Suspected Smith-Fraud

[FastElvis]

Frequent IE redirects and registry change requests (now blacklisted with Teatimer). Unremovable BHO. Thanks for your help.

Kaspersky online:
***NOTE***
Scan would completely stall on C:\Sys~Vol~Info\trackin.log (running for over 15 hours). Changed settings to scan all Folders except System Volume. I have also included a memory scan.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, February 22, 2008 1:39:48 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/02/2008
Kaspersky Anti-Virus database records: 575350
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
All Drives A:\ thru J:\

Scan Statistics:
Total number of scanned objects: 199117
Number of viruses found: 3
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 03:29:39

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008022120080222\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\jar_cache39838.tmp/Baaaaa.class Infected: Trojan.Java.ClassLoader.ap skipped
C:\Documents and Settings\Owner\Local Settings\Temp\jar_cache39838.tmp/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ap skipped
C:\Documents and Settings\Owner\Local Settings\Temp\jar_cache39838.tmp/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ap skipped
C:\Documents and Settings\Owner\Local Settings\Temp\jar_cache39838.tmp ZIP: infected - 3 skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\FASTELVIS.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\ModemLog_PCI SoftV92 Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{7AB7D723-E4F2-4F61-8550-3A2E1C987ABD}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\cscuio.dll Infected: Trojan.Win32.Pakes.cdw skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT00823.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT00837.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Kaspersky Memory scan:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, February 22, 2008 1:43:05 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/02/2008
Kaspersky Anti-Virus database records: 575350
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Memory:

Scan Statistics:
Total number of scanned objects: 1518
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 00:00:51

Infected Object Name / Virus Name / Last Action
[0] [System Process] => C:\WINDOWS\system32\cscuio.dll Infected: Trojan.Win32.Pakes.cdw skipped
[660] iexplore.exe => C:\WINDOWS\system32\cscuio.dll Infected: Trojan.Win32.Pakes.cdw skipped

Scan process completed.


HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:32 AM, on 2/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = FastElvis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57FCBE69-932D-4745-BD39-D44582EA97C1} - C:\WINDOWS\system32\cscuio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.5.107.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1183893325250
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HID Input Service HidServWmdmPmSN (HidServWmdmPmSN) - Unknown owner - C:\WINDOWS\system32\~.exe (file missing)
O23 - Service: Media Center Extender Service (McrdSvc) - Unknown owner - C:\WINDOWS\ehome\mcrdsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5655 bytes

[katana]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

----------------------------------------------------------------------------------------


Disable Teatimer
First step:

• Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
• If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
• If you have Version 1.4, Click on Exit Spybot S&D Resident

Second step, For Either Version :

• Open Spybot S&D
• Click Mode, choose Advanced Mode
• Go To the bottom of the Vertical Panel on the Left, Click Tools
• then, also in left panel, click Resident shows a red/white shield.
• If your firewall raises a question, say OK
• In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
• OK any prompts.
• Use File, Exit to terminate Spybot
• Reboot your machine for the changes to take effect.

Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present

O2 - BHO: (no name) - {57FCBE69-932D-4745-BD39-D44582EA97C1} - C:\WINDOWS\system32\cscuio.dll

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.



Installed Programs

Please could you give me a list of the programs that are installed.

• Start HijackThis
• Click on the Misc Tools button
• Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

[FastElvis]

Thank you, Katana. Everything seemed to process OK.

ComboFix Log:

