFix 09-01-05.03 - brian ruff 2009-01-06 16:25:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.614 [GMT -8:00]
Running from: c:\documents and settings\brian ruff\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\brian ruff\Application Data\inst.exe
c:\windows\aazalirt.exe
c:\windows\dkekkrkska.exe
c:\windows\dkewiizkjdks.exe
c:\windows\iddqdops.exe
c:\windows\ienotas.exe
c:\windows\iqmcnoeqz.exe
c:\windows\irprokwks.exe
c:\windows\jikglond.exe
c:\windows\jiklagka.exe
c:\windows\jrjakdsd.exe
c:\windows\jungertab.exe
c:\windows\kitiiwhaas.exe
c:\windows\kkwknrbsggeg.exe
c:\windows\klopnidret.exe
c:\windows\krkdkdkee.exe
c:\windows\krkmahejdk.exe
c:\windows\krtawefg.exe
c:\windows\krujmmwlrra.exe
c:\windows\ktknamwerr.exe
c:\windows\kuruhccdsdd.exe
c:\windows\ooorjaas.exe
c:\windows\oranerkka.exe
c:\windows\oropbbsee.exe
c:\windows\otnnbektre.exe
c:\windows\otowjdseww.exe
c:\windows\otpeppggq.exe
c:\windows\rkaskssd.exe
c:\windows\ronitfst.exe
c:\windows\salrtybek.exe
c:\windows\seeukluba.exe
c:\windows\skaaanret.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\awtrOeET.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\tobmygers.exe
c:\windows\tobykke.exe
c:\windows\zibaglertz.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_icf


