I get an error message every time I turn on my computer: Windows cannot find C:\DOCUME~1\Owner\LOCALS~1\Temp\cryptfg.exe



ComboScan v20070306.20 run by Owner on 2007-04-05 at 17:27:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
47: 2007-04-05 23:27:40 UTC - RP122 - ComboScan Restore Point
46: 2007-04-05 09:00:17 UTC - RP121 - Software Distribution Service 2.0
45: 2007-04-05 02:02:24 UTC - RP120 - Software Distribution Service 2.0
44: 2007-04-03 09:00:17 UTC - RP119 - Software Distribution Service 2.0
43: 2007-04-02 09:00:18 UTC - RP118 - Software Distribution Service 2.0


-- First Restore Point --
1: 2007-02-25 05:33:43 UTC - RP76 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as Owner.exe) --------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:15:29 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Owner\Desktop\comboscan.exe
C:\PROGRA~1\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=explorer.exe C:\DOCUME~1\JAMIEW~1\LOCALS~1\Temp\cryptfg.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe"
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - Startup: Desperate Housewives Registration.lnk = C:\Program Files\Buena Vista Games\Desperate Housewives\eReg\DSN1.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S 5U870CAP_VID_1262&PID_25FD (HP Pavilion Webcam ) - C:\WINDOWS\system32\drivers\5U870CAP.sys
0R a347bus - C:\WINDOWS\system32\drivers\a347bus.sys
0R a347scsi - C:\WINDOWS\system32\drivers\a347scsi.sys
4S agpCPQ (Compaq AGP Bus Filter) - C:\WINDOWS\system32\drivers\AGPCPQ.SYS
4S alim1541 (ALI AGP Bus Filter) - C:\WINDOWS\system32\drivers\ALIM1541.SYS
4S amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\system32\drivers\AMDAGP.SYS
2R AMON - C:\WINDOWS\system32\drivers\amon.sys
3R AnyDVD - C:\WINDOWS\system32\drivers\AnyDVD.sys
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
3S BTWUSB (WIDCOMM USB Bluetooth Driver) - C:\WINDOWS\system32\drivers\btwusb.sys
4S cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
4S dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys
3R E100B (Intel® PRO Network Connection Driver) - C:\WINDOWS\system32\drivers\e100b325.sys
1R eabfiltr - C:\WINDOWS\system32\drivers\eabfiltr.sys
3S eabusb - C:\WINDOWS\system32\drivers\EabUsb.sys
1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2R ElbyCDIO (ElbyCDIO Driver) - C:\WINDOWS\system32\drivers\ElbyCDIO.sys
3R ElbyDelay - C:\WINDOWS\system32\drivers\ElbyDelay.sys
3R HBtnKey - C:\WINDOWS\system32\drivers\CPQBttn.sys
3R HdAudAddService (Microsoft UAA Function Driver for High Definition Audio Service) - C:\WINDOWS\system32\drivers\CHDAud.sys
3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\HPZid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
3R HSFHWAZL - C:\WINDOWS\system32\drivers\HSFHWAZL.sys
3R HSF_DPV - C:\WINDOWS\system32\drivers\HSF_DPV.sys
3R ialm - C:\WINDOWS\system32\drivers\igxpmp32.sys
0R iaStor (Intel AHCI Controller) - C:\WINDOWS\system32\drivers\iaStor.sys
4S InCDFs (InCD File System) - C:\WINDOWS\system32\drivers\InCDFs.sys (not found)
1S InCDPass - C:\WINDOWS\system32\drivers\InCDPass.sys (not found)
1S InCDRm (InCD Reader) - C:\WINDOWS\system32\drivers\InCDRm.sys (not found)
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
2R MCSTRM - C:\WINDOWS\system32\drivers\mcstrm.sys
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3S MHNDRV (MHN driver) - C:\WINDOWS\system32\drivers\mhndrv.sys
3R MQAC (Message Queuing access control) - C:\WINDOWS\system32\drivers\mqac.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
1R nod32drv - C:\WINDOWS\system32\drivers\nod32drv.sys
2R nxsIO32 (NextSensor Kernel I/O Driver) - C:\WINDOWS\system32\drivers\nxsIO32.sys
0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3S Pcouffin (Low level access layer for CD devices) - C:\WINDOWS\system32\Drivers\Pcouffin.sys (not found)
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3R rimmptsk - C:\WINDOWS\system32\drivers\rimmptsk.sys
3R rimsptsk - C:\WINDOWS\system32\drivers\rimsptsk.sys
3R rismxdp (Ricoh xD-Picture Card Driver) - C:\WINDOWS\system32\drivers\rixdptsk.sys
3R RMCAST (Reliable Multicast Protocol driver) - C:\WINDOWS\system32\drivers\rmcast.sys
3S rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\RTL8139.sys
3R sdbus - C:\WINDOWS\system32\drivers\sdbus.sys
4S sisagp (SIS AGP Bus Filter) - C:\WINDOWS\system32\drivers\SISAGP.SYS
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
0R SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - C:\WINDOWS\system32\drivers\SSFS0509.sys
0R SSHRMD (Spy Sweeper Hookrack MiniDriver) - C:\WINDOWS\system32\drivers\sshrmd.sys
0R SSIDRV (Spy Sweeper Interdiction Driver) - C:\WINDOWS\system32\drivers\ssidrv.sys
3R SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - C:\WINDOWS\system32\drivers\sskbfd.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
2R symlcbrd - C:\WINDOWS\system32\drivers\symlcbrd.sys
3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
1R Tcpip6 (Microsoft IPv6 Protocol Driver) - C:\WINDOWS\system32\drivers\tcpip6.sys
3R tunmp (Microsoft Tun Miniport Adapter Driver) - C:\WINDOWS\system32\drivers\tunmp.sys
3S UIUSys (Conexant Setup API) - C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS (not found)
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
4S viaagp (VIA AGP Bus Filter) - C:\WINDOWS\system32\drivers\VIAAGP.SYS
3R w39n51 (Intel® PRO/Wireless 3945ABG Adapter Driver) - C:\WINDOWS\system32\drivers\w39n51.sys
3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
1R WmiAcpi (Microsoft Windows Management Interface for ACPI) - C:\WINDOWS\system32\drivers\wmiacpi.sys
1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S AddFiltr - "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe"
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2S Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2R ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe
2R ehSched (Media Center Scheduler Service) - C:\WINDOWS\eHome\ehSched.exe
2R hpqwmiex - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
2R LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
2R McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe
3S MHN - C:\WINDOWS\System32\svchost.exe -k netsvcs
2S MSMQ (Message Queuing) - C:\WINDOWS\system32\mqsvc.exe
2S MSMQTriggers (Message Queuing Triggers) - C:\WINDOWS\system32\mqtgsvc.exe
2R NOD32krn (NOD32 Kernel Service) - "C:\Program Files\Eset\nod32krn.exe"
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
2R WebrootSpySweeperService (Webroot Spy Sweeper Engine) - "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"


