Big Help needed

[Paully]

O.K. I have tried highjack this and the cookie has shut that down as well.

AVG picked up yadro.ru.a4842f54 & yadro.ru.c77afad5 & Cookie.sqlite.

Please help, I ran a log file earlier, I hope it helps


Running from: C:\Programme\Download\Program Downloads\Win32kDiag.exe

Log file at : C:\Documents and Settings\PaulBerry\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB960859\KB960859

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971557\KB971557

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971657\KB971657

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB972260-IE7\KB972260-IE7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB973507\KB973507

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB973815\KB973815

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\A4W_DATA\A4W_DATA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\WPD\WPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\3.0.6920

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Logs\Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Pixtran\Pixtran

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Profiles\All Users\Adobe\Webbuy\Webbuy

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2006-02-28 21:30:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[Paully]

Running from: C:\Programme\Download\Program Downloads\Win32kDiag.exe

Log file at : C:\Documents and Settings\PaulBerry\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB960859\KB960859

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971557\KB971557

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971657\KB971657

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB972260-IE7\KB972260-IE7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB973507\KB973507

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB973815\KB973815

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\A4W_DATA\A4W_DATA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\WPD\WPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\3.0.6920

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Logs\Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Pixtran\Pixtran

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Profiles\All Users\Adobe\Webbuy\Webbuy

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2006-02-28 21:30:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[Paully]

Not sure what to do:

All Spyware and Adware program will not run

Now AVG wont run a scan

[Paully]

Hijacker.Affiliated_with_Browser_Hijackers(64 infections) Low

Spyware.Known_Bad_Sites(2) Low

Application.PowerRegister(3) Info & PUAs

Trojan.FakeAlert(21) High

Spy doctor found these, but I need to register to remove

[Paully]