((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-06 12:09 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2009-01-06 11:50 . 2009-01-06 11:50 <DIR> d-------- c:\program files\CleanUp!
2009-01-06 11:34 . 2009-01-06 11:34 <DIR> d-------- c:\program files\MSConfig CleanUp
2009-01-06 11:30 . 2009-01-06 11:30 921 --a------ c:\windows\QSFVExit.bat
2009-01-06 11:06 . 2009-01-06 11:11 <DIR> d-------- c:\windows\system32\NtmsData
2009-01-06 09:48 . 2009-01-06 09:48 <DIR> d-------- c:\program files\Marcos Velasco Security
2009-01-05 13:05 . 2009-01-06 11:30 <DIR> d-------- c:\program files\Panda Security
2009-01-05 12:50 . 2009-01-05 12:58 <DIR> d-------- c:\windows\BDOSCAN8
2009-01-04 19:35 . 2009-01-04 19:35 <DIR> d-------- c:\program files\CCleaner
2009-01-04 19:15 . 2009-01-05 17:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-04 19:15 . 2009-01-04 19:15 <DIR> d-------- c:\documents and settings\brian ruff\Application Data\Malwarebytes
2009-01-04 19:15 . 2009-01-04 19:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-04 19:15 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 19:15 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-04 17:50 . 2009-01-04 17:50 <DIR> d-------- c:\documents and settings\bd\Application Data\Intel
2009-01-04 17:49 . 2005-01-07 13:57 <DIR> d-------- c:\documents and settings\bd\WINDOWS
2009-01-04 17:49 . 2005-01-07 15:42 <DIR> d-------- c:\documents and settings\bd\Application Data\You've Got Pictures Screensaver
2009-01-04 17:49 . 2005-01-07 14:54 <DIR> d-------- c:\documents and settings\bd\Application Data\toshiba
2009-01-04 17:49 . 2005-01-07 15:57 <DIR> d-------- c:\documents and settings\bd\Application Data\Symantec
2009-01-04 17:49 . 2005-01-07 15:46 <DIR> d-------- c:\documents and settings\bd\Application Data\Intuit
2009-01-04 17:49 . 2005-01-10 13:24 <DIR> d-------- c:\documents and settings\bd\Application Data\InterVideo
2009-01-04 17:49 . 2005-01-07 15:23 <DIR> d-------- c:\documents and settings\bd\Application Data\InterTrust
2009-01-04 17:49 . 2005-08-27 20:23 <DIR> d-------- c:\documents and settings\bd\Application Data\AOL
2009-01-04 17:49 . 2009-01-04 17:49 <DIR> d-------- c:\documents and settings\bd
2009-01-04 17:26 . 2009-01-04 17:26 <DIR> d-------- C:\VundoFix Backups
2009-01-04 14:42 . 2009-01-06 10:31 32,768 --a------ c:\windows\system32\drivers\ati1wbxx.sys
2009-01-04 14:39 . 2009-01-06 16:32 100,588 --a------ c:\windows\system32\drivers\ba9fb7cf.sys
2009-01-04 14:38 . 2009-01-04 14:38 264,704 --a------ C:\cuiagm.exe
2009-01-04 12:34 . 2009-01-06 16:32 100,588 --a------ c:\windows\system32\drivers\eafbcb98.sys
2009-01-04 12:33 . 2009-01-04 14:38 2,425 --a------ C:\rvlksh.exe
2009-01-04 12:33 . 2009-01-04 12:33 2 --a------ C:\-1800984812
2009-01-04 12:32 . 2009-01-04 14:38 53,248 --a------ C:\uvfrtck.exe
2009-01-04 12:32 . 2009-01-04 12:32 43,520 --a------ c:\windows\system32\whSLD022328.exe
2009-01-02 10:48 . 2009-01-02 10:48 <DIR> d-------- c:\program files\Ahead
2009-01-01 22:20 . 2009-01-06 11:21 <DIR> d-------- c:\program files\Xilisoft
2009-01-01 22:05 . 2009-01-01 22:13 <DIR> d-------- c:\documents and settings\brian ruff\Application Data\Vso
2009-01-01 22:05 . 2009-01-01 22:12 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-01-01 22:05 . 2009-01-01 22:13 47,360 --a------ c:\documents and settings\brian ruff\Application Data\pcouffin.sys
2009-01-01 21:33 . 2009-01-01 21:33 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-01 21:22 . 2009-01-01 21:22 <DIR> d-------- c:\documents and settings\brian ruff\Application Data\DAEMON Tools Pro
2009-01-01 21:22 . 2009-01-01 21:22 <DIR> d-------- c:\documents and settings\brian ruff\Application Data\DAEMON Tools
2009-01-01 21:21 . 2009-01-01 21:21 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-01-01 21:21 . 2009-01-01 21:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-01 21:17 . 2009-01-01 21:29 <DIR> d-------- c:\documents and settings\brian ruff\Application Data\DAEMON Tools Lite
2009-01-01 21:17 . 2009-01-01 21:17 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-01 20:41 . 2009-01-01 20:41 <DIR> d-------- c:\program files\MagicISO
2009-01-01 17:23 . 2009-01-06 10:50 69 --a------ c:\windows\NeroDigital.ini
2009-01-01 17:16 . 2009-01-01 17:16 <DIR> d-------- c:\documents and settings\brian ruff\Application Data\Nero
2009-01-01 17:11 . 2009-01-01 17:11 <DIR> d-------- c:\program files\Nero
2009-01-01 17:11 . 2009-01-06 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-01-01 13:25 . 2009-01-01 13:32 <DIR> d-------- c:\documents and settings\brian ruff\Application Data\Uniblue
2009-01-01 13:25 . 2009-01-01 13:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2008-12-31 07:44 . 2008-12-31 07:44 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-31 07:22 . 2009-01-05 12:34 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-31 04:51 . 2008-12-31 04:51 <DIR> d-------- c:\documents and settings\brian ruff\Application Data\IObit
2008-12-31 04:50 . 2008-12-31 04:50 <DIR> d-------- c:\windows\system32\BWKDLogs
2008-12-31 04:50 . 2008-12-31 04:50 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-31 04:50 . 2008-12-31 04:50 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-31 04:50 . 2008-12-31 04:50 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-31 04:50 . 2008-12-31 04:50 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-31 04:50 . 2008-12-31 04:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kodak
2008-12-29 13:29 . 2008-12-31 04:52 <DIR> d-------- c:\program files\QuickSFV
2008-12-28 07:32 . 2009-01-04 08:25 <DIR> d-------- c:\program files\PeerGuardian2
2008-12-26 21:28 . 2008-12-30 15:53 <DIR> d-------- c:\documents and settings\brian ruff\Application Data\Software Informer
2008-12-26 21:07 . 2008-12-26 21:07 <DIR> d-------- c:\program files\IObit
2008-12-25 14:14 . 2005-06-23 16:50 64,512 --a------ c:\windows\system32\PTPITCP.dll
2008-12-25 14:13 . 2008-12-31 04:50 <DIR> d-------- c:\windows\system32\color
2008-12-25 14:11 . 2008-12-30 15:54 <DIR> d-------- c:\program files\Kodak
2008-12-21 21:17 . 2008-12-21 21:17 <DIR> d-------- c:\documents and settings\brian ruff\.thumbnails
2008-12-16 10:41 . 2008-12-31 04:47 <DIR> d-------- c:\documents and settings\brian ruff\Application Data\gtk-2.0
2008-12-16 10:33 . 2008-12-25 14:01 <DIR> d-------- c:\documents and settings\brian ruff\.gimp-2.6
2008-12-16 10:33 . 2008-12-16 10:33 <DIR> d-------- c:\documents and settings\brian ruff\.gegl-0.0
2008-12-16 10:32 . 2008-12-16 10:32 <DIR> d-------- c:\program files\GIMP-2.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-01-06 19:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 19:31 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-06 19:22 --------- d-----w c:\program files\LimeWire
2009-01-06 19:20 --------- d-----w c:\program files\DivX
2009-01-04 20:38 --------- d-----w c:\documents and settings\brian ruff\Application Data\LimeWire
2008-12-31 15:47 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-31 15:45 --------- d-----w c:\program files\Lavasoft
2008-12-31 13:09 --------- d-----w c:\program files\palmOne
2008-12-31 12:50 --------- d-----w c:\program files\Yahoo!
2008-12-31 12:50 --------- d-----w c:\program files\MySpace
2008-11-30 14:54 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-11-30 14:54 --------- d-----w c:\documents and settings\brian ruff\Application Data\Yahoo!
2008-11-30 14:54 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2008-11-21 21:47 43,528 ------w c:\windows\system32\drivers\pxhelp20.sys
2008-11-13 03:48 --------- d-----w c:\program files\NOS
2008-11-13 03:48 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-01-19 03:03 55,560 -c--a-w c:\documents and settings\brian ruff\Application Data\GDIPFONTCACHEV1.DAT
2007-04-18 17:12 580 -c--a-w c:\documents and settings\brian ruff\Application Data\wklnhst.dat
2007-01-02 16:54 20 -c-h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
.