-- Scheduled Tasks -------------------------------------------------------------

2007-04-05 16:30:00 416 --a------ C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job<ADVANC~1.JOB>
2007-04-03 20:00:09 428 --a------ C:\WINDOWS\Tasks\AwcProUpdate.job<AWCPRO~1.JOB>


-- Files created between 2007-03-05 and 2007-04-05 -----------------------------

2007-04-05 16:44:47 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-04-05 16:44:47 144960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-04-05 16:44:47 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-04-05 16:44:47 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-04-05 16:44:47 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-04-05 16:44:39 0 d-------- C:\Program Files\Webroot
2007-04-05 16:44:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-04-05 16:43:10 164 --a------ C:\install.dat
2007-04-05 16:42:52 0 d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2007-04-05 03:00:19 0 d-------- C:\aa6cc08d446dc9a1794e21
2007-04-04 20:02:26 0 d-------- C:\62821a8a893e2111ee9416
2007-04-03 03:00:19 0 d-------- C:\436913e715bcf0f31ed4746f
2007-04-02 03:00:20 0 d-------- C:\ad4a4098aac343d432b22bb3b25f
2007-04-01 03:00:20 0 d-------- C:\f675a285789a9926d951ba461f0572
2007-03-31 03:00:23 0 d-------- C:\3bd8b91158fc57f72e4eb0d5
2007-03-30 16:46:27 172032 --a------ C:\WINDOWS\system32\igfxres.dll
2007-03-30 16:44:24 57344 --a------ C:\WINDOWS\system32\igxprd32.dll
2007-03-30 16:44:24 149504 --a------ C:\WINDOWS\system32\igxpgd32.dll
2007-03-30 16:44:24 2555904 --a------ C:\WINDOWS\system32\igxpdx32.dll
2007-03-30 16:44:24 1612576 --a------ C:\WINDOWS\system32\igxpdv32.dll
2007-03-30 16:44:24 204800 --a------ C:\WINDOWS\system32\igfxCoIn_v4785.dll
2007-03-30 16:44:24 5700096 --a------ C:\WINDOWS\system32\drivers\igxpmp32.sys
2007-03-30 16:44:20 0 d-------- C:\WINDOWS\system32\Lang
2007-03-30 16:44:20 319456 --a------ C:\WINDOWS\system32\difxapi.dll
2007-03-30 16:44:19 393216 --a------ C:\WINDOWS\system32\igxpun.exe
2007-03-30 16:44:11 0 d-------- C:\Intel
2007-03-30 10:37:07 0 d-------- C:\Kodak
2007-03-30 03:00:22 0 d-------- C:\b728aa2b15cdb4df701c363eda081a01
2007-03-29 21:18:56 0 d-------- C:\WINDOWS\system32\BWKDLogs
2007-03-29 21:17:46 159232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-03-29 21:17:46 5632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-03-29 21:17:39 0 d-------- C:\Program Files\Common Files\Kodak
2007-03-29 21:16:36 0 d-------- C:\Program Files\Kodak
2007-03-29 21:12:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-03-29 03:00:21 0 d-------- C:\d4934793bd71a00f161070731d
2007-03-28 17:49:32 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-03-28 17:48:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Desperate Housewives
2007-03-28 17:48:23 0 d-------- C:\Documents and Settings\Default User\Application Data\Desperate Housewives