Tea Timer Log

19/06/2009 10:50:02 AM Allowed (based on user decision) value "QuickTime Task" (new data: "") deleted in System Startup global entry!
19/06/2009 10:50:31 AM Allowed (based on user whitelist) value "QuickTime Task" (new data: ""C:\Program Files\QuickTime\QTTask.exe" -atboottime") added in System Startup global entry!
19/06/2009 10:51:28 AM Allowed (based on lassh blacklist) value "iTunesHelper" (new data: "") deleted in System Startup global entry!
19/06/2009 10:52:07 AM Allowed (based on user decision) value "iTunesHelper" (new data: ""C:\Program Files\iTunes\iTunesHelper.exe"") added in System Startup global entry!
21/06/2009 5:24:03 PM Allowed (based on user decision) value "SpybotDeletingB7125" (new data: "") deleted in System Startup user entry!
21/06/2009 5:24:06 PM Allowed (based on user decision) value "SpybotDeletingD6176" (new data: "") deleted in System Startup user entry!
21/06/2009 5:24:06 PM Allowed (based on user decision) value "SpybotDeletingA8749" (new data: "") deleted in System Startup global entry!
21/06/2009 5:24:06 PM Allowed (based on user decision) value "SpybotDeletingC8036" (new data: "") deleted in System Startup global entry!
29/06/2009 8:50:20 AM Allowed (based on user decision) value "{A057A204-BACC-4D26-9990-79A187E2698E}" (new data: "") deleted in Global browser toolbar!
29/06/2009 8:50:20 AM Allowed (based on user decision) value "{A057A204-BACC-4D26-9990-79A187E2698E}" (new data: "") deleted in Browser Helper Object!
4/07/2009 4:39:28 PM Allowed (based on user decision) value "Uniblue RegistryBooster 2009" (new data: "C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S") added in System Startup user entry!
4/07/2009 4:39:30 PM Allowed (based on user decision) value "UniblueSpeedUpMyPC" (new data: "C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe -minimize") added in System Startup user entry!
14/08/2009 8:53:20 PM Allowed (based on user decision) value "Ceedo Repair" (new data: "C:\DOCUME~1\PAULBE~1\LOCALS~1\Temp\AutoDetect.exe /repair /drive=E /name=Ceedo") added in System Startup user entry!
14/08/2009 10:26:58 PM Allowed (based on user decision) value "Ceedo Repair" (new data: "") deleted in System Startup user entry!
15/08/2009 11:57:58 AM Allowed (based on user decision) value "FlashPlayerUpdate" (new data: "C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p") added in System Startup user entry!
17/08/2009 7:31:37 PM Allowed (based on user whitelist) value "AnyDVD" (new data: ""C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"") changed in System Startup user entry!
17/08/2009 7:31:40 PM Allowed (based on user whitelist) value "AnyDVD" (new data: "C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe") changed in System Startup user entry!
18/08/2009 8:05:31 PM Allowed (based on user decision) value "SunJavaUpdateSched" (new data: "") deleted in System Startup global entry!
18/08/2009 8:06:01 PM Allowed (based on user whitelist) value "{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" (new data: "") deleted in Browser Helper Object!
18/08/2009 8:06:14 PM Allowed (based on user decision) value "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" (new data: "") added in Browser Helper Object!
18/08/2009 8:06:14 PM Allowed (based on user decision) value "{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}" (new data: "") added in ActiveX Distribution Unit!
18/08/2009 8:06:14 PM Allowed (based on user decision) value "{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}" (new data: "") deleted in ActiveX Distribution Unit!
18/08/2009 8:06:15 PM Allowed (based on user whitelist) value "SunJavaUpdateSched" (new data: ""C:\Program Files\Java\jre6\bin\jusched.exe"") added in System Startup global entry!
18/08/2009 8:06:18 PM Allowed (based on user whitelist) value "{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" (new data: "") added in Browser Helper Object!
18/08/2009 8:06:18 PM Allowed (based on user decision) value "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" (new data: "") deleted in Browser Helper Object!
23/08/2009 6:19:16 PM Allowed (based on user whitelist) value "FlashPlayerUpdate" (new data: "") deleted in System Startup user entry!
30/08/2009 7:39:41 PM Allowed (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\Terminator Salvation Skull.scr") changed in Desktop settings!
5/09/2009 7:14:33 PM Allowed (based on user decision) value "scrnsave.exe" (new data: "") deleted in Desktop settings!
10/09/2009 8:12:40 PM Allowed (based on user whitelist) value "DefaultUserName" (new data: "PaulBerry") changed in Winlogon!