[bdruff]

combofix pt 2
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 10:27 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-13 16:11 47104 c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 03:41 11776 c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-13 16:12 32256 c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DVSD"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ati0fixx.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^brian ruff^start menu^programs^startup^ivm.lnk]
path=c:\documents and settings\brian ruff\Start Menu\Programs\Startup\IVM.lnk
backup=c:\windows\pss\IVM.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00thotkey]
--a------ 2004-08-10 17:21 258048 c:\windows\system32\00THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
--------- 2005-11-11 17:30 995328 c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\crossmenu]
--a------ 2005-01-06 17:37 798720 c:\program files\Toshiba\CrossMenu\CrossMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2005-03-17 13:45 40960 c:\program files\Scansoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
-----c--- 2003-10-30 23:29 45056 c:\program files\Brother\Brmfl03a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smoothview]
--a------ 2004-09-15 15:03 135168 c:\program files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundmax]
--a--c--- 2004-08-06 07:27 860160 c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundmaxpnp]
--a--c--- 2004-10-14 08:11 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletTip]
--a------ 2008-04-13 16:12 271872 c:\program files\Common Files\Microsoft Shared\Ink\tabtip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletWizard]
--a------ 2008-04-13 16:12 16384 c:\windows\Help\splshwrp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tacelmgr]
--a--c--- 2004-12-16 10:56 90112 c:\program files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taudeffect]
--a------ 2004-12-14 11:50 340032 c:\program files\Toshiba\TAudEffect\TAudEff.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tmerzctl.exe]
--a--c--- 2004-12-06 21:54 81920 c:\program files\Toshiba\TME3\TMERzCtl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tmesbs.exe]
--a------ 2003-08-01 14:56 86016 c:\program files\Toshiba\TME3\tmesbs32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tmesrv.exe]
--a------ 2005-01-18 14:18 126976 c:\program files\Toshiba\TME3\TMESRV31.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toscdspd]
--a------ 2004-12-30 00:32 65536 c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tosrotation]
--a------ 2004-12-13 18:25 266240 c:\program files\Toshiba\TOSHIBA Rotation Utility\TRot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trot.exe]
--a------ 2004-12-13 18:25 266240 c:\program files\Toshiba\TOSHIBA Rotation Utility\TRot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tskrmain]
--a------ 2004-06-30 15:29 49152 c:\program files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvs]
--a--c--- 2004-11-12 17:57 73728 c:\program files\Toshiba\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000stthk]
--a--c--- 2001-06-23 20:28 24576 c:\windows\system32\000StTHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tfnf5]
--a------ 2004-06-28 10:16 73728 c:\windows\system32\TFNF5.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpsmain]
--a------ 2004-12-27 18:31 270336 c:\windows\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpsoddctl]
--a------ 2004-12-27 18:32 110592 c:\windows\system32\TPSODDCtl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\pfs\\callatl\\rteng9.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\palmOne\\Hotsync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2005-01-07 6144]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-09-30 97928]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.s ys [2005-01-26 5888]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2005-01-07 8832]
R3 VBus;Virtual Bus;c:\windows\system32\drivers\NkVBus.sys [2005-06-17 17664]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2005-01-07 14208]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-30 231704]
R4 Tmesbs;Tmesbs32;c:\program files\Toshiba\TME3\tmesbs32.exe [2005-01-26 86016]
R4 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [2005-01-26 126976]
S0 ati0fixx;ati0fixx;c:\windows\system32\Drivers\ati0 fixx.sys --> c:\windows\system32\Drivers\ati0fixx.sys [?]
S0 prot_2k;prot_2k; [x]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\brfilt.sys [2005-09-19 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2005-09-19 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2005-09-19 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2005-09-19 10368]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-12 33752]
S3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2005-01-21 409984]
S3 TMicAry;Toshiba Audio Effect with MicArray;c:\windows\system32\drivers\TMicAry.sys [2005-01-21 138240]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f0c5b27d-61df-11da-bc9e-0012f069ee28}]
\Shell\AutoRun\command - e:\jdsecure\Windows\JDSecure31.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-630803992-2102171950-853002287-1005.job
- c:\documents and settings\brian ruff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 12:08]
.
- - - - ORPHANS REMOVED - - - -

BHO-{c5af42a3-94f3-42bd-f634-3604832c897d} - (no file)
Notify-exjqkjx - exjqkjx.dll
SafeBoot-ati0adxx.sys
SafeBoot-ati2psxx.sys
MSConfigStartUp-tfncky - TFncKy.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*Yahoo!
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
FF - ProfilePath - c:\documents and settings\brian ruff\Application Data\Mozilla\Firefox\Profiles\fyfhf4s5.default\
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJPI150_08.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
FF - plugin: c:\program files\Zango\bin\10.3.75.0\firefox\extensions\plugi ns\npclntax_ZangoSA.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 16:32:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\b a9fb7cf]
"ImagePath"="\SystemRoot\System32\drivers\ba9fb7cf .sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\e afbcb98]
"ImagePath"="\SystemRoot\System32\drivers\eafbcb98 .sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1116)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'Explorer.EXE'(812)
c:\program files\windows journal\nbmaptip.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\Ink\keyboardsurrogate.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\system32\ThpSrv.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\system32\wisptis.exe
c:\windows\system32\tabbtnu.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-01-06 16:35:57 - machine was rebooted [brian ruff]
ComboFix-quarantined-files.txt 2009-01-07 00:35:53

Pre-Run: 28,659,257,344 bytes free
Post-Run: 28,475,924,480 bytes free

358

[bdruff]

***** WINDOWS EXPLORER POLICIES RESET *****
Trojan Remover Ver 6.7.5.2555. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 4:57:17 PM 06 Jan 2009
Using Database v7252
Operating System: Windows XP SP3 [Windows XP Tablet PC Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\brian ruff\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\brian ruff\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System
- this key has been removed
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum
- no action required on this key as it does not exist
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
- no action required: value either does not exist or is set to False
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
- no action required: value either does not exist or is set to False
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking Values in:
HKCU\Control Panel\Desktop
----------
Checking HKCU ActiveDesktop Policies:
----------
Checking HKCU Add/Remove Programs Policies:
----------
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking HKLM ActiveDesktop Policies:
----------
Checking HKLM Add/Remove Programs Policies:
----------
************************************************** **********


