I don't know what sparked it off, but I almost had to format my HDD and re-install Windows!

I must of downloaded a dodgy file and it has seriously corrupted my system...


LOGONUI.EXE - Application Error on startup ("The instruction 0x005f0406? Referenced memory at 0x005f0406 memory could not be written" pop's up about 20 times before windows starts fully).

No XP Login user interface because of this, and just a blank screen (eventually the "classic" windows login pops up and I login)

Login to my account but only wallpaper displayed and no "explorer" interface (also all my original personalised settings have disappeared)

ctrl-alt-del to bring up task manager and managed to run (very slowly!!!) explorer.exe

Only default desktop icons and quick launch icons showing, also start menu items are all empty! (Can someone explain this??)


All programs now have to be searched/run... from windows explorer or task manager etc

A quick browse of the system reveals "Dcads Games" installed, "Personal Security Centre" running and some other malware security programs.

Firefox (my main browser) has a "error 777", pop-up every 4-5 pages visited, I switched to IE7 as my second browser to see if it worked, but that would not even connect.
Also just for my benefit, I can't seem to connect to hotmail.com in Firefox.!


Please help me fix this mess!!!!!


LOGS to follow!

NOTE: I've managed to find my documents, settings, bookmarks, data etc in a folder called:

"Account.3311 (Retrieved after unexpected restart.)".

HJTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:45:52, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll
O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [jibupqne] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\jibupqne.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [SpybotDeletingA805] command /c del "C:\Program Files\WinZix\WinZixManager.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC449] cmd /c del "C:\Program Files\WinZix\WinZixManager.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WinZix Service] C:\Program Files\WinZix\wakeservice.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Key Generator\isamonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 9373 bytes

ADWARE


Ad-Aware SE Build 1.06r1
Logfile Created on:24 November 2007 23:10:34
Using definitions file:SE1R136 04.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):37 total references
Tracking Cookie(TAC index:3):103 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


24-11-2007 23:10:34 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : D:\Documents and Settings\user\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\adobe\photoshop\7.0\visiteddirs
Description : adobe photoshop 7 recent work folders


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\frontpage\explorer\frontpage explorer\recent page list
Description : list of recently used pages in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 792
ThreadCreationTime : 24-11-2007 22:32:42
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 856
ThreadCreationTime : 24-11-2007 22:32:53
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 884
ThreadCreationTime : 24-11-2007 22:32:56
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 928
ThreadCreationTime : 24-11-2007 22:33:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 940
ThreadCreationTime : 24-11-2007 22:33:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1084
ThreadCreationTime : 24-11-2007 22:33:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1232
ThreadCreationTime : 24-11-2007 22:33:16
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1376
ThreadCreationTime : 24-11-2007 22:33:17
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1440
ThreadCreationTime : 24-11-2007 22:33:17
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 228
ThreadCreationTime : 24-11-2007 22:33:23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 356
ThreadCreationTime : 24-11-2007 22:33:26
BasePriority : Normal
FileVersion : 103.0.8.2
ProductVersion : 103.0.8.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:12 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 300
ThreadCreationTime : 24-11-2007 22:33:30
BasePriority : Normal
FileVersion : 103.0.9.2
ProductVersion : 103.0.9.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:13 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 312
ThreadCreationTime : 24-11-2007 22:33:30
BasePriority : Normal
FileVersion : 5.5.6.604
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002 - 2007 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1108
ThreadCreationTime : 24-11-2007 22:35:07
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [applemobiledeviceservice.exe]
FilePath : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\
ProcessID : 1456
ThreadCreationTime : 24-11-2007 22:35:13
BasePriority : Normal
FileVersion : 1, 14, 0, 0
ProductVersion : 1, 14, 0, 0
ProductName : Apple Mobile Device Service
CompanyName : Apple, Inc.
FileDescription : Apple Mobile Device Service
InternalName : usbaapld
LegalCopyright : Copyright 2007 Apple, Inc. All Rights Reserved.
OriginalFilename : usbmuxd.exe

#:16 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 1480
ThreadCreationTime : 24-11-2007 22:35:14
BasePriority : Normal
FileVersion : 3.0.0.171
ProductVersion : 3.0.0.171
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:17 [btntservice.exe]
FilePath : C:\Program Files\IVT Corporation\BlueSoleil\
ProcessID : 1504
ThreadCreationTime : 24-11-2007 22:35:14
BasePriority : High


#:18 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1580
ThreadCreationTime : 24-11-2007 22:35:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [navapsvc.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ProcessID : 1560
ThreadCreationTime : 24-11-2007 22:35:16
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:20 [hpzipm12.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1784
ThreadCreationTime : 24-11-2007 22:35:17
BasePriority : Normal
FileVersion : 10, 1, 1, 5
ProductVersion : 10, 1, 1, 5
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:21 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1820
ThreadCreationTime : 24-11-2007 22:35:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [wmpnetwk.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 212
ThreadCreationTime : 24-11-2007 22:35:23
BasePriority : Normal
FileVersion : 11.0.5721.5145 (WMP_11.061018-2006)
ProductVersion : 11.0.5721.5145
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player Network Sharing Service
InternalName : Windows Media Player Network Sharing Service
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPNetwk.exe

#:23 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1896
ThreadCreationTime : 24-11-2007 22:35:36
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:24 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 3212
ThreadCreationTime : 24-11-2007 22:45:55
BasePriority : Normal
FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
ProductVersion : 6.00.2900.3156
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:25 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 3780
ThreadCreationTime : 24-11-2007 22:46:24
BasePriority : Normal
FileVersion : 0.1.0.3275
ProductVersion : 0.1.0.3275
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:26 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 3784
ThreadCreationTime : 24-11-2007 22:46:24
BasePriority : Normal
FileVersion : 7.2
ProductVersion : QuickTime 7.2
ProductName : QuickTime
CompanyName : Apple Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Inc. 1989-2007
OriginalFilename : QTTask.exe

#:27 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 3904
ThreadCreationTime : 24-11-2007 22:46:25
BasePriority : Normal
FileVersion : 7.4.3.1
ProductVersion : 7.4.3.1
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2007 Apple Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:28 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.6.0\bin\
ProcessID : 3972
ThreadCreationTime : 24-11-2007 22:46:26
BasePriority : Normal


#:29 [regsvr32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3460
ThreadCreationTime : 24-11-2007 22:46:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft© Register Server
InternalName : REGSVR32
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : REGSVR32.EXE

#:30 [scprot4.exe]
FilePath : C:\Program Files\SecCenter\
ProcessID : 3504
ThreadCreationTime : 24-11-2007 22:46:30
BasePriority : Normal


#:31 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 3768
ThreadCreationTime : 24-11-2007 22:46:31
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:32 [dumprep.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3864
ThreadCreationTime : 24-11-2007 22:46:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Error Reporting Dump Reporting Tool
InternalName : DUMPREP.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : DUMPREP.EXE

#:33 [wakeservice.exe]
FilePath : C:\Program Files\WinZix\
ProcessID : 1688
ThreadCreationTime : 24-11-2007 22:46:32
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : WakeService
CompanyName : WakeNet
FileDescription : Service utility
InternalName : WakeService.exe
LegalCopyright : © WakeNet. All rights reserved.
OriginalFilename : WakeService.exe

#:34 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2272
ThreadCreationTime : 24-11-2007 22:46:55
BasePriority : Normal
FileVersion : 7.4.3.1
ProductVersion : 7.4.3.1
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2007 Apple Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:35 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1100
ThreadCreationTime : 24-11-2007 22:47:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:36 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2444
ThreadCreationTime : 24-11-2007 22:48:36
BasePriority : Normal


#:37 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3736
ThreadCreationTime : 24-11-2007 22:51:03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:38 [remote.exe]
FilePath : C:\Program Files\TVR\
ProcessID : 3552
ThreadCreationTime : 24-11-2007 22:56:15
BasePriority : Normal
FileVersion : 3.35
ProductVersion : 3.35
ProductName : RemoteControl
FileDescription : RemoteControl
InternalName : RemoteControl
LegalCopyright : Copyright © 2005
OriginalFilename : RemoteControl.EXE

#:39 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 3608
ThreadCreationTime : 24-11-2007 23:10:13
BasePriority : Normal
FileVersion : 6.2.0.238
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@tickle[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : D:\Documents and Settings\Account.3311 (Retrieved after unexpected restart.)\Cookies\user@tickle[1].txt

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38


Deep scanning and examining files (K:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@0[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@0[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@0[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@0[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@0[4].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@0[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@apmebf[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@apmebf[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@as-eu.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@as-eu.falkag[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@as-eu.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@as-eu.falkag[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@as-eu.falkag[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@as-eu.falkag[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@bluestreak[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@bluestreak[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@bs.serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@bs.serving-sys[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@clickbank[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@clickbank[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@cs.sexcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@cs.sexcounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@domainsponsor[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@domainsponsor[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@edge.ru4[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@edge.ru4[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@edge.ru4[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@edge.ru4[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@ehg-adidas.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@ehg-adidas.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@ehg-autotrader.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@ehg-autotrader.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@landing.domainsponsor[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@landing.domainsponsor[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@list[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@list[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@live365[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@phg.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@phg.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@rambler[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@rambler[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@real[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@real[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@real[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@real[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@real[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@real[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@sel.as-eu.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@sel.as-eu.falkag[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@serving-sys[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@specificclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@specificclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@statcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@statcounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@tickle[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@tickle[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@tickle[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@tickle[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@tradedoubler[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@tribalfusion[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@weborama[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@weborama[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@www.intelli-tracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@www.intelli-tracker[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@www.stopzilla[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@www.stopzilla[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matthew@www3.paypopup[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Matthew\Cookies\matthew@www3.paypopup[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@247realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@2o7[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@2o7[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@adrevolver[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@adrevolver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@adrevolver[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@adrevolver[4].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@adrevolver[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@ads.pointroll[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@ads.pointroll[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@ads.pointroll[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@adserver.adremedy[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@adserver.adremedy[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@adserver.tibaco[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@adserver.tibaco[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@adtech[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@advertising[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@advertising[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@adviva[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@adviva[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@apmebf[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@apmebf[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@as-eu.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@as-eu.falkag[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@bfast[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@bfast[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@casalemedia[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@casalemedia[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@counter5.sextracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@counter5.sextracker[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@cs.sexcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@cs.sexcounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@doubleclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@edge.ru4[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@edge.ru4[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@ehg-adidas.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@ehg-adidas.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@ehg-boltmedia.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@ehg-boltmedia.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@ehg-hollywoodmedia.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@ehg-hollywoodmedia.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@ehg-warnerbrothers.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@ehg-warnerbrothers.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@fastclick[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@fastclick[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@media.fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@media.fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@mediaplex[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@mediaplex[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@qksrv[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@qksrv[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@questionmarket[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@questionmarket[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@real[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@real[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@revenue[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@revenue[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@serving-sys[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@serving-sys[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@sextracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@sextracker[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@statcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@statcounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@statse.webtrendslive[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@statse.webtrendslive[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@tickle[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@tickle[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@tradedoubler[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@tradedoubler[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@tribalfusion[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@valueclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@valueclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@vdn.valuead[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@vdn.valuead[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@www.clickedyclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@www.clickedyclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@xml.bravenetmedianetwork[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@xml.bravenetmedianetwork[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@zedo[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Cookies\sandra@zedo[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : K:\F. Documents and Settings\Sandra\Local Settings\Temp\Cookies\sandra@doubleclick[1].txt