12/09/2009 6:57:45 PM Allowed (based on user decision) value "Uninstall Adobe Download Manager" (new data: ""C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1noarp") added in System Startup global entry!
13/09/2009 9:45:52 AM Allowed (based on user whitelist) value "DefaultUserName" (new data: "Tayla & Carla") changed in Winlogon!
13/09/2009 11:54:35 AM Allowed (based on user whitelist) value "DefaultUserName" (new data: "PaulBerry") changed in Winlogon!
15/09/2009 4:06:26 PM Allowed (based on user whitelist) value "DefaultUserName" (new data: "Tayla & Carla") changed in Winlogon!
19/09/2009 11:49:55 AM Allowed (based on user decision) value "Uninstall Adobe Download Manager" (new data: "") deleted in System Startup global entry!
19/09/2009 11:49:57 AM Allowed (based on user whitelist) value "DefaultUserName" (new data: "PaulBerry") changed in Winlogon!
20/09/2009 3:14:24 AM Allowed (based on user decision) value "DW6" (new data: "") deleted in System Startup user entry!
22/09/2009 10:40:27 PM Allowed (based on user decision) value "SpybotDeletingB8433" (new data: "command.com /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup user entry!
22/09/2009 10:40:33 PM Allowed (based on user decision) value "SpybotDeletingD8409" (new data: "cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup user entry!
22/09/2009 10:40:33 PM Allowed (based on user decision) value "SpybotDeletingA2970" (new data: "command.com /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup global entry!
22/09/2009 10:40:37 PM Allowed (based on user decision) value "SpybotDeletingC6210" (new data: "cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup global entry!
22/09/2009 11:31:07 PM Allowed (based on user decision) value "PopRock" (new data: "C:\DOCUME~1\PAULBE~1\LOCALS~1\Temp\a.exe") added in System Startup user entry!
22/09/2009 11:36:01 PM Allowed (based on user decision) value "*Restore" (new data: "C:\WINDOWS\system32\restore\rstrui.exe -i") added in System Startup global entry!
22/09/2009 11:51:48 PM Allowed (based on user decision) value "PopRock" (new data: "C:\DOCUME~1\PAULBE~1\LOCALS~1\Temp\a.exe") added in System Startup user entry!
22/09/2009 11:51:48 PM Allowed (based on user decision) value "Uniblue RegistryBooster 2009" (new data: "") deleted in System Startup user entry!
22/09/2009 11:51:48 PM Allowed (based on user decision) value "UniblueSpeedUpMyPC" (new data: "") deleted in System Startup user entry!
22/09/2009 11:51:48 PM Allowed (based on user decision) value "SpybotDeletingB8433" (new data: "") deleted in System Startup user entry!
22/09/2009 11:51:48 PM Allowed (based on user decision) value "SpybotDeletingD8409" (new data: "") deleted in System Startup user entry!
22/09/2009 11:51:48 PM Allowed (based on user decision) value "SpybotDeletingA2970" (new data: "") deleted in System Startup global entry!
22/09/2009 11:51:48 PM Allowed (based on user decision) value "SpybotDeletingC6210" (new data: "") deleted in System Startup global entry!
22/09/2009 11:51:48 PM Allowed (based on user decision) value "*Restore" (new data: "") deleted in System Startup global entry!
23/09/2009 12:00:15 AM Allowed (based on user decision) value "PopRock" (new data: "") deleted in System Startup user entry!
23/09/2009 12:03:25 AM Allowed (based on user decision) value "PopRock" (new data: "C:\DOCUME~1\PAULBE~1\LOCALS~1\Temp\a.exe") added in System Startup user entry!
23/09/2009 12:03:31 AM Allowed (based on user decision) value "scrnsave.exe" (new data: "none") added in Desktop settings!
23/09/2009 12:05:10 AM Allowed (based on user decision) value "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" (new data: "hex:20,A3,C7,CC,CA,B3,99,41,B1,A6,9F,51,6D,D6,98,29") added in User-specific browser toolbar!
23/09/2009 12:34:48 AM Allowed (based on user decision) value "SpybotSD TeaTimer" (new data: "") deleted in System Startup user entry!
23/09/2009 12:34:48 AM Allowed (based on user decision) value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") deleted in Browser Helper Object!
23/09/2009 1:59:25 PM Allowed (based on user decision) value "virus" (new data: "C:\WINDOWS\system32\virus1.exe") added in System Startup global entry!
23/09/2009 1:59:25 PM Allowed (based on user decision) value "Start Page" (new data: "http://www.pagedetournee.com") changed in Browser page!
23/09/2009 2:02:46 PM Allowed (based on user decision) value "virus" (new data: "") deleted in System Startup global entry!
23/09/2009 2:02:46 PM Allowed (based on user decision) value "Start Page" (new data: "about:blank") changed in Browser page!
23/09/2009 2:06:19 PM Allowed (based on user decision) value "AROReminder" (new data: "") added in System Startup user entry!
23/09/2009 2:06:32 PM Allowed (based on user decision) value "AROReminder" (new data: "C:\Program Files\Advanced Registry Optimizer\aro.exe -rem") changed in System Startup user entry!