2007-03-28 17:48:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Desperate Housewives
2007-03-28 17:39:55 0 d-------- C:\Program Files\Buena Vista Games
2007-03-28 10:26:08 0 d-------- C:\8095937775f295e272
2007-03-27 18:57:53 0 d-------- C:\a862aedc66e067992d
2007-03-26 19:46:01 0 d-------- C:\4ea493f1414965339dd79c724406f7
2007-03-25 14:33:01 0 d-------- C:\8f854044d7c598bcd4058a262958d479
2007-03-24 18:37:21 0 d-------- C:\Documents and Settings\Owner\Application Data\ImgBurn
2007-03-24 12:58:47 0 d-------- C:\726903ce624e78170b4b72
2007-03-23 03:00:20 0 d-------- C:\5dd5b34d1afbcb17cc8102e257aa
2007-03-22 03:00:20 0 d-------- C:40cbdca9766aaee279e04c2b3
2007-03-21 03:00:19 0 d-------- C:\a6c18e6dc2fb4bd98d478c732021a1
2007-03-20 03:00:20 0 d-------- C:\ed17600c1ab5a95030f1cc705219
2007-03-19 03:00:27 0 d-------- C:\a86da76eeb0e5a2c15
2007-03-18 20:41:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-03-18 03:00:21 0 d-------- C:\80ab3be75d5be07b1e
2007-03-17 10:27:53 0 d-------- C:\Documents and Settings\Owner\Application Data\DVD Flick
2007-03-17 10:27:29 0 d-------- C:\Program Files\DVD Flick
2007-03-17 03:00:19 0 d-------- C:\5b1bc88912651a45c1ac3fe2
2007-03-16 03:00:24 0 d-------- C:\d22e67cd57a42cfd56243b
2007-03-15 03:00:20 0 d-------- C:\c20a121068b22bcdff8041
2007-03-14 03:00:19 0 d-------- C:\78aba0b6c7180c09a6<78ABA0~1>
2007-03-13 20:40:22 10078 --a------ C:\WINDOWS\msvrc20.dll
2007-03-13 20:40:20 0 d-------- C:\Program Files\IObit
2007-03-13 03:00:19 0 d-------- C:\3a424f09da04adea92a5d6<3A424F~1>
2007-03-12 03:00:19 0 d-------- C:\cbfb6f2e383c7536acb3b165<CBFB6F~1>
2007-03-11 18:33:44 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Tools<PCTOOL~1>
2007-03-11 18:30:44 0 d-------- C:\Program Files\PC Tools AntiVirus<PCTOOL~1>
2007-03-11 11:31:13 0 d-------- C:\274e56e483c9af5d5dcfd0ccde77911d<274E56~1>
2007-03-10 10:01:43 0 d-------- C:\b25847d78e6fae6df1f87e<B25847~1>
2007-03-09 04:00:20 0 d-------- C:\7751de3c95c750a90b8bffc7483fa0f6<7751DE~1>
2007-03-08 21:30:34 0 d-------- C:\ca3e9bf96f5c00a0d1549c<CA3E9B~1>
2007-03-08 21:29:43 0 d-------- C:\23af158b4734b77f02d960df<23AF15~1>
2007-03-08 21:29:40 0 d-------- C:\WINDOWS\system32\LogFiles
2007-03-08 21:29:40 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-08 21:29:09 0 d-------- C:d7cec8cd59ca4e6e1bd54ea3d08<0D7CEC~1>
2007-03-08 04:00:23 0 d-------- C:99b24e88f8fbe217a24<099B24~1>
2007-03-07 04:00:27 0 d-------- C:\27ce35dd8486581f64cb8e52653689d5<27CE35~1>
2007-03-06 04:00:20 0 d-------- C:\96cc7bbcf58d4a1c59bf97ff18d2b0<96CC7B~1>
2007-03-05 21:13:53 0 d-------- C:\Program Files\EA GAMES<EAGAME~1>
2007-03-05 21:13:52 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-03-05 20:45:40 5248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-03-05 20:45:40 160640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-03-05 04:00:20 0 d-------- C:\aa6c1d26f6e06161aae0bf<AA6C1D~1>