Disk Scan Result for K:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 140


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 140




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 140

23:56:33 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:45:58.594
Objects scanned:237045
Objects identified:103
Objects ignored:0
New critical objects:103

Hello.mmaatttt & Welcome

Sorry for the hold-up in getting help. Run this tool for me.


Please download
VundoFix.exe
to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files,
click YES
Once you click yes, your desktop will go blank as it starts removing
Vundo.
When completed, it will prompt that it will reboot your computer,
click OK.
Please post the contents of C:\vundofix.txt

Gogo

Hi HJThis,

The XP logon screen is back and no more error pop-ups. Windows still takes a while to "load personal settings" after entering password from that screen though.

Once i've logged in a error pops-up "Windows Logon UI encountered a problem and needed to close..."
Technical information about this error report include the following files...

D:\DOCUME~1\user\LOCALS~1\Temp\WER6cf2.dir00\logonui.exe.mdmp
D:\DOCUME~1\user\LOCALS~1\Temp\WER6cf2.dir00\appcompat.txt


Also when I try to run certain "Right-Click" functions an error pops-up:

"Windows cannot find 'C:\windows\system32\rundll32.exe\'. Make sure you typed the name correctly and then try again. To search for a file, click the start button, and then click search.


Here is the information you asked for...

VUNDUFIX.TXT


VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 11:59:18 25/11/2007

Listing files found while scanning....

C:\windows\system32\drvtugr.dll

Beginning removal...

Attempting to delete C:\windows\system32\drvtugr.dll
C:\windows\system32\drvtugr.dll Has been deleted!

Performing Repairs to the registry.
Done!


mmaatttt

Anyone???

BUMP

Hi.mmaatttt

Sorry some how I lost you in here. Do this for me next please.

Please download Deckard's System Scanner (DSS) to your Desktop.

[*]Close all applications and windows.
[*]Double-click on DSS.exe to run it, and follow the prompts.
[*]The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.


=====================

NOTE: Before you do the above fix. Go to Start >> Control Panel and uninstall all of these here.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Then run the DSS tool.

Gogo

I cannot run Add/Remove programs, from Control Panel!

Error

"Windows cannot find 'C:\WINDOWS\system32\rundll32.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

Hi.mmaatttt

Try this donwload it from here and place it into the C:\Windows\System32 folder. Then uninstall the Java old Vers that is. And run DSS show me log.

Gogo

OK here we go...

MAIN

Deckard's System Scanner v20071014.68
Run by user on 2007-11-27 00:31:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-11-27 00:31:41 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:35:35, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
D:\Documents and Settings\user\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll
O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jibupqne] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\jibupqne.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Key Generator\isamonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 9655 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R0 UNPR - c:\windows\system32\unpr.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S2 OMSCAN - \sys? (file missing)
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys (file missing)
S3 Via4in1 - c:\via4in1.sys (file missing)
S3 XBCD (XBCD Kernel Module) - c:\windows\system32\drivers\xbcd.sys <Not Verified; Redcl0ud; XBCD>
S3 xbreader (MaxDrive XBox Driver (xbreader.sys)) - c:\windows\system32\drivers\xbreader.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe

S2 MySql - c:/xampp/mysql/bin/mysqld-nt.exe
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S4 GB-PVR Recording Service - "c:\program files\devnz\gbpvr\gbpvrrecordingservice.exe"
S4 StarWindService (StarWind iSCSI Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-21 23:38:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-12-27 10:59:40 258 --a------ C:\WINDOWS\Tasks\Registration reminder 1.job


-- Files created between 2007-10-27 and 2007-11-27 -----------------------------

2007-11-27 00:31:26 0 d-------- D:\Deckard
2007-11-26 16:52:48 0 d-------- C:\WINDOWS\LastGood
2007-11-25 21:22:46 0 d-------- D:\Documents and Settings\user\Application Data\Adobe
2007-11-25 12:28:50 0 d-------- D:\Documents and Settings\user\Application Data\Apple Computer
2007-11-25 01:31:40 317 --ahs---- C:\WINDOWS\system32\tstwa.ini2
2007-11-25 00:44:57 0 d-------- D:\Documents and Settings\user\Application Data\Sun
2007-11-25 00:26:18 0 d-------- C:\Program Files\Trend Micro
2007-11-24 23:04:29 0 d-------- D:\Documents and Settings\user\Application Data\Lavasoft
2007-11-24 22:51:03 14654 --ahs---- C:\WINDOWS\system32\rtstv.ini2
2007-11-24 22:46:35 0 d-------- D:\Documents and Settings\user\Application Data\AdobeUM
2007-11-24 22:33:19 0 d--hs---- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Cookies
2007-11-24 22:33:19 0 d-------- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data
2007-11-24 22:33:19 0 d---s---- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft
2007-11-24 22:33:18 0 d--h----- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings
2007-11-24 22:33:17 786432 --ah----- D:\Documents and Settings\LocalService.NT AUTHORITY.000\NTUSER.DAT
2007-11-24 22:33:10 0 d--hs---- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Cookies
2007-11-24 22:33:10 0 d-------- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data
2007-11-24 22:33:10 0 d---s---- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\Microsoft
2007-11-24 22:33:09 0 d--h----- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings
2007-11-24 22:33:08 786432 --ah----- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT
2007-11-24 22:31:03 0 d-------- D:\Documents and Settings\user\Desktop
2007-11-24 22:31:03 0 d-------- D:\Documents and Settings\user\Application Data\vlc
2007-11-24 22:31:01 0 d-------- D:\Documents and Settings\user\Recent
2007-11-24 22:30:58 0 d-------- D:\Documents and Settings\user\Start Menu
2007-11-24 22:30:57 0 d-------- D:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2007-11-24 22:28:24 0 d-------- C:\Program Files\Dcads Games Collection
2007-11-24 22:28:17 0 d-------- C:\Program Files\Img2CAD
2007-11-24 22:28:14 0 d-------- C:\Program Files\Security Task Manager
2007-11-24 22:14:38 0 d-------- C:\Program Files\Security Task Manager(2)
2007-11-24 22:02:37 0 d-------- D:\Documents and Settings\user\Application Data\Mozilla
2007-11-24 21:53:18 0 dr------- D:\Documents and Settings\user\Favorites
2007-11-24 21:53:18 0 d--hs---- D:\Documents and Settings\user\Cookies
2007-11-24 21:53:18 0 d-------- D:\Documents and Settings\user\Application Data
2007-11-24 21:53:18 0 d-------- D:\Documents and Settings\user\Application Data\Real
2007-11-24 21:53:18 0 d-------- D:\Documents and Settings\user\Application Data\Macromedia
2007-11-24 21:53:17 0 d-------- D:\Documents and Settings\user\Templates
2007-11-24 21:53:17 0 d-------- D:\Documents and Settings\user\SendTo
2007-11-24 21:53:17 0 d--h----- D:\Documents and Settings\user\NetHood
2007-11-24 21:53:17 0 dr------- D:\Documents and Settings\user\My Documents
2007-11-24 21:53:17 0 d--h----- D:\Documents and Settings\user\Local Settings
2007-11-24 10:38:12 41591 --ahs---- C:\WINDOWS\system32\llkkj.ini2
2007-11-24 00:02:27 9863168 --a------ D:\Documents and Settings\user\ntuser.dat
2007-11-24 00:02:14 6490 --ahs---- C:\WINDOWS\system32\pstwa.ini2
2007-11-24 00:01:48 102912 --a------ C:\WINDOWS\system32\drvtug.dll
2007-11-24 00:01:37 0 --a------ C:\WINDOWS\system32\ddcawts.dll
2007-11-24 00:01:20 0 d-------- C:\WINDOWS\system32\vgfddwtv
2007-11-24 00:01:20 0 d-------- C:\Program Files\SecCenter
2007-11-24 00:01:06 131072 --a------ D:\Documents and Settings\All Users\Application Data\jibupqne.dll
2007-11-24 00:01:05 0 d-------- C:\Program Files\Gfkgzmsb
2007-11-23 23:59:36 0 d-------- C:\Program Files\ngbmpgnc
2007-11-23 23:58:49 2432 --a------ C:\WINDOWS\system32\unpr.sys
2007-11-23 23:52:30 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2007-11-23 23:52:30 16512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2007-11-20 14:02:06 0 d-------- C:\Program Files\MSBuild
2007-11-20 13:57:46 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-11-20 13:56:36 0 d-------- C:\Program Files\Reference Assemblies
2007-11-19 15:18:36 208896 --a------ C:\WINDOWS\system32\nsx237.dll
2007-11-14 17:47:18 0 d-------- D:\Documents and Settings\Account.3311 (Retrieved after unexpected restart.)\Application Data\MSNInstaller
2007-11-10 23:39:51 40731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-10 23:39:10 80105 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-11-08 23:18:43 0 d-------- C:\Program Files\TrustyFiles
2007-11-08 20:25:33 0 d-------- D:\Documents and Settings\Account.3311 (Retrieved after unexpected restart.)\Application Data\BitSpirit
2007-11-08 20:11:44 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-11-08 20:10:38 0 d-------- C:\Program Files\BitSpirit
2007-11-08 20:08:41 0 d-------- C:\Program Files\BitComet
2007-11-08 19:25:16 0 d-------- C:\Program Files\PCPitstop
2007-11-07 16:59:13 0 d-a------ C:\Program Files\WinZix
2007-11-05 12:35:36 65024 --a------ C:\WINDOWS\system32\spads.dll
2007-11-03 00:14:30 0 d-------- C:\Program Files\HTTP-Tunnel