ComboFix 08-02-25.2 - Owner 2008-02-25 7:12:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cscuio.dll
C:\WINDOWS\system32\drivers\sxhffohn.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_AOTCAUWF
-------\LEGACY_SFSYNC02
-------\aotcauwf
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-22 02:30 . 2008-02-22 02:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-20 22:09 . 2008-02-20 22:09 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-20 22:09 . 2008-02-20 22:09 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-20 22:09 . 2008-02-20 22:09 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-20 17:34 . 2008-02-20 17:34 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-20 17:34 . 2008-02-20 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-15 00:44 . 2008-02-15 00:44 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2008-02-13 21:55 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-13 21:55 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-13 21:55 . 2008-02-08 10:37 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-13 21:55 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-13 21:55 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-13 21:55 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-13 21:55 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-13 03:42 . 2008-02-13 03:42 12,253,704 --------- C:\avg7qt.dat
2008-02-08 14:14 . 2008-02-08 14:14 <DIR> d-------- C:\VundoFix Backups
2008-02-08 14:02 . 2008-02-13 21:20 <DIR> d-------- C:\fixwareout
2008-02-08 13:58 . 2008-02-13 21:57 1,830 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-07 18:07 . 2008-02-07 18:07 <DIR> d-------- C:\_OTMoveIt
2008-02-07 16:26 . 2008-02-07 16:26 <DIR> d-------- C:\Deckard
2008-02-07 15:38 . 2007-12-06 20:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-07 15:38 . 2007-06-30 21:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-07 15:38 . 2007-06-30 21:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-07 15:38 . 2007-12-06 20:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-07 15:38 . 2007-12-06 20:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-07 15:38 . 2007-12-06 20:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-07 15:38 . 2007-12-06 20:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-07 15:38 . 2007-12-06 20:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-07 15:38 . 2007-12-06 05:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-06 20:55 . 2008-02-06 20:55 <DIR> d-------- C:\Program Files\EA GAMES
2008-02-06 15:50 . 2008-02-06 15:49 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-06 15:50 . 2008-02-06 15:50 3,446 --a------ C:\WINDOWS\unins000.dat
2008-01-29 00:26 . 2008-01-29 00:26 <DIR> d-------- C:\EPSONREG
2008-01-29 00:23 . 2008-01-29 00:23 <DIR> d-------- C:\WINDOWS\system32\PhotoImpression Slideshow
2008-01-29 00:23 . 2008-01-29 00:23 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-01-29 00:23 . 2006-10-20 16:11 126,976 --a------ C:\WINDOWS\system32\PhotoImpression Slideshow.scr
2008-01-29 00:23 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-01-29 00:22 . 2008-02-05 17:31 <DIR> d-------- C:\Program Files\EPSON Print CD
2008-01-29 00:22 . 2008-01-29 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-01-29 00:20 . 2008-01-29 00:25 <DIR> d-------- C:\Program Files\EPSON
2008-01-29 00:19 . 2008-01-29 00:26 44 --a------ C:\WINDOWS\EPSPR280.ini
2008-01-25 21:03 . 2008-01-25 21:09 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-01-25 21:03 . 2008-01-25 21:09 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-01-25 20:53 . 2008-01-25 20:53 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2008-01-25 20:53 . 2001-11-30 19:05 131,072 --a------ C:\WINDOWS\system32\dzip32.dll
2008-01-25 20:53 . 2001-11-30 19:05 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 13:27 86,038,560 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-25 13:24 1,011,380 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-23 03:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-19 17:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-02-14 02:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 09:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-09 23:23 --------- d-----w C:\Program Files\Winamp
2008-02-07 20:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-07 02:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 01:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\Canon
2008-01-29 06:24 --------- d-----w C:\Program Files\ArcSoft
2008-01-29 06:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\ArcSoft
2008-01-26 03:08 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-25 09:51 --------- d-----w C:\Program Files\GPL MPEG Decoder
2008-01-25 05:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 21:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\IObit
2008-01-23 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-23 17:08 --------- d-----w C:\Program Files\IObit
2008-01-23 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PCPitstop
2007-12-28 11:59 --------- d-----w C:\Program Files\3ivx
2007-12-28 11:52 --------- d-----w C:\Program Files\DivX
2007-09-23 04:20 144 -csha-w C:\WINDOWS\system32\1412465136.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-11-03 13:58 28160 C:\WINDOWS\KHALMNPR.Exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-24 05:17 579072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-07 08:49 8425472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-10 18:53:31 532480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\cinemsup.sys [2003-12-19 11:00]
S2 HidServWmdmPmSN;HID Input Service HidServWmdmPmSN;C:\WINDOWS\system32\~.exe srv []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 07:26:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-02-25 7:30:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-25 13:30:01
.
2008-02-14 00:05:15 --- E O F ---

New HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:37 AM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.5.107.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1183893325250
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HID Input Service HidServWmdmPmSN (HidServWmdmPmSN) - Unknown owner - C:\WINDOWS\system32\~.exe (file missing)
O23 - Service: Media Center Extender Service (McrdSvc) - Unknown owner - C:\WINDOWS\ehome\mcrdsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5010 bytes

HJT Installed Programs List: - See following post

[FastElvis]

Continued....

HJT Installed Programs List:

3ivx D4 4.5.1 (remove only)
ACDSee 32
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop 5.5
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.1
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced WindowsCare Personal 2.6.0
AGEIA PhysX v7.05.17
AQUAZONE "Seven Seas Collection"
AQUAZONE OpenWater
ArcSoft PhotoImpression 6
ArcSoft PhotoStudio 5.5
ArcSoft Print Creations
ArcSoft Software Suite
AVG 7.5
Battlefield 2(TM)
Call of Duty
Call of Duty - United Offensive
Call of Duty(R) 2
Canon MP Navigator 2.0
Canon MP150
Canon Utilities Easy-PhotoPrint
Compatibility Pack for the 2007 Office system
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Download Manager 2.3.5
Drivers Install For Linksys Easylink Advisor
DVD Ripper Platinum SE 4
Easy-WebPrint
EPSON Print CD
EPSON Printer Software
EPSON R280 User's Guide
EVGA Display Driver
GammonEmpire
G-Force
GPL MPEG-1/2 DirectShow Decoder Filter
GT Legends 1.1.0.0
GTR 2 1.0.0.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
IL-2 Sturmovik
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Kaspersky Online Scanner
LimeWire 4.14.12
Linksys EasyLink Advisor 1.6 (0032)
Logitech SetPoint
MagicTune3.6_Client_pivot
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
Natural Color
Nero Suite
Nikon View 6
OCA Client history tool install
OmniPage SE 2.0
Pacific Fighters
PCI SoftV92 Modem
PDF Settings
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sniper Elite
Sonic CinePlayer
Sonic Encoders
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Suunto Dive Manager 2.3.0
Symantec KB-DocID:2003093015493306
Tom Clancy's Ghost Recon Advanced Warfighter® 2
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update Rollup 2 for Windows XP Media Center Edition 2005
Winamp
Winamp Remote
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890760
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895198
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
Xfire (remove only)
Xvid 1.1.2 final uninstall
ZoneAlarm

[katana]

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire 4.14.12

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.


TotalScan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> TotalScan << LINK

• Under Scan Now click the Full Scan button
• Follow the prompts to install the Active X if necessary
• Go and make a cup of tea/coffee/beverage of your choice and watch some TV
• When the scan is finished, a report will be generated
• Next to Scan Details click the small Save button and save the report to your desktop.
• Please post the report in your reply.

How are things running now ?

[FastElvis]

Things are running quite smoothly now. You're wonderful. Thank you!

Receiving a "Sorry, updating is incomplete due to an error. Please try again. Error 10." when trying to use TotalScan. I will keep trying and post results as soon as complete.

[katana]

Any joy yet ?