-- Find3M Report ---------------------------------------------------------------

2007-04-05 16:47:16 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-28 17:39:51 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-25 18:02:57 0 d-------- C:\Documents and Settings\Owner\Application Data\dvdcss
2007-03-15 19:05:27 119 --a------ C:\Documents and Settings\Owner\Application Data\FixVTS.ini
2007-03-08 21:31:24 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-03-08 09:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 09:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 09:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 07:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-04 18:50:36 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>
2007-03-03 23:37:46 0 d-------- C:\Documents and Settings\Owner\Application Data\muvee Technologies<MUVEET~1>
2007-03-03 23:30:11 0 d-------- C:\Program Files\AviSynth 2.5<AVISYN~1.5>
2007-03-03 23:11:11 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-02 22:35:14 0 d-------- C:\Program Files\NewsRover<NEWSRO~1>
2007-03-02 20:47:22 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2007-02-26 10:59:48 450560 --a------ C:\WINDOWS\system32\igldev32.dll
2007-02-26 10:58:12 2334720 --a------ C:\WINDOWS\system32\iglicd32.dll
2007-02-26 10:35:34 528384 --a------ C:\WINDOWS\system32\igfxcfg.exe
2007-02-26 10:34:28 131072 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-02-26 10:34:28 155648 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-02-26 10:34:04 200704 --a------ C:\WINDOWS\system32\igfxpph.dll
2007-02-26 10:33:58 24576 --a------ C:\WINDOWS\system32\igfxexps.dll
2007-02-26 10:33:56 131072 --a------ C:\WINDOWS\system32\igfxpers.exe
2007-02-26 10:33:56 159744 --a------ C:\WINDOWS\system32\igfxext.exe
2007-02-26 10:33:56 135168 --a------ C:\WINDOWS\system32\igfxdo.dll
2007-02-26 10:33:48 47616 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2007-02-26 10:33:46 245760 --a------ C:\WINDOWS\system32\igfxsrvc.exe
2007-02-26 10:33:40 163840 --a------ C:\WINDOWS\system32\igfxzoom.exe
2007-02-26 10:33:30 102400 --a------ C:\WINDOWS\system32\hccutils.dll
2007-02-26 10:33:26 204800 --a------ C:\WINDOWS\system32\igfxdev.dll
2007-02-26 10:33:16 3293184 --a------ C:\WINDOWS\system32\igfxress.dll
2007-02-24 11:12:30 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-02-18 20:17:45 0 d-------- C:\Program Files\ProfileWatcher<PROFIL~1>
2007-02-17 20:23:40 0 d-------- C:\Program Files\thriXXX
2007-02-12 19:30:40 0 d-------- C:\Program Files\Maxis
2007-02-11 20:39:13 0 d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft<MICROS~1>
2007-02-11 16:51:55 0 d-------- C:\Documents and Settings\Owner\Application Data\vlc
2007-02-11 16:50:31 0 d-------- C:\Program Files\VideoLAN
2007-02-10 12:19:38 0 d-------- C:\Documents and Settings\Owner\Application Data\SlySoft
2007-02-10 12:09:28 0 d-------- C:\Program Files\SlySoft
2007-02-10 12:07:10 0 d-------- C:\Program Files\Elaborate Bytes<ELABOR~1>
2007-02-05 21:06:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Intuit
2007-02-05 21:06:30 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0<ANSWER~1.0>
2007-02-05 21:06:09 0 d-------- C:\Program Files\Quicken
2007-02-05 21:02:42 0 d-------- C:\Program Files\TurboTax
2007-02-05 21:02:29 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield<INSTAL~1>
2007-02-03 23:28:29 502 --a------ C:\WINDOWS\eReg.dat
2007-02-02 10:37:30 81920 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2007-01-29 02:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-27 18:41:22 0 -rahs---- C:\MSDOS.SYS
2007-01-27 18:41:22 0 -rahs---- C:\IO.SYS
2007-01-24 16:07:09 110418 --a------ C:\WINDOWS\hpoins11.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"WMPNSCFG"="\"C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"hpWirelessAssistant"="\"C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe"
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"HP Software Update"="\"C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe\""
"QlbCtrl"="\"C:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe\" /Start"
"Cpqset"="\"C:\\Program Files\\Hewlett-Packard\\Default Settings\\cpqset.exe\""
"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
"Reminder"="C:\\Windows\\CREATOR\\Remind_XP.exe"
"NWEReboot"=""
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Advanced WindowsCare V2 Pro"="\"C:\\Program Files\\IObit\\Advanced WindowsCare V2 Pro\\Awc.exe\" /startup"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AnyDVD"
"hkey"="HKCU"
"command"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="isuspm"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfileWatcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="profilewatcher"
"hkey"="HKLM"
"command"="C:\\Program Files\\ProfileWatcher\\profilewatcher.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
WudfServiceGroup REG_MULTI_SZ WUDFSvc\