***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.7.5.2555. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 4:57:11 PM 06 Jan 2009
Using Database v7252
Operating System: Windows XP SP3 [Windows XP Tablet PC Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\brian ruff\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\brian ruff\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************** **********


***** WINDOWS UPDATE POLICIES RESET *****
Trojan Remover Ver 6.7.5.2555. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 4:57:07 PM 06 Jan 2009
Using Database v7252
Operating System: Windows XP SP3 [Windows XP Tablet PC Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\brian ruff\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\brian ruff\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Windows Update Policies have been reset:
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\WindowsUpdate - key removed
************************************************** **********


***** WINDOWS HOSTS FILE RESET *****
Trojan Remover Ver 6.7.5.2555. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 4:57:02 PM 06 Jan 2009
Using Database v7252
Operating System: Windows XP SP3 [Windows XP Tablet PC Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\brian ruff\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\brian ruff\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
C:\WINDOWS\system32\DRIVERS\ETC\HOSTS has been copied to C:\WINDOWS\system32\DRIVERS\ETC\HOSTS.TRB
The default HOSTS file was successfully reset.
************************************************** **********


***** INTERNET EXPLORER HOME/START/SEARCH PAGE AND POLICY RESTRICTIONS RESET ****
Trojan Remover Ver 6.7.5.2555. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 4:56:49 PM 06 Jan 2009
Using Database v7252
Operating System: Windows XP SP3 [Windows XP Tablet PC Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\brian ruff\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\brian ruff\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
Existing Home/Start/Search Page settings are as follows:
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\windows\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
Live Search
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
MSN.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
Live Search
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
These settings will now be reset to their defaults:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoDrives" policy found and removed
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoToolbarCustomize" policy reset to default
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoBandCustomize" policy reset to default
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch" has been reset
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"www" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"ftp" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"gopher" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"home" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"mosaic" has been reset
HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel has been reset
HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel\"HomePage" value has been reset
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoDrives" policy found and removed
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoToolbarCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoBandCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_FullURL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_ToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_StatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLinStatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Window_Placement" has been reset
--------------------
************************************************** **********


***** THE SYSTEM HAS BEEN RESTARTED *****
1/6/2009 4:54:24 PM: Trojan Remover has been restarted
C:\WINDOWS\system32\drivers\ba9fb7cf.sys has been deleted (if it existed)
C:\WINDOWS\system32\drivers\eafbcb98.sys has been deleted (if it existed)
================================================== =====
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Services\ba9fb7cf - removed
HKLM\SYSTEM\CurrentControlSet\Services\eafbcb98 - removed
================================================== =====
================================================== =====
Deleting the following registry value(s):
HKLM\SYSTEM\CurrentControlSet\Services\ati1wbxx\[ImagePath] - already deleted
================================================== =====
1/6/2009 4:54:24 PM: Trojan Remover closed
************************************************** **********

[bdruff]

TRLOG PT 2
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2555. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 4:46:55 PM 06 Jan 2009
Using Database v7252
Operating System: Windows XP SP3 [Windows XP Tablet PC Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\brian ruff\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\brian ruff\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********

************************************************** **********
4:46:55 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************** **********
4:46:55 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************** **********
4:46:55 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************** **********
4:46:56 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 1/7/2005
Modified: 4/13/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 1/7/2005
Modified: 4/13/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 1/7/2005
Modified: 4/13/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1261336 bytes
Created: 9/30/2008
Modified: 11/28/2008
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1230728 bytes
Created: 1/6/2009
Modified: 12/10/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 1/7/2005
Modified: 4/13/2008
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
This Registry Key appears to be empty

************************************************** **********
4:46:57 PM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************** **********
4:46:57 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************** **********
4:46:57 PM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************** **********
4:46:57 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2428 bytes
Created: 8/25/2006
Modified: 8/25/2006
Company: [no info]
----------
Key: {8b15971b-5355-4c82-8c07-7e181ea07608}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
C:\WINDOWS\INF\fxsocm.inf
50680 bytes
Created: 1/7/2005
Modified: 8/4/2004
Company: [no info]
----------

************************************************** **********
4:46:58 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
409088 bytes
Created: 1/7/2005
Modified: 4/13/2008
Company: Microsoft Corporation
--------------------

[bdruff]