23/09/2009 2:08:14 PM Allowed (based on user decision) value "AROReminder" (new data: "C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem") changed in System Startup user entry!
23/09/2009 2:16:21 PM Allowed (based on user decision) value "PopRock" (new data: "") deleted in System Startup user entry!
23/09/2009 2:23:49 PM Allowed (based on user decision) value "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" (new data: "hex:00") added in Global browser toolbar!
23/09/2009 2:23:51 PM Allowed (based on user decision) value "{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" (new data: "") added in Browser Helper Object!
23/09/2009 2:26:31 PM Allowed (based on user decision) value "Crawler Search" (new data: "") added in Browser menu extension!
23/09/2009 2:26:31 PM Allowed (based on user decision) value "Search Bar" (new data: "http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60426") added in Browser page!
23/09/2009 2:26:31 PM Allowed (based on user decision) value "SearchAssistant" (new data: "http://www.crawler.com/search/ie.aspx?tb_id=60426") added in Browser page!
23/09/2009 2:26:32 PM Allowed (based on user decision) value "SearchAssistant" (new data: "http://www.crawler.com/search/ie.aspx?tb_id=60426") changed in Browser page!
23/09/2009 2:26:32 PM Allowed (based on user decision) value "CustomizeSearch" (new data: "http://dnl.crawler.com/support/sa_customize.aspx?TbId=60426") changed in Browser page!
23/09/2009 2:26:34 PM Allowed (based on user decision) value "{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" (new data: "") added in Internet Explorer searches!
23/09/2009 2:26:37 PM Allowed (based on user decision) value "{A3BC75A2-1F87-4686-AA43-5347D756017C}" (new data: "") deleted in Internet Explorer searches!
23/09/2009 2:26:37 PM Allowed (based on user decision) value "*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (new data: "") deleted in Internet Explorer searches!
23/09/2009 2:27:00 PM Allowed (based on user decision) value "SpywareTerminatorUpdate" (new data: ""C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"") added in System Startup user entry!
23/09/2009 2:49:13 PM Allowed (based on user decision) value "SpywareTerminator" (new data: ""C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"") added in System Startup global entry!
23/09/2009 3:20:20 PM Allowed (based on user decision) value "avast!" (new data: ""C:\Program Files\Alwil Software\Avast4\ashDisp.exe"") added in System Startup global entry!
23/09/2009 3:20:28 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
aswBoot.exe /A:"*" /L:"English" /KBD:3
") changed in Session manager!
23/09/2009 4:35:42 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") changed in Session manager!
23/09/2009 5:42:53 PM Allowed (based on user decision) value "RegistryMechanic" (new data: "C:\Program Files\Registry Mechanic\RegMech.exe /H") added in System Startup user entry!
23/09/2009 5:42:55 PM Allowed (based on user decision) value "ISTray" (new data: ""C:\Program Files\Spyware Doctor\pctsTray.exe"") added in System Startup global entry!
23/09/2009 7:09:02 PM Allowed (based on user decision) value "SpyHunter Security Suite" (new data: "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe") added in System Startup global entry!
23/09/2009 7:09:08 PM Allowed (based on user decision) value "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" (new data: "hex:EA,03,38,4B,30,52,C3,4D,A7,FC,33,63,8F,3D,35,42") added in User-specific browser toolbar!
23/09/2009 7:09:10 PM Allowed (based on user decision) value "{A3BC75A2-1F87-4686-AA43-5347D756017C}" (new data: "") added in Internet Explorer searches!
23/09/2009 7:09:11 PM Allowed (based on user decision) value "*{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" (new data: "") added in Internet Explorer searches!
23/09/2009 7:09:14 PM Allowed (based on user decision) value "{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" (new data: "") deleted in Internet Explorer searches!
23/09/2009 7:19:38 PM Allowed (based on user decision) value "!SASWinLogon" (new data: "") added in Winlogon Notifiers!
23/09/2009 7:20:41 PM Allowed (based on user decision) value "SUPERAntiSpyware" (new data: "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe") added in System Startup user entry!
23/09/2009 9:22:35 PM Allowed (based on user decision) value "{7530BFB8-7293-4D34-9923-61A11451AFC5}" (new data: "") added in ActiveX Distribution Unit!
23/09/2009 10:10:38 PM Allowed (based on user decision) value "SpyHunter Security Suite" (new data: "") deleted in System Startup global entry!