-- End of ComboScan: finished at 2007-04-05 at 18:15:53 ------------------------

Hi Anthony,

The error is related to a trojan that has hooked onto explorer.exe so it runs everytime the system starts, as the trojan file is missing its now generating errors, Ive seen this afew times but we only get the logs once the error's start so without a sample of the file I havent been able to establish what the trojan is up to now. Its simple enough to fix but its worth running a online scanner to be sure its not got other components on your system,

Run Hijack This and choose Do A System Scan then place a check next to these entries

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=explorer.exe C:\DOCUME~1\JAMIEW~1\LOCALS~1\Temp\cryptfg.exe

Close all open browser and other windows except for Hijack This and press the Fix Checked button

Then run CCleaner to clear out your temp folders,

Next visit VirusTotal and have this file scanned:

C:\WINDOWS\msvrc20.dll

Open the scan site and press Browse, locate the file and double click it to load the path into the Virus scan window then press Send, copy and paste the Virus scan results back and let us know if you have any problems finding the file. Also have this file scanned

C:\WINDOWS\system32\d3d9caps.dat

Please then generate a report of the Add/Remove screen entries to make sure no problems are showing:

Open Hijackthis, and click the Misc Tools button.
Then click the Open Uninstall Manager... button.
The Add/Remove Programs Manager panel should appear.
In this panel click the Save list button.
Save the uninstall_list.txt file to your desktop and copy and paste the contents back in your next reply.

Finally do an online scan with Kaspersky WebScanner.

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:
  Select My Computer
• This program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Please then post back the VirusTotal results, Kaspersky log, Uninstall list and a new HijackThis log

Let us know if you have any problems

Regards

Andy

Okay here are the log files that you asked for.