-- Find3M Report ---------------------------------------------------------------

2007-11-27 00:30:51 0 d-------- C:\Program Files\Java
2007-11-26 11:54:35 0 d-------- C:\Program Files\Common Files
2007-11-25 12:10:03 28672 -----n--- C:\WINDOWS\system32\verclsid.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-25 02:25:17 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-24 01:37:20 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-23 23:52:07 0 d-------- C:\Program Files\ImTOO
2007-11-18 23:20:30 0 d-------- C:\Program Files\Winamp
2007-11-11 12:28:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-11 12:06:44 0 d-------- C:\Program Files\Activision
2007-11-03 00:11:12 2548 --a------ C:\WINDOWS\mozver.dat
2007-10-24 18:27:29 0 d-------- C:\Program Files\SSH Tunnel
2007-10-24 13:51:48 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-24 13:40:19 0 d-------- C:\Program Files\LimeWire
2007-10-24 07:33:20 0 d-------- C:\Program Files\Artlantis Studio
2007-10-24 07:11:10 0 d-------- C:\Program Files\Graphisoft
2007-10-17 17:23:24 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>
2007-10-06 18:15:08 0 d-------- C:\Program Files\IVT Corporation
2007-10-06 17:35:03 724992 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-10-06 17:29:25 0 d-------- C:\Program Files\TVersity
2007-10-06 16:21:14 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-06 10:41:37 0 d-------- C:\Program Files\iTunes
2007-10-06 10:41:21 0 d-------- C:\Program Files\iPod
2007-10-06 09:54:09 0 d-------- C:\Program Files\FlashFXP
2007-10-06 01:48:48 0 d-------- C:\Program Files\SatelliteTVforPC
2007-10-06 00:29:03 0 d-------- C:\Program Files\Datel
2007-10-06 00:27:44 0 d-------- C:\Program Files\XBCD
2007-10-03 20:12:09 0 d-------- C:\Program Files\Fire International
2007-09-30 19:22:06 0 d-------- C:\Program Files\Symantec
2007-09-18 23:19:24 4 --a------ C:\WINDOWS\IEdate.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote"="C:\Program Files\TVR\Remote.exe" [25/11/2007 12:07]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 17:32]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [25/11/2007 12:07]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [25/11/2007 12:07]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/12/2005 04:37]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [25/11/2007 12:07]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [30/09/2007 19:21]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 13:42]
"jibupqne"="regsvr32 /u D:\Documents and Settings\All Users\Application Data\jibupqne.dll" []
"SC2"="C:\Program Files\SecCenter\scprot4.exe" [25/11/2007 12:07]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [24/10/2007 07:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamini.exe"=C:\Program Files\Key Generator\isamonitor.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [19/01/2007 21:51 77824]
"{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\iiffccd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/10/2006 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffccd]
iiffccd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\awtst

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EACHITCHBATLOCKS]
D:\Documents and Settings\All Users\Application Data\TWOHOLDEACHITCH\Web Noun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flag love]
D:\DOCUME~1\user\APPLIC~1\OOZEON~1\Ace user.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]
"C:\Program Files\TVR\RecSche.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]
C:\W

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]
C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl]
C:\WINDOWS\WDVRCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindService"=2 (0x2)
"SAVScan"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"ISSVC"=2 (0x2)
"IDriverT"=3 (0x3)
"GB-PVR Recording Service"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
"AOL ACS"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef4922-f755-11db-81f8-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a




-- Hosts -----------------------------------------------------------------------

127.0.0.1 NtKrnlpa.info


-- End of Deckard's System Scanner: finished at 2007-11-27 00:37:08 ------------

EXTRA

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron™ Processor 3000+
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 703.48 MiB / 419.56 MiB
Pagefile Memory (total/avail): 1174.78 MiB / 913.4 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.04 MiB

C: is Fixed (NTFS) - 22.23 GiB total, 5.44 GiB free.
D: is Fixed (NTFS) - 44.48 GiB total, 3.35 GiB free.
E: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)
K: is Fixed (NTFS) - 465.76 GiB total, 431.8 GiB free.
L: is CDROM (No Media)
M: is Removable (No Media)
Z: is Fixed (NTFS) - 114.49 GiB total, 11.02 GiB free.

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 7.81 GiB
\PARTITION1 (bootable) - Installable File System - 22.23 GiB - C:
\PARTITION2 - Installable File System - 44.48 GiB - D:

\\.\PHYSICALDRIVE1 - ST350063 0AS SCSI Disk Device - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - K:

\\.\PHYSICALDRIVE6 - Maxtor 6Y120L0 USB Device - 114.49 GiB - 1 partition
\PARTITION0 - Installable File System - 114.49 GiB - Z:

\\.\PHYSICALDRIVE3 - NEODIO USB Storage-CFC USB Device

\\.\PHYSICALDRIVE2 - NEODIO USB Storage-MMC USB Device

\\.\PHYSICALDRIVE5 - NEODIO USB Storage-MSC USB Device

\\.\PHYSICALDRIVE4 - NEODIO USB Storage-SMC USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Norton Internet Security v2005 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"="C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe:*:Enabled:Anapod Xtreamer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1171300940\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1171300940\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1171300940\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1171300940\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"D:\\Documents and Settings\\user\\Desktop\\utorrent.exe"="D:\\Documents and Settings\\user\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"D:\\DOCUME~1\\user\\LOCALS~1\\Temp\\winBC.exe"="D:\\DOCUME~1\\user\\LOCALS~1\\Temp\\winBC.exe:*:Enabled:winBC"
"D:\\Documents and Settings\\user\\Local Settings\\Temp\\winD4.exe"="D:\\Documents and Settings\\user\\Local Settings\\Temp\\winD4.exe:*:Enabled:UK Provider"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\user\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=049657420245
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\49657420245
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=D:\DOCUME~1\user\LOCALS~1\Temp
TMP=D:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=049657420245
USERNAME=user
USERPROFILE=D:\Documents and Settings\user
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user (admin)
Microsoft (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
--> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
--> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
--> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Learn2.com\StRunner\stuninst.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{8B543A39-9401-44F4-B572-069E64C15189}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
--> VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
ActionReplay Xbox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Datel\ActionReplay Xbox\Uninst.isu"
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
AiO_Scan_CDA -->
AiOSoftwareNPI -->
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArchiCAD 11 INT --> C:\Program Files\Graphisoft\ArchiCAD 11\Uninstall.AC\uninstaller.exe
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
Artlantis Studio 1.2 --> C:\Program Files\Artlantis Studio\uninst.exe
Athens Toolbar --> MsiExec.exe /I{E79734B1-B505-42E6-B6AF-65D049C503B0}
AutoCAD 2007 - English --> MsiExec.exe /I{5783F2D7-5001-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
Azureus --> C:\Program Files\Azureus\Uninstall.exe
BitComet 0.96 --> C:\Program Files\BitComet\uninst.exe
BitSpirit v3.3.1.232 Stable --> "C:\Program Files\BitSpirit\unins000.exe"
BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9
Browser Optimizer Dcads --> C:\WINDOWS\system32\dcads-remove.exe
Browser Optimizer Superiorads --> C:\WINDOWS\system32\superiorads-uninst.exe
BufferChm -->
Call of Duty® 2 -->
Call of Duty® 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
Call of Duty® 2 Patch 1.3 -->
Call of Duty® 4 - Modern Warfare™ Demo --> C:\Program Files\InstallShield Installation Information\{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}\setup.exe -runfromtemp -l0x0409
CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CP_Package_Variety1 -->
CP_Package_Variety2 -->
CP_Package_Variety3 -->
CustomerResearchQFolder -->
DawnOfWar -->
DawnOfWar --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B}
Dcads Games Collection --> C:\Program Files\Dcads Games Collection\uninstall.exe
Destinations -->
DeviceManagementQFolder -->
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DocProc -->
Donald Trump´s Real Estate Tycoon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A8D8F09-75CB-4BB4-8384-9E94B5BAF542}\setup.exe"
eSupportQFolder -->
F300 -->
F300_Help -->
F300Trb -->
Fax_CDA -->
ffdshow --> "C:\Program Files\ffdshow\uninstall.exe"
Fighting Fit --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Europress\Fighting Fit\Uninst.isu"
FlashFXP v3 --> "C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
GB-PVR --> MsiExec.exe /X{1E1C56B2-9172-4416-A429-30A793B213D9}
GiPo@MoveOnBoot 1.9.5 --> MsiExec.exe /I{9F185C48-595B-401A-A1D6-AAB324890DC4}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 Exporters --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}\setup.exe" -l0x9 -removeonly
Google SketchUp LayOut 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C12D609B-EB71-411B-82C3-9BE6D40435D7}\setup.exe" -l0x9 -removeonly
Google SketchUp Pro 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Extended Capabilities 6.1 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 6.1 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP USB Disk Storage Format Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9
HPProductAssistant -->
Img2CAD 1.0 --> "C:\Program Files\Img2CAD\unins000.exe"
ImTOO DVD to iPod Converter --> C:\Program Files\ImTOO\DVD to iPod Converter 4\Uninstall.exe
iPod for Windows 2006-01-10 -->
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iPod movie Converter 3 --> C:\Program Files\ImTOO\iPod movie Converter 3\Uninstall.exe
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Lavasoft Reghance 2.1 --> C:\PROGRA~1\LAVASO~1\UNWISE.EXE C:\PROGRA~1\LAVASO~1\INSTALL.LOG
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Macromedia Shockwave Player --> MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
MarketResearch -->
MediaPortal --> MsiExec.exe /I{E95FD367-B0A7-420B-A95A-E8888D3C0C99}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft IntelliPoint 5.2 -->
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML 6.0 SDK --> MsiExec.exe /I{DF67E8C2-1D4C-44E1-93DC-7E26E2D74D00}
NewCopy_CDA -->
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
OfficeForms Filler --> MsiExec.exe /I{BEC1E8D2-5A1D-49EA-B9BC-5AEC613BF07D}
OpenOffice.org 2.0 --> MsiExec.exe /I{BF4C2438-CAFF-4DB0-BB77-48BB1781F313}
Platform -->
ProductContextNPI -->
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Readme -->
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
REALTEK GbE & FE Ethernet PCI NIC Driver --> C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x0009 -removeonly
S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
S3 S3TrayPlus --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3TrayPlus'
S3GSetup -->
Scan -->
ScannerCopy -->
Scratch LIVE 1.5 (1517) --> MsiExec.exe /I{00185E7B-E2DE-48D6-A125-584B18F59E5D}
Security Task Manager 1.7 --> C:\Program Files\Security Task Manager\Uninstal.exe "D:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype 2.0 --> "c:\apps\skype\phone\unins000.exe"
SolutionCenter -->
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sony Ericsson DRM Packager 1.35 --> C:\Program Files\Sony Ericsson\DRM Packager\Uninstall.exe
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Status -->
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Network Drivers Update -->
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
System Requirements Lab --> C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe
Toolbox -->
TrayApp -->
TrustyFiles 3.1.0.22 --> "C:\Program Files\TrustyFiles\unins000.exe"
TVR --> C:\Program Files\TVR\Uninstal.EXE
Tweak-SE plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\tweakse\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\tweakse\INSTALL.LOG
UK Driving Secrets Guide --> "C:\Program Files\UK Driving Secrets Guide\unins000.exe"
Uniblue Registry Booster --> "C:\Program Files\Uniblue\Registry Booster\unins000.exe"
UniChrome Pro IGP Display Driver and Utilities --> C:\PROGRA~1\S3\S3\s3setvga.exe -s -fC:\PROGRA~1\S3\S3\S3.uns
Unload -->
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA/S3G Display Driver --> C:\PROGRA~1\VIA\UChromeP\s3minset.exe /u C:\PROGRA~1\VIA\UChromeP\UChromeP.uns
VIA/S3G Display Driver 6.14.10.0333 --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebFldrs XP -->
WebReg -->
Wii Video 9 1.94 --> C:\Program Files\Red Kawa\Video Converter\uninst.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinAVI 3GP MP4 PSP iPod Video Converter v2.0 ÁcÅ餤¤å¤Æª© --> C:\Program Files\WinAVI MP4 Converter\Uninstall WinAVI MP4 Converter.exe
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Vista Upgrade Advisor --> MsiExec.exe /I{B79FBFDD-8B0C-4B8E-B70E-499E39978281}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XAMPP 1.6.3a --> "c:\xampp\uninstall.exe"
XBCD 1.07 --> C:\Program Files\XBCD\uninst.exe
XML Paper Specification Shared Components Pack 1.0 -->
Zone Media --> D:\DOCUME~1\user\APPLIC~1\OOZEON~1\Ace user.exe -uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type17113 / Error
Event Submitted/Written: 11/27/2007 00:36:03 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type17112 / Error
Event Submitted/Written: 11/27/2007 00:35:50 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Event Record #/Type17096 / Error
Event Submitted/Written: 11/26/2007 11:55:05 AM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application logonui.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x005f0406.
Error in creating result PEAP-TLV in response to received PEAP-TLV (logonui.exe!ld!)

Event Record #/Type17095 / Error
Event Submitted/Written: 11/26/2007 11:55:03 AM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application logonui.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x005f0406.
Error in creating result PEAP-TLV in response to received PEAP-TLV (logonui.exe!ld!)

Event Record #/Type17094 / Error
Event Submitted/Written: 11/26/2007 11:54:59 AM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application logonui.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x005f0406.
Error in creating result PEAP-TLV in response to received PEAP-TLV (logonui.exe!ld!)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35109 / Error
Event Submitted/Written: 11/27/2007 00:34:11 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Event Record #/Type35108 / Error
Event Submitted/Written: 11/27/2007 00:34:06 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Event Record #/Type35103 / Error
Event Submitted/Written: 11/27/2007 00:29:37 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type35100 / Error
Event Submitted/Written: 11/27/2007 00:29:35 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type35097 / Error
Event Submitted/Written: 11/27/2007 00:29:35 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2007-11-27 00:37:08 ------------

Hi.mmaatttt

Download SDFix and save it to your Desktop.

* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

* Reboot into Safe Mode: ( without networking support !)
°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.
Choose Safe Mode from the menu that will appear and press Enter.

* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
* Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

========================

Then run this tool.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter". A text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.

=======================

After come back here with all logs.

Gogo

SDFix REPORT.TXT


SDFix: Version 1.115

Run by user on 27/11/2007 at 01:52

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File


and Hijack This report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:04:00, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll
O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jibupqne] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\jibupqne.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 9692 bytes

SMITFRAUDFIX Report

SmitFraudFix v2.256

Scan done at 2:05:56.00, 27/11/2007
Run from D:\Documents and Settings\user\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» D:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\user


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\user\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\user\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E7D2ACA9-660B-4D57-BF53-EFA67E229295}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E7D2ACA9-660B-4D57-BF53-EFA67E229295}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E7D2ACA9-660B-4D57-BF53-EFA67E229295}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Hey.mmaatttt

Hm odd SDFix did not get the files I was hoping for. Run this tool for me.

Download ComboFix from Here or Here to your Desktop.

[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Gogo

ComboFix 07-11-19.4 - user 2007-11-27 2:18:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.362 [GMT 0:00]
Running from: D:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet explorer\iekey.dll
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\WINDOWS\system32\nsx237.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
.

2007-11-27 02:05 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-27 02:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-27 02:05 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-27 01:43 1,582 --a------ D:\Documents and Settings\user\clean.reg
2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\dllcache\rundll32.exe
2007-11-25 12:28 <DIR> d-------- D:\Documents and Settings\user\Application Data\Apple Computer
2007-11-25 11:59 <DIR> d-------- C:\VundoFix Backups
2007-11-25 00:26 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-24 23:04 <DIR> d-------- D:\Documents and Settings\user\Application Data\Lavasoft
2007-11-24 22:51 57,701 --ahs---- C:\WINDOWS\system32\rtstv.ini
2007-11-24 22:51 14,654 --ahs---- C:\WINDOWS\system32\rtstv.ini2
2007-11-24 22:46 <DIR> d-------- D:\Documents and Settings\user\Application Data\AdobeUM
2007-11-24 22:31 <DIR> d-------- D:\Documents and Settings\user\Application Data\vlc
2007-11-24 22:30 <DIR> d-------- D:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2007-11-24 22:28 <DIR> d-------- C:\Program Files\Security Task Manager
2007-11-24 22:28 <DIR> d-------- C:\Program Files\Img2CAD
2007-11-24 22:28 <DIR> d-------- C:\Program Files\Dcads Games Collection
2007-11-24 22:14 <DIR> d-------- C:\Program Files\Security Task Manager(2)
2007-11-24 10:38 41,591 --ahs---- C:\WINDOWS\system32\llkkj.ini2
2007-11-24 00:02 6,490 --ahs---- C:\WINDOWS\system32\pstwa.ini2
2007-11-24 00:02 317 --ahs---- C:\WINDOWS\system32\pstwa.ini
2007-11-24 00:01 <DIR> d-------- C:\WINDOWS\system32\vgfddwtv
2007-11-24 00:01 <DIR> d-------- C:\Program Files\Gfkgzmsb
2007-11-24 00:01 131,072 --a------ D:\Documents and Settings\All Users\Application Data\jibupqne.dll
2007-11-24 00:01 102,912 --a------ C:\WINDOWS\system32\drvtug.dll
2007-11-23 23:59 <DIR> d-------- C:\Program Files\ngbmpgnc
2007-11-23 23:58 20,992 --------- C:\WINDOWS\system32\winbug32.dll_tobedeleted_old
2007-11-23 23:52 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-11-23 23:52 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-11-20 14:02 <DIR> d-------- C:\Program Files\MSBuild
2007-11-20 13:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-11-20 13:56 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-11-20 13:55 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-11-20 13:25 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-11-20 13:25 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-11-10 23:39 80,105 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-11-08 23:18 <DIR> d-------- C:\Program Files\TrustyFiles
2007-11-08 20:11 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-11-08 20:10 <DIR> d-------- C:\Program Files\BitSpirit
2007-11-08 20:08 <DIR> d-------- C:\Program Files\BitComet
2007-11-08 19:25 <DIR> d-------- C:\Program Files\PCPitstop
2007-11-07 16:59 <DIR> d-a------ C:\Program Files\WinZix
2007-11-05 12:35 65,024 --a------ C:\WINDOWS\system32\spads.dll
2007-11-03 00:14 <DIR> d-------- C:\Program Files\HTTP-Tunnel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 00:30 --------- d-----w C:\Program Files\Java
2007-11-25 02:25 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-11-24 22:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-11-24 01:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-23 23:52 --------- d-----w C:\Program Files\ImTOO
2007-11-18 23:20 --------- d-----w C:\Program Files\Winamp
2007-11-11 12:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 12:06 --------- d-----w C:\Program Files\Activision
2007-10-24 18:27 --------- d-----w C:\Program Files\SSH Tunnel
2007-10-24 13:51 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-24 13:40 --------- d-----w C:\Program Files\LimeWire
2007-10-24 07:33 --------- d-----w C:\Program Files\Artlantis Studio
2007-10-24 07:11 --------- d-----w C:\Program Files\Graphisoft
2007-10-06 18:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\Bluetooth
2007-10-06 18:15 --------- d-----w C:\Program Files\IVT Corporation
2007-10-06 17:35 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-10-06 17:29 --------- d-----w C:\Program Files\TVersity
2007-10-06 16:21 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-06 10:41 --------- d-----w C:\Program Files\iTunes
2007-10-06 10:41 --------- d-----w C:\Program Files\iPod
2007-10-06 09:54 --------- d-----w C:\Program Files\FlashFXP
2007-10-06 01:48 --------- d-----w C:\Program Files\SatelliteTVforPC
2007-10-06 00:29 --------- d-----w C:\Program Files\Datel
2007-10-06 00:27 --------- d-----w C:\Program Files\XBCD
2007-10-03 20:12 --------- d-----w C:\Program Files\Fire International
2007-10-03 20:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\FlashFXP
2007-09-30 19:22 --------- d-----w C:\Program Files\Symantec
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote"="C:\Program Files\TVR\Remote.exe" [2007-11-25 12:07]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2007-11-25 12:07]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-25 12:07]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-01 04:37]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-25 12:07]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-30 19:21]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-10-24 07:09]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-01-19 21:51 77824]
"{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\iiffccd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffccd]
iiffccd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EACHITCHBATLOCKS]
D:\Documents and Settings\All Users\Application Data\TWOHOLDEACHITCH\Web Noun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flag love]
D:\DOCUME~1\user\APPLIC~1\OOZEON~1\Ace user.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-12-15 10:18 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2004-06-03 01:50 204800 --a------ C:\Program Files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 02:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]
2005-05-23 08:44 450560 --a------ C:\Program Files\TVR\RecSche.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]
C:\W