[Paully]

ComboFix 09-09-23.02 - PaulBerry 24/09/2009 22:06.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.2046.1299 [GMT 9.5:30]
Running from: c:\documents and settings\PaulBerry\Desktop\ComeOn.exe
AV: avast! antivirus 4.8.1351 [VPS 090923-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\12d5cc04.msp
c:\windows\Installer\2906197.msi

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-23 11:51 . 2009-09-23 11:51 -------- d-----w- c:\program files\ESET
2009-09-23 10:52 . 2009-09-23 10:52 -------- d-----w- c:\documents and settings\PaulBerry\Application Data\AVG8
2009-09-23 09:49 . 2009-09-23 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-23 09:49 . 2009-09-24 12:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-23 09:49 . 2009-09-23 09:49 -------- d-----w- c:\documents and settings\PaulBerry\Application Data\SUPERAntiSpyware.com
2009-09-23 09:38 . 2009-09-23 09:38 -------- d-----w- c:\program files\Enigma Software Group
2009-09-23 07:32 . 2008-12-10 23:08 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-23 07:32 . 2009-08-24 04:35 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-23 07:32 . 2009-08-19 01:31 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-23 07:31 . 2009-09-23 08:13 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-23 07:31 . 2008-12-10 02:06 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-23 07:30 . 2009-09-24 12:28 -------- d-----w- c:\program files\Spyware Doctor
2009-09-23 07:30 . 2009-09-23 07:30 -------- d-----w- c:\documents and settings\PaulBerry\Application Data\PC Tools
2009-09-23 07:30 . 2009-09-23 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-23 07:14 . 2009-09-22 17:03 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-09-23 05:50 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-23 05:50 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-23 05:50 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-23 05:49 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-23 05:49 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-23 05:49 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-23 05:49 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-23 05:49 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-23 05:49 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-23 05:49 . 2009-09-23 05:49 -------- d-----w- c:\program files\Alwil Software
2009-09-23 04:53 . 2009-09-23 13:35 -------- d-----w- c:\program files\Crawler
2009-09-23 04:36 . 2009-09-23 04:36 -------- d-----w- c:\documents and settings\PaulBerry\Application Data\Sammsoft
2009-09-23 04:36 . 2009-09-23 04:36 -------- d-----w- c:\program files\Advanced Registry Optimizer
2009-09-23 04:28 . 2009-09-23 04:28 -------- d-----w- c:\program files\AxBx
2009-09-22 17:30 . 2009-09-24 12:44 -------- d-----w- c:\program files\SDistTest
2009-09-22 17:12 . 2009-09-22 17:12 -------- d-----w- c:\program files\Trend Micro
2009-09-22 17:03 . 2009-09-23 07:14 -------- d-----w- c:\documents and settings\PaulBerry\.housecall6.6
2009-09-22 16:58 . 2009-09-22 16:59 -------- d-----w- C:\Reg Back up 230909
2009-09-22 16:57 . 2009-09-22 16:57 -------- d-----w- c:\program files\ERUNT
2009-09-22 16:48 . 2009-09-22 16:48 -------- d-----w- c:\documents and settings\PaulBerry\Application Data\Safer Networking
2009-09-22 15:00 . 2009-09-22 15:00 -------- d-----w- c:\program files\Safer Networking
2009-09-22 14:13 . 2009-09-23 14:37 0 ----a-r- c:\windows\win32k.sys
2009-09-19 17:38 . 2009-09-19 17:38 -------- d-----w- C:\Drivers
2009-09-12 16:07 . 2009-09-12 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-12 09:27 . 2009-09-12 09:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-12 09:26 . 2009-09-19 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-30 10:09 . 2009-09-22 14:33 -------- d-----w- c:\windows\system32\Terminator Salvation Skull dir