Unistall Log:

µTorrent
Adobe Acrobat 7.0 Professional
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.5
Advanced WindowsCare 2.30 Professional
AnyDVD
Avi2Dvd 0.4.4 beta
CCleaner (remove only)
CCScore
CloneDVD2
Conexant HD Audio
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
Customer Experience Enhancement
Desperate Housewives
Disney Interactive Compatibility Update May 2002
DivX
DVD Decrypter (Remove Only)
DVD Flick
DVD2one V2.1.0
Easy Internet Sign-up
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
GemMaster Mystic
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB926239)
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Essential
HP Photosmart Premier Software 6.0
HP Photosmart, Officejet and Deskjet 7.0.A
HP Quick Launch Buttons 6.10 A2
HP QuickPlay 2.3
HP Update
HP User Guides 0035
HP Wireless Assistant 2.00 G2
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
IsoBuster 1.9.1
J2SE Runtime Environment 5.0 Update 6
kgcbase
Kodak EasyShare software
KSU
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2006
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSN
MSXML 4.0 SP2 (KB927978)
muvee autoProducer 5.0
My HP Games
Nero 7 Premium
netbrdg
Netscape Browser (remove only)
NetWaiting
Network Play System (Patching)
News Rover
NOD32 antivirus system
NOD32 FiX v2.1
Notifier
Office 2003 Trial Assistant
OfotoXMI
Quicken 2007
QuickPar 0.9
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Sexy Pack 3.0
SFR
SHASTA
SKIN0001
SKINXSDK
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
Spy Sweeper
staticcr
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver
The Sims
The Sims 2
thriXXX VirtuallyJenna-029.002
tooltips
TourSetup
TurboTax Deluxe Deduction Maximizer 2006
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
VideoLAN VLC media player 0.8.6a
Vongo
VPRINTOL
WexTech AnswerWorks
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
WIRELESS
Wireless Home Network Setup

KASPERSKY ONLINE SCANNER REPORT
Friday, April 06, 2007 9:16:54 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/04/2007
Kaspersky Anti-Virus database records: 292201


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 101559
Number of viruses found 2
Number of infected objects 2 / 0
Number of suspicious objects 0
Duration of the scan process 01:13:49

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Application Data\Webroot\Spy Sweeper\Logs70405164745.ses Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Jamie Weakland\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jamie Weakland\History\History.IE5\MSHist012007040620070407\index.dat Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Temp\~DF366.tmp Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Local Settings\Temp\~DFDBA9.tmp Object is locked skipped

C:\Documents and Settings\Jamie Weakland\My Documents\Downloads\Eset_NOD32_Antivirus_v2.000.6\Patch.exe Infected: Trojan-Dropper.Win32.Agent.bdh skipped