TRLOG PT3

************************************************** **********
4:47:01 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: aawservice
ImagePath: "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
611664 bytes
Created: 9/10/2008
Modified: 9/10/2008
Company: Lavasoft
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
129280 bytes
Created: 1/7/2005
Modified: 10/6/2004
Company: Andrea Electronics Corporation
----------
Key: ApfiltrService
ImagePath: system32\DRIVERS\Apfiltr.sys
C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
101833 bytes
Created: 1/7/2005
Modified: 5/8/2004
Company: Alps Electric Co., Ltd.
----------
Key: ati0adxx
ImagePath: System32\Drivers\ati0adxx.sys
C:\WINDOWS\System32\Drivers\ati0adxx.sys [file not found to scan]
----------
Key: ati0fixx
ImagePath: System32\Drivers\ati0fixx.sys
C:\WINDOWS\System32\Drivers\ati0fixx.sys [file not found to scan]
----------
Key: ati1wbxx
ImagePath: System32\Drivers\ati1wbxx.sys
C:\WINDOWS\System32\Drivers\ati1wbxx.sys
32768 bytes
Created: 1/4/2009
Modified: 1/6/2009
Company: [no info]
C:\WINDOWS\System32\Drivers\ati1wbxx.sys appears to be in-use/locked
C:\WINDOWS\System32\Drivers\ati1wbxx.sys - this registry value has been removed
C:\WINDOWS\System32\Drivers\ati1wbxx.sys - file renamed to: C:\WINDOWS\System32\Drivers\ati1wbxx.sys.vir
----------
Key: ati2psxx
ImagePath: System32\Drivers\ati2psxx.sys
C:\WINDOWS\System32\Drivers\ati2psxx.sys [file not found to scan]
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
231704 bytes
Created: 9/30/2008
Modified: 9/30/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgldx86.sys
97928 bytes
Created: 9/30/2008
Modified: 9/30/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys
26824 bytes
Created: 9/30/2008
Modified: 9/30/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: brfilt
ImagePath: System32\Drivers\Brfilt.sys
C:\WINDOWS\System32\Drivers\Brfilt.sys
2944 bytes
Created: 9/19/2005
Modified: 8/17/2001
Company: Brother Industries Ltd.
----------
Key: brmfrmps
ImagePath: "C:\WINDOWS\system32\Brmfrmps.exe" -service
C:\WINDOWS\system32\Brmfrmps.exe
65536 bytes
Created: 9/19/2005
Modified: 3/19/2003
Company: Brother Industries, Ltd.
----------
Key: BrSerWDM
ImagePath: System32\Drivers\BrSerWdm.sys
C:\WINDOWS\System32\Drivers\BrSerWdm.sys
61952 bytes
Created: 9/19/2005
Modified: 3/13/2003
Company: Brother Industries Ltd.
----------
Key: BrUsbMdm
ImagePath: System32\Drivers\BrUsbMdm.sys
C:\WINDOWS\System32\Drivers\BrUsbMdm.sys
11008 bytes
Created: 9/19/2005
Modified: 8/17/2001
Company: Brother Industries Ltd.
----------
Key: BrUsbScn
ImagePath: System32\Drivers\BrUsbScn.sys
C:\WINDOWS\System32\Drivers\BrUsbScn.sys
10368 bytes
Created: 9/19/2005
Modified: 8/17/2001
Company: Brother Industries Ltd.
----------
Key: catchme
ImagePath: \??\C:\ComboFix\catchme.sys - this file is globally excluded
----------
Key: CFSvcs
ImagePath: C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
36864 bytes
Created: 1/7/2005
Modified: 11/10/2004
Company: TOSHIBA CORPORATION
----------
Key: DMusic
ImagePath: system32\drivers\DMusic.sys
C:\WINDOWS\system32\drivers\DMusic.sys [file not found to scan]
----------
Key: dot4
ImagePath: system32\DRIVERS\Dot4.sys
C:\WINDOWS\system32\DRIVERS\Dot4.sys
206976 bytes
Created: 2/1/2008
Modified: 4/13/2008
Company: Microsoft Corporation
----------
Key: Dot4Print
ImagePath: system32\DRIVERS\Dot4Prt.sys
C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
12928 bytes
Created: 2/1/2008
Modified: 8/17/2001
Company: Microsoft Corporation
----------
Key: Dot4Scan
ImagePath: system32\DRIVERS\Dot4Scan.sys
C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
8704 bytes
Created: 2/1/2008
Modified: 8/17/2001
Company: Microsoft Corporation
----------
Key: dot4usb
ImagePath: system32\DRIVERS\dot4usb.sys
C:\WINDOWS\system32\DRIVERS\dot4usb.sys
23808 bytes
Created: 2/1/2008
Modified: 8/17/2001
Company: Microsoft Corporation
----------
Key: drmkaud
ImagePath: system32\drivers\drmkaud.sys
C:\WINDOWS\system32\drivers\drmkaud.sys [file not found to scan]
----------
Key: drvmcdb
ImagePath: system32\drivers\drvmcdb.sys
C:\WINDOWS\system32\drivers\drvmcdb.sys
87168 bytes
Created: 8/22/2005
Modified: 8/17/2004
Company: Sonic Solutions
----------
Key: drvnddm
ImagePath: system32\drivers\drvnddm.sys
C:\WINDOWS\system32\drivers\drvnddm.sys
40544 bytes
Created: 8/22/2005
Modified: 12/23/2004
Company: Sonic Solutions
----------
Key: DVD-RAM_Service
ImagePath: C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\DVDRAMSV.exe
106496 bytes
Created: 1/7/2005
Modified: 5/23/2003
Company: Matsu****a Electric Industrial Co., Ltd.
----------
Key: EvtEng
ImagePath: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
86016 bytes
Created: 10/15/2004
Modified: 10/15/2004
Company: Intel Corporation
----------
Key: getPlus(R) Helper
ImagePath: C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
33752 bytes
Created: 11/12/2008
Modified: 10/6/2008
Company: NOS Microsystems Ltd.
----------
Key: ialm
ImagePath: system32\DRIVERS\ialmnt5.sys
C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
751933 bytes
Created: 10/25/2004
Modified: 10/25/2004
Company: Intel Corporation
----------
Key: IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 4/3/2005
Modified: 4/3/2005
Company: Macrovision Corporation
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 1/7/2005
Modified: 4/13/2008
Company: Microsoft Corporation
----------
Key: IWCA
ImagePath: system32\DRIVERS\iwca.sys
C:\WINDOWS\system32\DRIVERS\iwca.sys
234496 bytes
Created: 8/12/2004
Modified: 8/12/2004
Company: Intel Corporation
----------
Key: meiudf
ImagePath: System32\Drivers\meiudf.sys
C:\WINDOWS\System32\Drivers\meiudf.sys
90480 bytes
Created: 1/7/2005
Modified: 1/30/2004
Company: Matsu****a Electric Industrial Co.,Ltd.
----------
Key: mf
ImagePath: system32\DRIVERS\mf.sys
C:\WINDOWS\system32\DRIVERS\mf.sys
63744 bytes
Created: 8/3/2004
Modified: 4/13/2008
Company: Microsoft Corporation
----------
Key: Netdevio
ImagePath: system32\DRIVERS\netdevio.sys
C:\WINDOWS\system32\DRIVERS\netdevio.sys
12032 bytes
Created: 1/7/2005
Modified: 1/29/2003
Company: TOSHIBA Corporation.
----------
Key: PalmUSBD
ImagePath: system32\drivers\PalmUSBD.sys
C:\WINDOWS\system32\drivers\PalmUSBD.sys
16694 bytes
Created: 5/5/2008
Modified: 5/5/2008
Company: PalmSource, Inc.
----------
Key: pcouffin
ImagePath: System32\Drivers\pcouffin.sys
C:\WINDOWS\System32\Drivers\pcouffin.sys
47360 bytes
Created: 1/1/2009
Modified: 1/1/2009
Company: VSO Software
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
21248 bytes
Created: 8/22/2005