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2005-05-31 01:04 1415824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2007-01-19 21:51 1310720 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]
C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl]
C:\WINDOWS\WDVRCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 20:05 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindService"=2 (0x2)
"SAVScan"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"ISSVC"=2 (0x2)
"IDriverT"=3 (0x3)
"GB-PVR Recording Service"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
"AOL ACS"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef4922-f755-11db-81f8-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-11-21 23:38:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-12-27 10:59:40 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 02:23:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"
.
Completion time: 2007-11-27 2:23:54 - machine was rebooted
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:27:34, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll
O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 9330 bytes

Hi.mmaatttt

Nice work now I'm going to have you run one more tool, for me.

Please download
VundoFix.exe
to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files,
click YES
Once you click yes, your desktop will go blank as it starts removing
Vundo.
When completed, it will prompt that it will reboot your computer,
click OK.
Please post the contents of C:\vundofix.txt

=======================

Now after you run this tool, Run the ComboFix once more. Then come back here with the Vundofix.txt and ComboFix.txt also a new HijackThis log.

Gogo

VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 11:59:18 25/11/2007

Listing files found while scanning....

C:\windows\system32\drvtugr.dll

Beginning removal...

Attempting to delete C:\windows\system32\drvtugr.dll
C:\windows\system32\drvtugr.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.6.2

Checking Java version...

Scan started at 02:43:34 27/11/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...


COMBOFIX

ComboFix 07-11-19.4 - user 2007-11-27 2:52:55.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.374 [GMT 0:00]
Running from: D:\Documents and Settings\user\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
.

2007-11-27 02:50 32,256 --a------ C:\WINDOWS\system32\OLD20.tmp
2007-11-27 02:50 15,872 --a------ C:\WINDOWS\system32\OLD14.tmp
2007-11-27 02:50 8,192 --a------ C:\WINDOWS\system32\OLD1A.tmp
2007-11-27 02:49 <DIR> d-------- C:\WINDOWS\LastGood
2007-11-27 02:49 20,992 --a------ C:\WINDOWS\system32\OLDB.tmp
2007-11-27 02:05 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-27 02:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-27 02:05 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-27 01:43 1,582 --a------ D:\Documents and Settings\user\clean.reg
2007-11-27 01:36 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\dllcache\rundll32.exe
2007-11-25 12:28 <DIR> d-------- D:\Documents and Settings\user\Application Data\Apple Computer
2007-11-25 11:59 <DIR> d-------- C:\VundoFix Backups
2007-11-25 00:26 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-24 23:04 <DIR> d-------- D:\Documents and Settings\user\Application Data\Lavasoft
2007-11-24 22:51 57,701 --ahs---- C:\WINDOWS\system32\rtstv.ini
2007-11-24 22:51 14,654 --ahs---- C:\WINDOWS\system32\rtstv.ini2
2007-11-24 22:46 <DIR> d-------- D:\Documents and Settings\user\Application Data\AdobeUM
2007-11-24 22:31 <DIR> d-------- D:\Documents and Settings\user\Application Data\vlc
2007-11-24 22:30 <DIR> d-------- D:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2007-11-24 22:28 <DIR> d-------- C:\Program Files\Security Task Manager
2007-11-24 22:28 <DIR> d-------- C:\Program Files\Img2CAD
2007-11-24 22:28 <DIR> d-------- C:\Program Files\Dcads Games Collection
2007-11-24 22:14 <DIR> d-------- C:\Program Files\Security Task Manager(2)
2007-11-24 10:38 41,591 --ahs---- C:\WINDOWS\system32\llkkj.ini2
2007-11-24 00:02 6,490 --ahs---- C:\WINDOWS\system32\pstwa.ini2
2007-11-24 00:02 317 --ahs---- C:\WINDOWS\system32\pstwa.ini
2007-11-24 00:01 <DIR> d-------- C:\WINDOWS\system32\vgfddwtv
2007-11-24 00:01 <DIR> d-------- C:\Program Files\Gfkgzmsb
2007-11-24 00:01 131,072 --a------ D:\Documents and Settings\All Users\Application Data\jibupqne.dll
2007-11-24 00:01 102,912 --a------ C:\WINDOWS\system32\drvtug.dll
2007-11-23 23:59 <DIR> d-------- C:\Program Files\ngbmpgnc
2007-11-23 23:58 20,992 --------- C:\WINDOWS\system32\winbug32.dll_tobedeleted_old
2007-11-23 23:52 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-11-23 23:52 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-11-20 14:02 <DIR> d-------- C:\Program Files\MSBuild
2007-11-20 13:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-11-20 13:56 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-11-20 13:55 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-11-20 13:25 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-11-20 13:25 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-11-10 23:39 80,105 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-11-08 23:18 <DIR> d-------- C:\Program Files\TrustyFiles
2007-11-08 20:11 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-11-08 20:10 <DIR> d-------- C:\Program Files\BitSpirit
2007-11-08 20:08 <DIR> d-------- C:\Program Files\BitComet
2007-11-08 19:25 <DIR> d-------- C:\Program Files\PCPitstop
2007-11-07 16:59 <DIR> d-a------ C:\Program Files\WinZix
2007-11-05 12:35 65,024 --a------ C:\WINDOWS\system32\spads.dll
2007-11-03 00:14 <DIR> d-------- C:\Program Files\HTTP-Tunnel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 02:01 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
2007-11-27 00:30 --------- d-----w C:\Program Files\Java
2007-11-25 12:10 28,672 ------w C:\WINDOWS\system32\verclsid.exe
2007-11-25 02:25 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-11-24 22:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-11-24 01:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-23 23:52 --------- d-----w C:\Program Files\ImTOO
2007-11-18 23:20 --------- d-----w C:\Program Files\Winamp
2007-11-11 12:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 12:06 --------- d-----w C:\Program Files\Activision
2007-11-10 23:40 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 18:27 --------- d-----w C:\Program Files\SSH Tunnel
2007-10-24 13:51 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-24 13:40 --------- d-----w C:\Program Files\LimeWire
2007-10-24 07:33 --------- d-----w C:\Program Files\Artlantis Studio
2007-10-24 07:11 --------- d-----w C:\Program Files\Graphisoft
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-06 18:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\Bluetooth
2007-10-06 18:15 --------- d-----w C:\Program Files\IVT Corporation
2007-10-06 17:35 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-10-06 17:29 --------- d-----w C:\Program Files\TVersity
2007-10-06 16:21 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-06 10:41 --------- d-----w C:\Program Files\iTunes
2007-10-06 10:41 --------- d-----w C:\Program Files\iPod
2007-10-06 09:54 --------- d-----w C:\Program Files\FlashFXP
2007-10-06 01:48 --------- d-----w C:\Program Files\SatelliteTVforPC
2007-10-06 00:29 --------- d-----w C:\Program Files\Datel
2007-10-06 00:27 --------- d-----w C:\Program Files\XBCD
2007-10-03 20:12 --------- d-----w C:\Program Files\Fire International
2007-10-03 20:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\FlashFXP
2007-09-30 19:22 --------- d-----w C:\Program Files\Symantec
2007-09-05 23:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
.