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 12:44 . 2008-05-31 09:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-24 12:44 . 2008-03-01 09:32 -------- d-----w- c:\documents and settings\PaulBerry\Application Data\MailWasherPro
2009-09-24 08:39 . 2008-12-13 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-23 12:41 . 2008-02-28 06:36 -------- d-----w- c:\program files\SpywareBlaster
2009-09-23 10:56 . 2008-10-08 07:08 -------- d-----w- c:\program files\AVG
2009-09-23 04:36 . 2009-05-01 12:24 -------- d-----w- c:\program files\AskBarDis
2009-09-23 04:29 . 2008-02-28 06:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-22 15:10 . 2008-02-28 06:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-22 15:06 . 2008-06-14 08:44 -------- d-----w- c:\program files\Google
2009-09-19 17:37 . 2009-07-04 06:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-09-04 03:11 . 2009-06-28 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-18 10:36 . 2008-02-28 06:35 -------- d-----w- c:\program files\Java
2009-08-16 23:45 . 2009-01-28 23:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 23:45 . 2008-10-08 07:08 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 23:45 . 2008-02-28 06:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-13 21:28 . 2009-09-23 07:32 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-11 06:26 . 2008-08-13 07:34 109368 ----a-w- c:\documents and settings\Tayla & Carla\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 18:01 . 2009-08-05 18:01 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-07-24 19:53 . 2008-12-21 14:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-13 14:13 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-04 06:50 . 2008-02-28 07:51 109368 ----a-w- c:\documents and settings\PaulBerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2004-10-01 05:30 . 2008-09-13 08:31 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 00:25 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-08-08 2980800]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\2\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-08-17 81000]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-22 1181064]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\Tayla & Carla\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\PaulBerry\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2008-3-1 17846152]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 23:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Uniblue RegistryBooster 2009"=c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe /S
"UniblueSpeedUpMyPC"=c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe -minimize
"PopRock"=c:\docume~1\PAULBE~1\LOCALS~1\Temp\a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [23/09/2009 5:02 PM 206256]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23/09/2009 3:19 PM 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/10/2008 4:38 PM 335240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/09/2009 3:19 PM 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [29/01/2009 8:51 AM 297752]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [23/09/2009 5:00 PM 348752]
R2 SDisTestService;SpybotSnD Distributed Testing;c:\program files\SDistTest\SDistTestSvc.exe [23/09/2009 3:00 AM 907680]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13/04/2009 11:59 AM 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13/04/2009 11:59 AM 8320]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 03:04]

2009-09-24 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-06-09 06:05]

2009-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-13 04:13]

2009-02-12 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-09-22 06:01]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\PaulBerry\Application Data\Mozilla\Firefox\Profiles\h0mw0ypy.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p=
FF - component: c:\documents and settings\PaulBerry\Application Data\Mozilla\Firefox\Profiles\h0mw0ypy.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

.
- - - - ORPHANS REMOVED - - - -

AddRemove-Nero - Burning Rom!UninstallKey - e:\nero\nero\uninstall\UNNERO.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 22:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(1776)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\searchindexer.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-24 22:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-24 12:47

Pre-Run: 245,680,558,080 bytes free
Post-Run: 245,815,296,000 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30

275 --- E O F --- 2009-09-23 08:09

[Paully]

Here is exehelper log

exeHelper by Raktor - 09
Build 20090923
Run at 23:47:47 on 09/25/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor - 09
Build 20090923
Run at 23:49:50 on 09/25/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

[Paully]

Running from: C:\Programme\Download\Program Downloads\Win32kDiag.exe

Log file at : C:\Documents and Settings\PaulBerry\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Cannot access: C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe

[1] 2004-10-14 09:34:54 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 10:34:54 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 10:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-15 04:04:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 10:34:54 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 13:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 18:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 13:46:40 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:05:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:05:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:28 716000 C:\WINDOWS\$hf_mig$\KB911164\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB920213\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB920342\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)

[1] 2008-11-16 02:48:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB925720\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:28 716000 C:\WINDOWS\$hf_mig$\KB925876\update\update.exe (Microsoft Corporation)

[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation)

[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB935448\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)

[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:56 716000 C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB942840\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:56 716000 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 20:50:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:56 716000 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:56 716000 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:09:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-04 00:55:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:09:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:09:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:09:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:56 716000 C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 22:32:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:09:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-16 02:48:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 21:10:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:09:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:09:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 22:32:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[tashi]

Paully, because of the number of posts in your thread (eight) it appeared you were already being assisted.

However: Do NOT run 'fixes' before helpers have analyzed the HJT log

FYI for future reference: Post here if still waiting for help in the Malware Forum, (AFTER) FOUR days

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

Best regards.