Modified: 9/19/2003
Company: Padus, Inc.
----------
Key: RegSrvc
ImagePath: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
139264 bytes
Created: 10/15/2004
Modified: 10/15/2004
Company: Intel Corporation
----------
Key: S24EventMonitor
ImagePath: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
360521 bytes
Created: 10/15/2004
Modified: 10/15/2004
Company: Intel Corporation
----------
Key: s24trans
ImagePath: system32\DRIVERS\s24trans.sys
C:\WINDOWS\system32\DRIVERS\s24trans.sys
11354 bytes
Created: 10/15/2004
Modified: 10/15/2004
Company: Intel Corporation
----------
Key: sffdisk
ImagePath: system32\DRIVERS\sffdisk.sys
C:\WINDOWS\system32\DRIVERS\sffdisk.sys
11904 bytes
Created: 8/3/2004
Modified: 4/13/2008
Company: Microsoft Corporation
----------
Key: sffp_sd
ImagePath: system32\DRIVERS\sffp_sd.sys
C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
11008 bytes
Created: 8/3/2004
Modified: 4/13/2008
Company: Microsoft Corporation
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
259648 bytes
Created: 1/7/2005
Modified: 9/1/2004
Company: Analog Devices, Inc.
----------
Key: SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created: 1/7/2005
Modified: 9/20/2002
Company: Analog Devices, Inc.
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: sscdbhk5
ImagePath: system32\drivers\sscdbhk5.sys
C:\WINDOWS\system32\drivers\sscdbhk5.sys
5627 bytes
Created: 8/22/2005
Modified: 12/2/2004
Company: Sonic Solutions
----------
Key: ssrtln
ImagePath: system32\drivers\ssrtln.sys
C:\WINDOWS\system32\drivers\ssrtln.sys
23545 bytes
Created: 8/22/2005
Modified: 12/2/2004
Company: Sonic Solutions
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{8F37DD5C-9A61-4E54-8C71-2D5E470BA9BB}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 1/7/2005
Modified: 4/13/2008
Company: Microsoft Corporation
----------
Key: Swupdtmr
ImagePath: c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
53248 bytes
Created: 1/7/2005
Modified: 5/13/2004
Company: [no info]
----------
Key: TBiosDrv
ImagePath: \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys
C:\WINDOWS\system32\drivers\TBiosDrv.sys
6867 bytes
Created: 1/7/2005
Modified: 6/11/2003
Company: [no info]
----------
Key: TBtnKey
ImagePath: system32\DRIVERS\TBtnKey.sys
C:\WINDOWS\system32\DRIVERS\TBtnKey.sys
8832 bytes
Created: 1/7/2005
Modified: 9/12/2002
Company: TOSHIBA
----------
Key: TEchoCan
ImagePath: system32\DRIVERS\TEchoCan.sys
C:\WINDOWS\system32\DRIVERS\TEchoCan.sys
409984 bytes
Created: 1/21/2005
Modified: 11/30/2004
Company: TOSHIBA Corporation
----------
Key: tfsnboio
ImagePath: system32\dla\tfsnboio.sys
C:\WINDOWS\system32\dla\tfsnboio.sys
25883 bytes
Created: 8/22/2005
Modified: 1/14/2005
Company: Sonic Solutions
----------
Key: tfsncofs
ImagePath: system32\dla\tfsncofs.sys
C:\WINDOWS\system32\dla\tfsncofs.sys
34843 bytes
Created: 8/22/2005
Modified: 1/14/2005
Company: Sonic Solutions
----------
Key: tfsndrct
ImagePath: system32\dla\tfsndrct.sys
C:\WINDOWS\system32\dla\tfsndrct.sys
4123 bytes
Created: 8/22/2005
Modified: 1/14/2005
Company: Sonic Solutions
----------
Key: tfsndres
ImagePath: system32\dla\tfsndres.sys
C:\WINDOWS\system32\dla\tfsndres.sys
2239 bytes
Created: 8/22/2005
Modified: 1/14/2005
Company: Sonic Solutions
----------
Key: tfsnifs
ImagePath: system32\dla\tfsnifs.sys
C:\WINDOWS\system32\dla\tfsnifs.sys
87706 bytes
Created: 8/22/2005
Modified: 1/14/2005
Company: Sonic Solutions
----------
Key: tfsnopio
ImagePath: system32\dla\tfsnopio.sys
C:\WINDOWS\system32\dla\tfsnopio.sys
15227 bytes
Created: 8/22/2005
Modified: 1/14/2005
Company: Sonic Solutions
----------
Key: tfsnpool
ImagePath: system32\dla\tfsnpool.sys
C:\WINDOWS\system32\dla\tfsnpool.sys
6363 bytes
Created: 8/22/2005
Modified: 1/14/2005
Company: Sonic Solutions
----------
Key: tfsnudf
ImagePath: system32\dla\tfsnudf.sys
C:\WINDOWS\system32\dla\tfsnudf.sys
99098 bytes
Created: 8/22/2005
Modified: 1/14/2005
Company: Sonic Solutions
----------
Key: tfsnudfa
ImagePath: system32\dla\tfsnudfa.sys
C:\WINDOWS\system32\dla\tfsnudfa.sys
100603 bytes
Created: 8/22/2005
Modified: 1/14/2005
Company: Sonic Solutions
----------
Key: Thpdrv
ImagePath: system32\DRIVERS\thpdrv.sys
C:\WINDOWS\system32\DRIVERS\thpdrv.sys
16384 bytes
Created: 12/27/2004
Modified: 12/27/2004
Company: TOSHIBA Corporation
----------
Key: Thpevm
ImagePath: system32\DRIVERS\Thpevm.SYS
C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
-R- 6144 bytes
Created: 1/7/2005
Modified: 11/13/2004
Company: TOSHIBA Corporation
----------
Key: Thpsrv
ImagePath: C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\ThpSrv.exe
172032 bytes
Created: 12/25/2004
Modified: 12/25/2004
Company: TOSHIBA Corporation
----------
Key: TMEI3E
ImagePath: System32\Drivers\TMEI3E.SYS
C:\WINDOWS\System32\Drivers\TMEI3E.SYS
5888 bytes
Created: 1/26/2005
Modified: 6/16/2004
Company: Toshiba Corporation
----------
Key: Tmesbs
ImagePath: "C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
86016 bytes
Created: 1/26/2005
Modified: 8/1/2003
Company: TOSHIBA Corporation
----------
Key: Tmesrv
ImagePath: "C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
126976 bytes
Created: 1/26/2005
Modified: 1/18/2005
Company: TOSHIBA
----------
Key: TMicAry
ImagePath: system32\DRIVERS\TMicAry.sys
C:\WINDOWS\system32\DRIVERS\TMicAry.sys
138240 bytes
Created: 1/21/2005
Modified: 2/4/2004
Company: TOSHIBA Corporation
----------
Key: TVALZ
ImagePath: system32\DRIVERS\TVALZ.SYS
C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
9216 bytes
Created: 1/7/2005
Modified: 9/9/2004
Company: TOSHIBA Corporation
----------
Key: Tvs
ImagePath: system32\DRIVERS\Tvs.sys
C:\WINDOWS\system32\DRIVERS\Tvs.sys
29184 bytes
Created: 1/21/2005
Modified: 1/8/2005
Company: TOSHIBA Corporation
----------
Key: usbser
ImagePath: system32\DRIVERS\usbser.sys
C:\WINDOWS\system32\DRIVERS\usbser.sys
26112 bytes
Created: 12/26/2005
Modified: 4/13/2008
Company: Microsoft Corporation
----------
Key: VBus
ImagePath: system32\DRIVERS\NkVBus.sys
C:\WINDOWS\system32\DRIVERS\NkVBus.sys
17664 bytes
Created: 6/17/2005
Modified: 6/17/2005
Company: Nikon Corporation
----------
Key: w29n51
ImagePath: system32\DRIVERS\w29n51.sys
C:\WINDOWS\system32\DRIVERS\w29n51.sys
3222784 bytes
Created: 1/7/2005
Modified: 10/29/2004
Company: Intel® Corporation
----------
Key: WacomPen
ImagePath: system32\DRIVERS\wacompen.sys
C:\WINDOWS\system32\DRIVERS\wacompen.sys
14208 bytes
Created: 1/7/2005
Modified: 4/13/2008
Company: Microsoft Corporation
----------
Key: wanatw
ImagePath: system32\DRIVERS\wanatw4.sys
C:\WINDOWS\system32\DRIVERS\wanatw4.sys [file not found to scan]
----------