((((((((((((((((((((((((((((( snapshot@2007-11-27_ 2.23.14.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-09-19 20:21:24 177,152 -c----w C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
+ 2007-11-27 02:44:53 169,984 -c----w C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
+ 2007-11-27 02:49:08 20,992 ----a-w C:\WINDOWS\LastGood\system32\fontview.exe
+ 2007-11-27 02:50:02 15,872 ----a-w C:\WINDOWS\LastGood\system32\perfmon.exe
+ 2007-11-27 02:50:30 8,192 ----a-w C:\WINDOWS\LastGood\system32\winhlp32.exe
+ 2007-11-27 02:50:38 32,256 ----a-w C:\WINDOWS\LastGood\system32\wpnpinst.exe
+ 2004-08-04 14:00:00 20,992 ----a-w C:\WINDOWS\system32\dllcache\fontview.exe
+ 2004-08-04 14:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\perfmon.exe
+ 2004-08-04 14:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\winhstb.exe
+ 2004-08-04 14:00:00 32,256 ----a-w C:\WINDOWS\system32\dllcache\wpnpinst.exe
- 2004-08-04 14:00:00 28,160 ----a-w C:\WINDOWS\system32\fontview.exe
+ 2004-08-04 14:00:00 20,992 ----a-w C:\WINDOWS\system32\fontview.exe
- 2006-10-17 12:56:10 52,736 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2006-10-17 12:56:10 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2004-08-04 14:00:00 23,040 ----a-w C:\WINDOWS\system32\perfmon.exe
+ 2004-08-04 14:00:00 15,872 ----a-w C:\WINDOWS\system32\perfmon.exe
- 2004-08-04 14:00:00 15,360 ----a-w C:\WINDOWS\system32\winhlp32.exe
+ 2004-08-04 14:00:00 8,192 ----a-w C:\WINDOWS\system32\winhlp32.exe
- 2004-08-04 14:00:00 39,424 ----a-w C:\WINDOWS\system32\wpnpinst.exe
+ 2004-08-04 14:00:00 32,256 ----a-w C:\WINDOWS\system32\wpnpinst.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote"="C:\Program Files\TVR\Remote.exe" [2007-11-25 12:07]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2007-11-25 12:07]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-25 12:07]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-01 04:37]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-25 12:07]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-30 19:21]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-10-24 07:09]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-01-19 21:51 77824]
"{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\iiffccd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffccd]
iiffccd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EACHITCHBATLOCKS]
D:\Documents and Settings\All Users\Application Data\TWOHOLDEACHITCH\Web Noun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flag love]
D:\DOCUME~1\user\APPLIC~1\OOZEON~1\Ace user.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-12-15 10:18 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2004-06-03 01:50 204800 --a------ C:\Program Files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 02:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]
2005-05-23 08:44 450560 --a------ C:\Program Files\TVR\RecSche.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]
C:\W

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2005-05-31 01:04 1415824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2007-01-19 21:51 1310720 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]
C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl]
C:\WINDOWS\WDVRCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 20:05 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindService"=2 (0x2)
"SAVScan"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"ISSVC"=2 (0x2)
"IDriverT"=3 (0x3)
"GB-PVR Recording Service"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
"AOL ACS"=2 (0x2)

R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R3 AVHybrid;AVHybrid service;C:\WINDOWS\system32\DRIVERS\AVHybrid.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 Via4in1;Via4in1;\??\C:\Via4in1.sys
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef4922-f755-11db-81f8-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-11-21 23:38:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-12-27 10:59:40 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 02:55:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...


HJTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:59, on 2007-11-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll
O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 9294 bytes

Seems to have done the trick!

Any chance I can fix my browser, as I cannot access password login/secure websites?

Also my start menu items are still showing empty folders!

Hi.mmaatttt

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quote box below into it (but don't include the word: quote). Make sure to use NotePad and nothing else.



Save this as CFScript.txt, in the same location as ComboFix.exe

Click to view attachment

Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it will produce a log for you at "C:\ComboFix.txt"


Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=======================

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing)

Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.

Then come back here with both the HijackThis log and ComboFix.txt


Gogo

ComboFix 07-11-19.4 - user 2007-11-27 12:44:23.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.397 [GMT 0:00]
Running from: D:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\ComboFix\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
.

2007-11-27 02:05 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-27 02:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-27 02:05 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-27 01:43 1,582 --a------ D:\Documents and Settings\user\clean.reg
2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\dllcache\rundll32.exe
2007-11-25 12:28 <DIR> d-------- D:\Documents and Settings\user\Application Data\Apple Computer
2007-11-25 11:59 <DIR> d-------- C:\VundoFix Backups
2007-11-25 00:26 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-24 23:04 <DIR> d-------- D:\Documents and Settings\user\Application Data\Lavasoft
2007-11-24 22:51 57,701 --ahs---- C:\WINDOWS\system32\rtstv.ini
2007-11-24 22:51 14,654 --ahs---- C:\WINDOWS\system32\rtstv.ini2
2007-11-24 22:46 <DIR> d-------- D:\Documents and Settings\user\Application Data\AdobeUM
2007-11-24 22:31 <DIR> d-------- D:\Documents and Settings\user\Application Data\vlc
2007-11-24 22:30 <DIR> d-------- D:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2007-11-24 22:28 <DIR> d-------- C:\Program Files\Img2CAD
2007-11-24 22:14 <DIR> d-------- C:\Program Files\Security Task Manager(2)
2007-11-24 10:38 41,591 --ahs---- C:\WINDOWS\system32\llkkj.ini2
2007-11-24 00:02 6,490 --ahs---- C:\WINDOWS\system32\pstwa.ini2
2007-11-24 00:02 317 --ahs---- C:\WINDOWS\system32\pstwa.ini
2007-11-24 00:01 <DIR> d-------- C:\WINDOWS\system32\vgfddwtv
2007-11-24 00:01 <DIR> d-------- C:\Program Files\Gfkgzmsb
2007-11-24 00:01 131,072 --a------ D:\Documents and Settings\All Users\Application Data\jibupqne.dll
2007-11-24 00:01 102,912 --a------ C:\WINDOWS\system32\drvtug.dll
2007-11-23 23:59 <DIR> d-------- C:\Program Files\ngbmpgnc
2007-11-23 23:58 20,992 --------- C:\WINDOWS\system32\winbug32.dll_tobedeleted_old
2007-11-23 23:52 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-11-23 23:52 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-11-20 14:02 <DIR> d-------- C:\Program Files\MSBuild
2007-11-20 13:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-11-20 13:56 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-11-20 13:55 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-11-20 13:25 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-11-20 13:25 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-11-10 23:39 80,105 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-11-08 23:18 <DIR> d-------- C:\Program Files\TrustyFiles
2007-11-08 20:11 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-11-08 20:10 <DIR> d-------- C:\Program Files\BitSpirit
2007-11-08 20:08 <DIR> d-------- C:\Program Files\BitComet
2007-11-08 19:25 <DIR> d-------- C:\Program Files\PCPitstop
2007-11-07 16:59 <DIR> d-a------ C:\Program Files\WinZix
2007-11-05 12:35 65,024 --a------ C:\WINDOWS\system32\spads.dll
2007-11-03 00:14 <DIR> d-------- C:\Program Files\HTTP-Tunnel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 03:44 --------- d-----w C:\Program Files\Java
2007-11-27 03:37 --------- d-----w D:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-11-27 02:01 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
2007-11-25 12:10 28,672 ------w C:\WINDOWS\system32\verclsid.exe
2007-11-25 02:25 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-11-24 01:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-23 23:52 --------- d-----w C:\Program Files\ImTOO
2007-11-18 23:20 --------- d-----w C:\Program Files\Winamp
2007-11-11 12:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 12:06 --------- d-----w C:\Program Files\Activision
2007-11-10 23:40 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 18:27 --------- d-----w C:\Program Files\SSH Tunnel
2007-10-24 13:51 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-24 13:40 --------- d-----w C:\Program Files\LimeWire
2007-10-24 07:33 --------- d-----w C:\Program Files\Artlantis Studio
2007-10-24 07:11 --------- d-----w C:\Program Files\Graphisoft
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-06 18:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\Bluetooth
2007-10-06 18:15 --------- d-----w C:\Program Files\IVT Corporation
2007-10-06 17:35 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-10-06 17:29 --------- d-----w C:\Program Files\TVersity
2007-10-06 16:21 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-06 10:41 --------- d-----w C:\Program Files\iTunes
2007-10-06 10:41 --------- d-----w C:\Program Files\iPod
2007-10-06 09:54 --------- d-----w C:\Program Files\FlashFXP
2007-10-06 01:48 --------- d-----w C:\Program Files\SatelliteTVforPC
2007-10-06 00:29 --------- d-----w C:\Program Files\Datel
2007-10-06 00:27 --------- d-----w C:\Program Files\XBCD
2007-10-03 20:12 --------- d-----w C:\Program Files\Fire International
2007-10-03 20:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\FlashFXP
2007-09-30 19:22 --------- d-----w C:\Program Files\Symantec
2007-09-05 23:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
.

((((((((((((((((((((((((((((( snapshot@2007-11-27_ 2.23.14.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-09-19 20:21:24 177,152 -c----w C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
+ 2007-11-27 02:44:53 169,984 -c----w C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
+ 2004-08-04 14:00:00 20,992 ----a-w C:\WINDOWS\system32\dllcache\fontview.exe
+ 2004-08-04 14:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\perfmon.exe
+ 2004-08-04 14:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\winhstb.exe
+ 2004-08-04 14:00:00 32,256 ----a-w C:\WINDOWS\system32\dllcache\wpnpinst.exe
- 2004-08-04 14:00:00 28,160 ----a-w C:\WINDOWS\system32\fontview.exe
+ 2004-08-04 14:00:00 20,992 ----a-w C:\WINDOWS\system32\fontview.exe
- 2007-10-24 07:09:36 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-24 22:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-11-27 00:19:27 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 22:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-11-27 00:28:17 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-24 23:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2006-10-17 12:56:10 52,736 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2006-10-17 12:56:10 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2004-08-04 14:00:00 23,040 ----a-w C:\WINDOWS\system32\perfmon.exe
+ 2004-08-04 14:00:00 15,872 ----a-w C:\WINDOWS\system32\perfmon.exe
- 2004-08-04 14:00:00 15,360 ----a-w C:\WINDOWS\system32\winhlp32.exe
+ 2004-08-04 14:00:00 8,192 ----a-w C:\WINDOWS\system32\winhlp32.exe
- 2004-08-04 14:00:00 39,424 ----a-w C:\WINDOWS\system32\wpnpinst.exe
+ 2004-08-04 14:00:00 32,256 ----a-w C:\WINDOWS\system32\wpnpinst.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote"="C:\Program Files\TVR\Remote.exe" [2007-11-25 12:07]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2007-11-25 12:07]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-25 12:07]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-01 04:37]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-25 12:07]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-30 19:21]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-01-19 21:51 77824]
"{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\iiffccd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffccd]
iiffccd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EACHITCHBATLOCKS]
D:\Documents and Settings\All Users\Application Data\TWOHOLDEACHITCH\Web Noun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flag love]
D:\DOCUME~1\user\APPLIC~1\OOZEON~1\Ace user.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-12-15 10:18 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2004-06-03 01:50 204800 --a------ C:\Program Files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 02:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]
2005-05-23 08:44 450560 --a------ C:\Program Files\TVR\RecSche.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]
C:\W

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2005-05-31 01:04 1415824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2007-01-19 21:51 1310720 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]
C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl]
C:\WINDOWS\WDVRCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 20:05 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindService"=2 (0x2)
"SAVScan"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"ISSVC"=2 (0x2)
"IDriverT"=3 (0x3)
"GB-PVR Recording Service"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
"AOL ACS"=2 (0x2)

R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R3 AVHybrid;AVHybrid service;C:\WINDOWS\system32\DRIVERS\AVHybrid.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 Via4in1;Via4in1;\??\C:\Via4in1.sys
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef4922-f755-11db-81f8-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-11-21 23:38:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-12-27 10:59:40 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 12:46:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"
.
Completion time: 2007-11-27 12:47:33
C:\ComboFix2.txt ... 2007-11-27 02:23
.
--- E O F ---


HJThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:13, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TVR\remote.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll
O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 9289 bytes

BUMP

My PC seems to be ok at the moment and i'm trying to recover my start-menu's and broken links.