C:\Documents and Settings\Jamie Weakland\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Jamie Weakland\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Jamie Weakland\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0553F636-B640-4C4B-806A-C995FB55EE78.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS05CB809A-3C12-4ECC-8481-E94457CF0AD2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS08C835E6-E7FF-4C57-B65F-0B4E0DD0203E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS161670E8-19F1-47F9-BF5E-EDF6FFDEFD65.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS16918DBE-BD4B-4A19-BD6F-EFD9F17968CD.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS19E87196-6565-4ECE-98FB-E2D73BB59EFD.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1BCB2630-C9FC-43A0-A21D-C5AA9B99F670.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2055A1C3-22EB-4F6C-B187-96BB1B1F4401.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS21677858-3C74-416D-A859-CCFBDD72FBBE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS233561EE-5A3B-4DA0-85D6-5A5CAE42FCAF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS250C3278-CEB5-4BED-A025-223BDF8F7A7A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2A2D056C-309B-4640-B2B9-33E793BF36A7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2AEFDACD-A2D4-44D8-B198-282F34BE28A4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2FB5CE0B-0D81-4BE7-B9C9-EB36AA63F329.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS38C4E27A-2373-43D7-81FD-FE1615B6BD50.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3AA16F6B-FBDD-43BF-94E9-B24F915C3BCD.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3F5075E3-B84A-4EA2-B04B-67424FE033FF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS411C698E-3620-4D73-A346-E9F1856DD83F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS41EB30BC-4EE4-43F1-B617-CD1EEC27E9CE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS42E02C4B-677A-4DFA-8B45-A896969EEF52.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS433BBCFB-743D-45D5-99C5-FF95031994C7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS437EA768-B3AF-4441-A1C3-3193B9A58FBA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS44446755-AEAE-46D7-AF1F-ED9239A6926E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4A497562-1848-4F69-8E5E-B24BE04574FF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4A681423-AF9C-42E6-99BA-CAABBF4290A7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4B846B1D-A47E-4243-93D8-3D103A9AAD39.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4D608B71-CC00-41A1-A134-E1FF02976AA7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5A867A69-8265-4028-8369-4536685212E1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5BC465DF-6298-4201-8EAB-BB6A4AC56E0B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS61E33CF6-4467-4A86-B8F8-D805579BE984.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS634DF981-971E-451F-987D-BBD541714E74.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS644CA5A2-FAC9-4EEA-B97A-3794C1D76DBF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS67A6291A-6C1C-4562-B588-9DAF7EE07F37.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6933C982-0C5B-40B1-B122-F7473127DE57.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6FFAF258-382A-4053-B4FA-5AFEC98FFA29.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7146E7C8-8DCF-4463-9B5E-B5E3C51134D7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7271DBB1-A7CD-4060-8968-C4D1480EB1C9.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS72A67592-7A1E-4CF6-9E96-EFFEAC5D6235.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS752D138F-B978-4F2C-8980-ACAA26056302.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS76FEBFBE-516D-4553-8A89-8F2FF61F1D85.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7713BEDC-22B1-42CE-AB6B-AD38760CE582.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7C83A8C5-C392-47A4-9C27-89952B721EAA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7FE7BAB0-C2DA-46A3-A3B1-A7BC62FC1851.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS801B6020-5B09-40F5-A1A8-056D3D2CDFDC.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS84EB0E66-EA8B-419C-A876-A2A79E3CF6C7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS86E6C8A0-C5B3-4922-997A-B6323D9889B1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS890C9025-C3A7-4912-A3C5-4DB21F49C71A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8B5D5C78-C0B3-4A05-AF48-F63B184E7005.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8E60DD03-7BC2-4D9B-B553-4EFAF76E23B8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8F1F912D-5D28-4A77-BE01-B67B3C6F4100.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9233D695-6137-4148-9E8E-EED461472CB9.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS933CD5C8-748E-4DBE-8FF7-3BD61A7B0E57.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS938B6E72-16F9-4A63-8838-898FFE54D786.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9527F5AA-0FFD-4988-9535-F8206B5E5E76.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS962685D8-D6B6-440B-8C96-2C167824FAF9.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS981665CC-B56C-4FB8-BD81-9D8D72E9E669.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9B27ACF7-8F69-44AF-9ABD-A17F24C12AF6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9ED65CBF-5A8B-424C-ACDB-D19CBC3CE349.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAF7613D9-7EC7-4A24-86D5-380E7BF09C6D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB28C8695-B2A2-401E-B322-AE97A13E6521.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB2C123EC-F17C-427E-B958-AD8058D7E75F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBAC71666-3D60-4BDA-90F9-857BE19F4DF6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBCC33022-928F-41A5-AB4B-0C448E5915D2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBD5B8633-9197-4288-B7D3-A5391013D50C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBDF1656F-FDF3-451A-BF1B-95B0575AABB6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBF4AF410-E757-4F2A-86D6-805227A27E6F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC32B6AD2-4AE8-40C6-940B-133103A610C6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC39E9D91-046C-47AE-939F-104FFBA8003F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC4C25FA6-BC15-4ACF-8F5E-3AE3943D115F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC593CE37-C5B0-4CE1-9A38-7FCAA97617CE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD58E27B9-FFC9-499A-A63E-A7F35E121E29.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDB105A81-6B61-4DD7-92BA-30091961D4ED.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDB2801B6-9DA9-463B-811C-AF626D6DAAD0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDBB149A6-5376-40D4-A80E-53C6DAA45CE2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDDC709A5-F824-4BB8-A6E2-E3A832414BF5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE7C0C9CB-0DA3-46FB-BDE8-B3DD6459E56F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE8F11260-E4F4-44BC-96BD-E34A1DC27409.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE954868C-0680-42C2-BC51-894074F918C4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE9FCA573-0776-4B38-B5E5-F5A62AA14E82.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEAFE4857-87B6-4414-A68C-BC9D40F0F193.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEE88BC3F-30A9-4D5F-BEFE-61F85E444D93.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEF3B5451-26B9-4BB4-8F85-34E645FAED25.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEFA0A392-6A5D-4FEA-A347-326A4B2E7E7D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF045448A-8B57-4670-9EB5-5261696ABCA1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF0B25DC4-A994-4259-B1E2-270ABB635C7A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF4F02A85-46EF-4E11-B224-384FD00D7AC2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF7FB7187-AA20-4C43-8876-91CE774EEBBC.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF90B80E0-63B2-4E57-AF89-A2730EAEAEA8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF99B998D-F5DF-4B8D-8BCF-A4CE72373913.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFBF0AEA1-55AE-4369-81E2-414C86D9083A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFCADED2C-F0DB-4B74-9F82-D3ABE9535DDC.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\ec9098043cea2d1b662bab9605\update\update.exe Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\DIGStream\digstream.exe Infected: not-a-virus:Downloader.Win32.DigStream skipped