************************************************** **********
4:48:19 PM: Scanning -----VXD ENTRIES-----

************************************************** **********
4:48:19 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
348160 bytes
Created: 10/25/2004
Modified: 10/25/2004
Company: Intel Corporation
----------
Key : IntelWireless
DLLName: C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
110592 bytes
Created: 10/15/2004
Modified: 10/15/2004
Company: Intel Corporation
----------
Key : loginkey
DLLName: C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
47104 bytes
Created: 1/7/2005
Modified: 4/13/2008
Company: Microsoft Corporation
----------
Key : TabBtnWL
DLLName: TabBtnWL.dll
C:\WINDOWS\system32\TabBtnWL.dll
11776 bytes
Created: 1/7/2005
Modified: 8/29/2002
Company: Microsoft Corporation
----------
Key : tpgwlnotify
DLLName: tpgwlnot.dll
C:\WINDOWS\system32\tpgwlnot.dll
32256 bytes
Created: 1/7/2005
Modified: 4/13/2008
Company: Microsoft Corporation
----------

[bdruff]

TRLOG PT 4
************************************************** **********
4:48:20 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
99608 bytes
Created: 9/30/2008
Modified: 9/30/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: MagicISO
CLSID: {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
Path: C:\Program Files\MagicISO\misosh.dll
C:\Program Files\MagicISO\misosh.dll
20992 bytes
Created: 1/1/2009
Modified: 5/22/2008
Company: MagicISO, Inc.
----------
Key: shellextension
CLSID: [empty]
----------
Key: Yahoo! Mail
CLSID: {5464D816-CF16-4784-B9F3-75C0DB52B499}
Path: C:\Program Files\Yahoo!\Common\YMMAPI.dll
C:\Program Files\Yahoo!\Common\YMMAPI.dll
285464 bytes
Created: 6/28/2007
Modified: 6/28/2007
Company: Yahoo! Inc.
----------

************************************************** **********
4:48:20 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: [CLSID does not appear to reference a file]

************************************************** **********
4:48:20 PM: Scanning ----- BROWSER HELPER OBJECTS -----

************************************************** **********
4:48:20 PM: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
121856 bytes
Created: 1/7/2005
Modified: 4/13/2008
Company: Microsoft Corporation
----------