My Firefox bwser is not working though, ad Internet Explorer will no access secure login websites..(Hotmail, facebook etc!)!

Is there any advise with regards to this matter???

After some googling, I managed to find out it was NORTON that messed up with the secure sites etc!!!

I managed to un-install it now and am using another SV software!

Hi.mmaatttt

Sorry for the hold-up here, But it's that time of year and I go were moms goes.
let's see if we can clean some more off this PC.

====================

SUPERAntiSpyware: Please disable SuperAntispyware. Right-click on the shortcut from the
system tray, choose View Control Center (preferences/options), on the General and Startup tab, uncheck, Start SUPERAntispyware when Windows starts, click Close to exit.

====================

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quote box below into it (but don't include the word: quote). Make sure to use NotePad and nothing else.




Save this as CFScript.txt, in the same location as ComboFix.exe

Click to view attachment

Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it will produce a log for you at "C:\ComboFix.txt"


Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=====================

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing)

Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.

=====================

Reboot PC after doing all above

=====================

Then come back here with both the HijackThis log and ComboFix.txt


Gogo

Hhhmmm!

I did alter a few things whilst I was gone. I've uninstalled Norton and added AVG Anti Virus instead, which I did a virus check with and it picked out a couple of things (since deleted!). Also Super Anti Spyware was already disabled.

None the less, here are my logs:

ComboFix 07-11-19.4 - user 2007-11-29 23:08:05.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.360 [GMT 0:00]
Running from: D:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\user\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\drvtug.dll
C:\WINDOWS\system32\llkkj.ini2
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.ini2
C:\WINDOWS\system32\rtstv.ini
C:\WINDOWS\system32\rtstv.ini2
C:\WINDOWS\system32\winbug32.dll_tobedeleted_old
D:\Documents and Settings\All Users\Application Data\jibupqne.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Gfkgzmsb
C:\Program Files\ngbmpgnc
C:\WINDOWS\system32\llkkj.ini2
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.ini2
C:\WINDOWS\system32\rtstv.ini
C:\WINDOWS\system32\rtstv.ini2
C:\WINDOWS\system32\vgfddwtv
C:\WINDOWS\system32\vgfddwtv\bg1.gif
C:\WINDOWS\system32\vgfddwtv\bgtop.gif
C:\WINDOWS\system32\vgfddwtv\bottom1.gif
C:\WINDOWS\system32\vgfddwtv\essentials.gif
C:\WINDOWS\system32\vgfddwtv\icon1.ico
C:\WINDOWS\system32\vgfddwtv\install1.gif
C:\WINDOWS\system32\vgfddwtv\left1.gif
C:\WINDOWS\system32\vgfddwtv\li.gif
C:\WINDOWS\system32\vgfddwtv\logo.gif
C:\WINDOWS\system32\vgfddwtv\main.htm
C:\WINDOWS\system32\vgfddwtv\mainframe.htm
C:\WINDOWS\system32\vgfddwtv\reinstall1.gif
C:\WINDOWS\system32\vgfddwtv\right1.gif
C:\WINDOWS\system32\vgfddwtv\s1.htm
C:\WINDOWS\system32\vgfddwtv\s2.htm
C:\WINDOWS\system32\vgfddwtv\s3.htm
C:\WINDOWS\system32\vgfddwtv\SMTop1.gif
C:\WINDOWS\system32\vgfddwtv\SMTop2.gif
C:\WINDOWS\system32\vgfddwtv\SMTop3.gif
C:\WINDOWS\system32\vgfddwtv\SMTop4.gif
C:\WINDOWS\system32\vgfddwtv\soft1_off.gif
C:\WINDOWS\system32\vgfddwtv\soft1_off_ext.gif
C:\WINDOWS\system32\vgfddwtv\soft1_on.gif
C:\WINDOWS\system32\vgfddwtv\soft1_on_ext.gif
C:\WINDOWS\system32\vgfddwtv\soft2_off.gif
C:\WINDOWS\system32\vgfddwtv\soft2_off_ext.gif
C:\WINDOWS\system32\vgfddwtv\soft2_on.gif
C:\WINDOWS\system32\vgfddwtv\soft2_on_ext.gif
C:\WINDOWS\system32\vgfddwtv\soft3_off.gif
C:\WINDOWS\system32\vgfddwtv\soft3_off_ext.gif
C:\WINDOWS\system32\vgfddwtv\soft3_on.gif
C:\WINDOWS\system32\vgfddwtv\soft3_on_ext.gif
C:\WINDOWS\system32\vgfddwtv\softbottom_off.gif
C:\WINDOWS\system32\vgfddwtv\softbottom_on.gif
C:\WINDOWS\system32\vgfddwtv\softleft_off.gif
C:\WINDOWS\system32\vgfddwtv\softleft_on.gif
C:\WINDOWS\system32\vgfddwtv\top1.gif
C:\WINDOWS\system32\vgfddwtv\top2.gif
C:\WINDOWS\system32\vgfddwtv\turnoff1.gif
C:\WINDOWS\system32\vgfddwtv\turnon1.gif

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-29 19:05 <DIR> d-------- D:\Documents and Settings\user\Application Data\AVG7
2007-11-29 19:05 <DIR> d-------- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\AVG7
2007-11-29 19:04 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-29 19:04 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\avg7
2007-11-28 14:04 <DIR> d--hs---- D:\Documents and Settings\user\UserData
2007-11-28 12:40 <DIR> d-------- D:\Documents and Settings\user\Application Data\Talkback
2007-11-27 18:32 <DIR> d-------- D:\Documents and Settings\user\Shared
2007-11-27 02:05 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-27 02:05 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-27 02:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-27 01:43 1,582 --a------ D:\Documents and Settings\user\clean.reg
2007-11-27 01:36 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\dllcache\rundll32.exe
2007-11-25 12:28 <DIR> d-------- D:\Documents and Settings\user\Application Data\Apple Computer
2007-11-25 11:59 <DIR> d-------- C:\VundoFix Backups
2007-11-25 00:26 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-24 23:04 <DIR> d-------- D:\Documents and Settings\user\Application Data\Lavasoft
2007-11-24 22:46 <DIR> d-------- D:\Documents and Settings\user\Application Data\AdobeUM
2007-11-24 22:31 <DIR> d-------- D:\Documents and Settings\user\Application Data\vlc
2007-11-24 22:30 <DIR> d-------- D:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2007-11-23 23:52 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-11-20 14:02 <DIR> d-------- C:\Program Files\MSBuild
2007-11-20 13:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-11-20 13:56 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-11-20 13:55 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-11-20 13:25 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-11-20 13:25 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-11-14 17:47 <DIR> d-------- D:\Documents and Settings\user\Application Data\MSNInstaller
2007-11-08 20:25 <DIR> d-------- D:\Documents and Settings\user\Application Data\BitSpirit
2007-11-08 19:25 <DIR> d-------- C:\Program Files\PCPitstop
2007-11-03 00:14 <DIR> d-------- C:\Program Files\HTTP-Tunnel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 18:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-27 17:46 --------- d-----w C:\Program Files\DivX
2007-11-27 17:21 --------- d-----w C:\Program Files\Java
2007-11-27 17:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-27 17:13 --------- d-----w C:\Program Files\ffdshow
2007-11-27 17:05 --------- d-----w C:\Program Files\Artlantis Studio
2007-11-27 03:37 --------- d-----w D:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-11-27 02:01 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
2007-11-25 12:10 28,672 ------w C:\WINDOWS\system32\verclsid.exe
2007-11-25 02:25 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-11-23 23:53 --------- d-----w D:\Documents and Settings\user\Application Data\dvdcss
2007-11-23 23:52 --------- d-----w C:\Program Files\ImTOO
2007-11-23 21:08 --------- d-----w D:\Documents and Settings\user\Application Data\Azureus
2007-11-15 12:39 --------- d-----w D:\Documents and Settings\user\Application Data\OpenOffice.org2
2007-11-11 12:06 --------- d-----w C:\Program Files\Activision
2007-11-10 11:56 --------- d-----w D:\Documents and Settings\user\Application Data\LimeWire
2007-11-08 20:34 --------- d-----w D:\Documents and Settings\user\Application Data\uTorrent
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 18:31 --------- d-----w D:\Documents and Settings\user\Application Data\Graphisoft
2007-10-24 18:27 --------- d-----w C:\Program Files\SSH Tunnel
2007-10-24 13:40 --------- d-----w C:\Program Files\LimeWire
2007-10-24 07:11 --------- d-----w C:\Program Files\Graphisoft
2007-10-19 12:08 --------- d-----w D:\Documents and Settings\user\Application Data\FrostWire
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-06 18:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\Bluetooth
2007-10-06 18:15 --------- d-----w C:\Program Files\IVT Corporation
2007-10-06 17:35 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-10-06 17:29 --------- d-----w C:\Program Files\TVersity
2007-10-06 16:21 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-06 10:41 --------- d-----w C:\Program Files\iTunes
2007-10-06 09:54 --------- d-----w C:\Program Files\FlashFXP
2007-10-06 01:51 --------- d-----w D:\Documents and Settings\user\Application Data\FlashFXP
2007-10-06 00:27 --------- d-----w C:\Program Files\XBCD
2007-10-03 23:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-10-03 20:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\FlashFXP
2007-09-05 23:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
.