C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped

C:\Program Files\ESET\logs\virlog.dat Object is locked skipped

C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000001.FCS Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.mst Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP123\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{A510798A-65C0-46EF-9F87-424FA078F964}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{A4F14AE0-146E-458D-ACEB-13686F34751A}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped

C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP123\change.log Object is locked skipped

Scan process completed.



AhnLab-V3 2007.4.7.0 04.06.2007 no virus found
AntiVir 7.3.1.48 04.06.2007 no virus found
Authentium 4.93.8 04.06.2007 no virus found
Avast 4.7.936.0 04.06.2007 no virus found
AVG 7.5.0.447 04.07.2007 no virus found
BitDefender 7.2 04.07.2007 no virus found
CAT-QuickHeal 9.00 04.06.2007 no virus found
ClamAV devel-20070312 04.07.2007 no virus found
DrWeb 4.33 04.06.2007 no virus found
eSafe 7.0.15.0 04.06.2007 no virus found
eTrust-Vet 30.7.3549 04.06.2007 no virus found
Ewido 4.0 04.06.2007 no virus found
FileAdvisor 1 04.07.2007 no virus found
Fortinet 2.85.0.0 04.06.2007 no virus found
F-Prot 4.3.1.45 04.04.2007 no virus found
F-Secure 6.70.13030.0 04.06.2007 no virus found
Ikarus T3.1.1.3 04.06.2007 no virus found
Kaspersky 4.0.2.24 04.07.2007 no virus found
McAfee 5003 04.06.2007 no virus found
Microsoft 1.2405 04.06.2007 no virus found
NOD32v2 2171 04.06.2007 no virus found
Norman 5.80.02 04.05.2007 no virus found
Panda 9.0.0.4 04.06.2007 no virus found
Prevx1 V2 04.07.2007 no virus found
Sophos 4.16.0 04.06.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 no virus found
Symantec 10 04.07.2007 no virus found
TheHacker 6.1.6.085 04.04.2007 no virus found
VBA32 3.11.3 04.06.2007 no virus found
VirusBuster 4.3.7:9 04.06.2007 no virus found
Webwasher-Gateway 6.0.1 04.07.2007 no virus found

I tired to remove the two objects that Kaspersky found but would not let me.
Thanks let me know if you need anything eles.

Thanks

Thats looking ok, you need to remove the NOD32 patch as it's infected, you should be cautious about running any cracked software on your system as they are very malicious, running a cracked Antivirus program is risky as it could of been modified to ignore certain infections or disable some of its protection features.

Open hijackthis and click Open the Misc Tools section

Then click Delete a file on reboot

In the File Name field, copy and paste this:

C:\Documents and Settings\Jamie Weakland\My Documents\Downloads\Eset_NOD32_Antivirus_v2.000.6\Patch.exe

Then click Open

Hijackthis will tell you that this file will be deleted when the system reboots and ask you if you want to reboot now. Click Yes

Your system should then reboot

digstream.exe is fine to ignore, its part of ESPN Motion which I can see is installed,

The version of Java is out of date and older versions can be vunerable to some infectons, its common for them to leave older versions on the pc each time it updates so its easier to goto the Add/Remove screen (Start Menu > Control Panel > Add or Remove Programs) and remove J2SE Runtime Environment 5.0 Update 6, then visit Sun's website Here and get the latest version


Regarding the VirusTotal results, the filename part is missing so Im not sure if those results are for C:\WINDOWS\msvrc20.dll or C:\WINDOWS\system32\d3d9caps.dat , can you let us know if both of those files show clean when scanned, apart from that its looking good, are you still having any problems ?

Andy