************************************************** **********
4:48:21 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************** **********
4:48:21 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************** **********
4:48:21 PM: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [avgrsstx.dll]
File: avgrsstx.dll
C:\WINDOWS\system32\avgrsstx.dll
10520 bytes
Created: 9/30/2008
Modified: 9/30/2008
Company: AVG Technologies CZ, s.r.o.
----------

************************************************** **********
4:48:21 PM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************** **********
4:48:21 PM: Scanning ------ USER STARTUP GROUPS ------
Checking Startup Group for All Users
[C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp]
No Startup files for All Users were located to check

************************************************** **********
4:48:21 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 1/7/2005
Modified: 1/7/2005
Company: [no info]
--------------------

************************************************** **********
4:48:21 PM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 1/7/2005
Modified: 1/7/2005
Company: [no info]
----------
--------------------
Checking Startup Group for: bd
[C:\Documents and Settings\bd\START MENU\PROGRAMS\STARTUP]
The Startup Group for bd attempts to load the following file(s):
C:\Documents and Settings\bd\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 1/4/2009
Modified: 1/7/2005
Company: [no info]
----------
C:\Documents and Settings\bd\START MENU\PROGRAMS\STARTUP\TSkin.lnk - this links to C:\Documents and Settings\Default User\Local Settings\Temp\TSkin.bat - this Shortcut has been removed
----------
--------------------
Checking Startup Group for: brian ruff
[C:\Documents and Settings\brian ruff\START MENU\PROGRAMS\STARTUP]
The Startup Group for brian ruff attempts to load the following file(s):
C:\Documents and Settings\brian ruff\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 8/26/2005
Modified: 1/7/2005
Company: [no info]
----------

************************************************** **********
4:48:54 PM: Scanning ----- SCHEDULED TASKS -----
Taskname: GoogleUpdateTaskUserS-1-5-21-630803992-2102171950-853002287-1005.job
File: C:\Documents and Settings\brian ruff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\brian ruff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 9/5/2008
Modified: 9/5/2008
Company: Google Inc.
Parameters: /c
Next Run Time: Never
Status: The task is ready to run at its next scheduled time
Creator: brian ruff
Comments: Google Update Task keeps your Google software up to date. If Google Update Task is disabled or stopped, your Google software may not be kept up to date, meaning we can't fix security vulnerabilities that may arise, and features in your Google software may not work. Google Update Task uninstalls itself when there is no Google software using it. It may take a few hours for Google Update to detect it is time to uninstall.
----------

************************************************** **********
4:48:54 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************** **********
4:48:54 PM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Hidden or inaccessible Services entry: [ba9fb7cf]
C:\WINDOWS\system32\drivers\ba9fb7cf.sys
100588 bytes
Created: 1/4/2009
Modified: 1/6/2009
Company: [no info]
C:\WINDOWS\system32\drivers\ba9fb7cf.sys appears to be in-use/locked
Entry has been scheduled for deletion when the PC is restarted
C:\WINDOWS\system32\drivers\ba9fb7cf.sys - file has been erased using RAW erasure
This file will also be marked for deletion when the PC is restarted, in case it is re-created
----------
Hidden or inaccessible Services entry: [eafbcb98]
C:\WINDOWS\system32\drivers\eafbcb98.sys
100588 bytes
Created: 1/4/2009
Modified: 1/6/2009
Company: [no info]
C:\WINDOWS\system32\drivers\eafbcb98.sys appears to be in-use/locked
Entry has been scheduled for deletion when the PC is restarted
C:\WINDOWS\system32\drivers\eafbcb98.sys - file has been erased using RAW erasure
This file will also be marked for deletion when the PC is restarted, in case it is re-created
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\brian ruff\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
C:\Documents and Settings\brian ruff\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
5292054 bytes
Created: 11/20/2005
Modified: 10/2/2008
Company: [no info]
----------
Web Desktop Wallpaper: %APPDATA%\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
C:\Documents and Settings\brian ruff\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
5292054 bytes
Created: 11/20/2005
Modified: 10/2/2008
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************** **********
4:49:58 PM: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe - file already scanned
--------------------
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
--------------------
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe - file already scanned
--------------------
C:\WINDOWS\system32\Brmfrmps.exe - file already scanned
--------------------
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe - file already scanned
--------------------
C:\WINDOWS\system32\DVDRAMSV.exe - file already scanned
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
--------------------
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - file already scanned
--------------------
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe - file already scanned
--------------------
C:\WINDOWS\system32\ThpSrv.exe - file already scanned
--------------------
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe - file already scanned
--------------------
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe - file already scanned
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
--------------------
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
--------------------
C:\WINDOWS\System32\tabbtnu.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
--------------------
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
--------------------
C:\WINDOWS\system32\wscntfy.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgtray.exe - file already scanned
--------------------
C:\WINDOWS\explorer.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Documents and Settings\brian ruff\Application Data\Simply Super Software\Trojan Remover\uun3.exe
FileSize: 2884472
[This is a Trojan Remover component]
--------------------

************************************************** **********
4:50:02 PM: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************** **********
4:50:02 PM: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************** **********
4:50:02 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************** **********
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\windows\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
Live Search
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
MSN.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
Live Search
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
Live Search

************************************************** **********
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== CHANGES WERE MADE TO A USER'S STARTUP GROUP ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 4:50:02 PM 06 Jan 2009
Total Scan time: 00:03:06
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
1/6/2009 4:50:28 PM: restart commenced
************************************************** **********

[Osiris]

Did you run Hijackthis after you did those scans or first? If you did it last then I'll look at the log, of you didnt I need you to post a new hijackthis log