((((((((((((((((((((((((((((( snapshot_2007-11-28_14.28.17.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 14:00:00 98,304 ----a-w C:\WINDOWS\system32\cscript.exe
+ 2007-07-31 20:45:06 114,688 ----a-w C:\WINDOWS\system32\cscript.exe
- 2004-08-04 14:00:00 45,083 ----a-w C:\WINDOWS\system32\dispex.dll
+ 2007-07-31 20:45:24 32,768 ----a-w C:\WINDOWS\system32\dispex.dll
+ 2007-07-31 20:45:06 114,688 ------w C:\WINDOWS\system32\dllcache\cscript.exe
+ 2007-07-31 20:45:24 32,768 ------w C:\WINDOWS\system32\dllcache\dispex.dll
- 2006-10-17 13:00:00 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-07-31 20:45:24 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-07-31 20:45:28 163,840 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
+ 2007-07-31 20:45:28 155,648 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
- 2006-10-17 13:33:40 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-07-31 20:45:28 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2004-08-04 14:00:00 114,688 ----a-w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2007-07-31 20:45:22 135,168 ----a-w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2007-07-31 20:45:30 69,632 ------w C:\WINDOWS\system32\dllcache\wshext.dll
+ 2007-11-29 19:04:59 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2007-11-29 19:05:04 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2007-11-29 19:05:04 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2007-11-29 19:05:05 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2007-11-29 19:05:05 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2006-10-17 13:00:00 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-07-31 20:45:24 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2004-08-04 14:00:00 159,744 ----a-w C:\WINDOWS\system32\scrobj.dll
+ 2007-07-31 20:45:28 163,840 ----a-w C:\WINDOWS\system32\scrobj.dll
- 2004-08-04 14:00:00 151,552 ----a-w C:\WINDOWS\system32\scrrun.dll
+ 2007-07-31 20:45:28 155,648 ----a-w C:\WINDOWS\system32\scrrun.dll
- 2006-10-17 13:33:40 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-07-31 20:45:28 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-04 14:00:00 114,688 ----a-w C:\WINDOWS\system32\wscript.exe
+ 2007-07-31 20:45:22 135,168 ----a-w C:\WINDOWS\system32\wscript.exe
- 2004-08-04 14:00:00 28,672 ----a-w C:\WINDOWS\system32\wshcon.dll
+ 2007-07-31 20:45:30 36,864 ----a-w C:\WINDOWS\system32\wshcon.dll
- 2004-08-04 14:00:00 65,536 ----a-w C:\WINDOWS\system32\wshext.dll
+ 2007-07-31 20:45:30 69,632 ----a-w C:\WINDOWS\system32\wshext.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote"="C:\Program Files\TVR\Remote.exe" [2007-11-25 12:07]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-25 12:07]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-01 04:37]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-25 12:07]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-29 19:04]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-29 19:04]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-01-19 21:51 77824]
"{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\iiffccd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-12-15 10:18 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2004-06-03 01:50 204800 --a------ C:\Program Files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 02:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]
2005-05-23 08:44 450560 --a------ C:\Program Files\TVR\RecSche.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]
C:\W

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2005-05-31 01:04 1415824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2007-01-19 21:51 1310720 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]
C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl]
C:\WINDOWS\WDVRCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 20:05 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindService"=2 (0x2)
"SAVScan"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"ISSVC"=2 (0x2)
"IDriverT"=3 (0x3)
"GB-PVR Recording Service"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
"AOL ACS"=2 (0x2)

R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R3 AVHybrid;AVHybrid service;C:\WINDOWS\system32\DRIVERS\AVHybrid.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 Via4in1;Via4in1;\??\C:\Via4in1.sys
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef4922-f755-11db-81f8-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - AVG7ALRT
*Newly Created Service* - AVG7CORE
*Newly Created Service* - AVG7RSXP
*Newly Created Service* - AVG7UPDSVC
*Newly Created Service* - AVGCLEAN
.
Contents of the 'Scheduled Tasks' folder
"2007-11-28 23:38:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-12-27 10:59:40 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 23:09:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"
.
Completion time: 2007-11-29 23:10:31
C:\ComboFix2.txt ... 2007-11-28 14:28
C:\ComboFix3.txt ... 2007-11-27 12:47
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:14, on 29/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6959 bytes

I don't know if this helps but here is a list of items that AVG removed/spotted from my system:

"General properties",""
"Report name","Complete Test"
"Start time","29/11/2007 19:16:12"
"End time","29/11/2007 20:26:52 (total: 1:10:39.10 hrs)"
"Launch method","Scanning launched manually"
"Scanning result","Threats found"
"Report status","Scanning completed successfully"
" ",""
"Object summary",""
"Scanned","117065"
"Threats Found","19"
"Cleaned","0"
"Moved to vault","1"
"Deleted","13"
"Errors","0"
"D:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\imtoo_dvd_to_ipod_converter.exe:\keygen.exe","Trojan horse Proxy.VPK","Infected, Embedded object, Deleted"
"D:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\imtoo_dvd_to_ipod_converter.exe:\crack.exe","Trojan horse Downloader.Generic6.UQU","Infected, Embedded object, Deleted"
"D:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\imtoo_dvd_to_ipod_converter.exe:\serial.exe","Trojan horse Dialer.PYH","Infected, Embedded object, Deleted"
"D:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\imtoo_dvd_to_ipod_converter.exe:\install.exe","Virus found Win32/Virut","Infected, Embedded object, Deleted"
"D:\Documents and Settings\user\My Documents\F Drive\My Documents\Codecs\RealPlayer10-5GOLD with activatiopn patch.rar:\RealPlayer10-5GOLD with activatiopn patch\activator4.1.exe","Trojan horse Downloader.Generic6.IA","Infected, Embedded object"
"D:\Documents and Settings\user\My Documents\F Drive\My Documents\Codecs\RealPlayer10-5GOLD with activatiopn patch.rar","Trojan horse Downloader.Generic6.IA","Infected, Archive"
"K:\F. Documents and Settings\Matthew\My Documents\Codecs\RealPlayer10-5GOLD with activatiopn patch.rar:\RealPlayer10-5GOLD with activatiopn patch\activator4.1.exe","Trojan horse Downloader.Generic6.IA","Infected, Embedded object"
"K:\F. Documents and Settings\Matthew\My Documents\Codecs\RealPlayer10-5GOLD with activatiopn patch.rar","Trojan horse Downloader.Generic6.IA","Infected, Archive"
"C:\Program Files\Gfkgzmsb\nwejgwdm.dll","","Deleted"
"C:\Program Files\ngbmpgnc\peduncjw.dll","","Deleted"
"C:\qoobox\Quarantine\C\Program Files\SecCenter\scprot4.exe.vir","","Deleted"
"C:\WINDOWS\system32\drvtug.dll","","Deleted"
"C:\WINDOWS\system32\unpr.sys","","Deleted"
"C:\WINDOWS\system32\winbug32.dll_tobedeleted_old","","Deleted"
"D:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QY7AP01G\css4[1]","","Deleted"
"D:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QY7AP01G\css4[2]","","Deleted"
"D:\Deckard\System Scanner\backup\WINDOWS\temp\VRT11F.tmp","","Deleted"
"D:\Deckard\System Scanner\backup\WINDOWS\temp\VRT145.tmp","","Deleted"
"D:\Deckard\System Scanner\backup\WINDOWS\temp\VRTBA.tmp","","Deleted"
"D:\Documents and Settings\All Users\Application Data\jibupqne.dll","","Deleted"
"D:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\imtoo_dvd_to_ipod_converter.exe","","Moved to Vault, Archive"
"K:\F. Documents and Settings\Matthew\Local Settings\Temp\Temporary Internet Files\Content.IE5\58CRPUDF\popup[1].php","","Deleted"

Hi.mmaatttt

Nice work looks like it did some good cleaning. How is the PC, doing now any better.

Backup the Registry:

Navigate to Start | Run and paste the following:

regedit /e c:\registrybackup.reg

Now click OK
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

========================

Open Notepad and copy and paste the following quotebox into a new text document. (Don't forget to copy and paste REGEDIT4!)
( Do not copy the word quote)



Save this as fix.reg Choose to save as *all files and place it on your Desktop.
It should look like this:
Double-click on it and when it asks you if you want to merge the contents to the registry, click Yes/OK.

=======================

Do a reboot come back here give me some feedback about the PC.

Gogo

Thanx HJThis!!!

Seems to be working fine now, although the startup seems a bit slower than before and I'm still trying to find some windows items for my startmenu (good old google is helping me with that ).

Also to anyone interested, I highly recommend the free AVG Antivirus software, it dosen't hog up resources and it is pretty powerful!


mmaatttt

Hi.mmaatttt

I'm glad things are better. I have some last steps for you here, Make sure to have a look at the link on the end.

Please take these following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster | # Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
# Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
# Restrict the actions of potentially unwanted sites in Internet Explorer.


2) Download IE-Spyad | works by importing a large file of registry entries into your registry.A tutorial on it can be found here


3) Go to Windows Update | Frequently Make sure to check for the latest updates.


4) All of these great programs will not do a thing for you. If none are kept updated. So please check all of them for the latest updates.


5) Please make it a point to have a look at. this great site, By the Master Miekiemoes.
miekiemoes Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.


Regards

Gogo