I was having a convosation with a friend over msn, when a message showing a link to a picture appeard in the convosation. I clicked on it, and it requested a download - I clicked cancel and it downloaded anyway.
Since then, my antivirus program, F-Secure, has been finding lots of viruses and trojans throughout the Windows/system32, type area.
Also, In Internet EXplorer, there has been new windows openning, such as gambling, loans, and pornographic pages.
Now, Cookies created by these pages are detecetd and removied by Spy-bot, however, this does not solve the problem.
I was browsing through Spy-bot functions, and founs BHOs, and System Processes.
In my BHO list, there where 5 unknown BHOs.
There was another 3 whith a green tick next to them, and they were msn sign-in help, google and yahoo.
I took the risk of deleting one of the 'unknowns' and F-Secure quickly identified it as a trojan.

Now, In my System Processes - aside from the System setting itself, there is several processes which are un-named, and ave very little decription, and link to each other. However, in contrast to all the other processes, there is lots of information, such as maker - e.g. Microsoft, Diskeeper, Spy-Bot S&D.

I didn't want to un the risk of harming my system, so thought better to ask for help. Any help would be appreciated. Thanks.

1363

This is my BHO report created by Spy-bot.

1364

This is my System Processes report, created by Spy-bot.

Any help would be brilliant.

Also, another thing, I might have a Vundo trojan for my BHOs.
I have had my anti-virus detect 2 BHOs as viruses.
:sad: :sad:

Sorry -

BHO log -
Note : One BHO cannot be removed using Spy-bot. It is in BLACK.


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-09-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-18 Includes\Cookies.sbi
2006-12-08 Includes\Dialer.sbi
2007-04-18 Includes\DialerC.sbi
2007-04-04 Includes\Hijackers.sbi
2007-04-18 Includes\HijackersC.sbi
2006-10-27 Includes\Keyloggers.sbi
2007-04-18 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2007-03-21 Includes\Malware.sbi
2007-04-18 Includes\MalwareC.sbi
2007-03-21 Includes\PUPS.sbi
2007-04-18 Includes\PUPSC.sbi
2007-04-18 Includes\Revision.sbi
2006-12-08 Includes\Security.sbi
2007-04-18 Includes\SecurityC.sbi
2007-03-21 Includes\Spybots.sbi
2007-04-18 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2007-04-11 Includes\Trojans.sbi
2007-04-18 Includes\TrojansC.sbi

{02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
BHO name:
CLSID name: Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn3\
Long name: yt.dll
Short name:
Date (created): 04/11/2006 20:51:14
Date (last access): 21/04/2007 21:32:10
Date (last write): 29/09/2006 13:53:18
Filesize: 440384
Attributes: archive
MD5: 045EFAAE4617C8883DFC840C6685C390
CRC32: 06B9C4ED
Version: 2006.9.29.1

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 18/12/2006 05:16:42
Date (last access): 21/04/2007 21:54:54
Date (last write): 18/12/2006 05:16:42
Filesize: 59032
Attributes: archive
MD5: 4EA3A6CD9D20584FFAFDB1E47DBF0E20
CRC32: 7B0A854F
Version: 7.0.9.50

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\ANTI-V~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 12/05/2004 01:03:00
Date (last access): 21/04/2007 21:50:34
Date (last write): 31/05/2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 07/07/2006 12:29:52
Date (last access): 21/04/2007 21:45:56
Date (last write): 07/07/2006 12:29:52
Filesize: 324416
Attributes: archive
MD5: 52A70C80A446FA3BBCDAF59A9AB26AF4
CRC32: B1456034
Version: 4.0.249.1

{970D022E-A884-4D2A-BB4A-EBC22D2FEBD2} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: cbxwtrq.dll
Short name:
Date (created): 10/04/2007 21:50:50
Date (last access): 21/04/2007 21:29:40
Date (last write): 10/04/2007 21:50:50
Filesize: 26694
Attributes: archive
MD5: CBB2E98D616E28B832F3989B344E3E78
CRC32: 6641482F

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar4.dll
Short name: GOOGLE~4.DLL
Date (created): 26/01/2007 08:47:14
Date (last access): 21/04/2007 21:45:54
Date (last write): 20/01/2007 00:55:32
Filesize: 2403392
Attributes: readonly archive
MD5: 6319F2D4708DBCAE37CFA03DA10782C0
CRC32: D51D8296
Version: 4.0.1601.4978

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSN Search Toolbar Helper)
BHO name:
CLSID name: MSN Search Toolbar Helper
Path: C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\
Long name: msntb.dll
Short name:
Date (created): 15/06/2005 20:02:08
Date (last access): 21/04/2007 21:29:48
Date (last write): 15/06/2005 20:02:08
Filesize: 577232
Attributes: archive
MD5: 361B861B3975418B079D1C12B07D6A52
CRC32: 22B1AA51
Version: 2.5.0.1082

{EDCBE08C-BA61-46FB-86E9-357247EC5A2E} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: pmnnk.dll
Short name:
Date (created): 17/04/2007 19:56:38
Date (last access): 21/04/2007 21:09:46
Date (last write): 17/04/2007 19:56:40
Filesize: 281172
Attributes: hidden sysfile
MD5: 8805ACDC7DA976A73F943CCFD1874849
CRC32: E816CCBF

System Proccess:


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-09-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-18 Includes\Cookies.sbi
2006-12-08 Includes\Dialer.sbi
2007-04-18 Includes\DialerC.sbi
2007-04-04 Includes\Hijackers.sbi
2007-04-18 Includes\HijackersC.sbi
2006-10-27 Includes\Keyloggers.sbi
2007-04-18 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2007-03-21 Includes\Malware.sbi
2007-04-18 Includes\MalwareC.sbi
2007-03-21 Includes\PUPS.sbi
2007-04-18 Includes\PUPSC.sbi
2007-04-18 Includes\Revision.sbi
2006-12-08 Includes\Security.sbi
2007-04-18 Includes\SecurityC.sbi
2007-03-21 Includes\Spybots.sbi
2007-04-18 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2007-04-11 Includes\Trojans.sbi
2007-04-18 Includes\TrojansC.sbi

PID: 0 ( 0) [System]
PID: 700 ( 4) \SystemRoot\System32\smss.exe
PID: 756 ( 700) \??\C:\WINDOWS\system32\csrss.exe
PID: 780 ( 700) \??\C:\WINDOWS\system32\winlogon.exe
PID: 824 ( 780) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 836 ( 780) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1008 ( 824) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1080 ( 824) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1184 ( 824) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1204 ( 824) C:\Program Files\Ahead\InCD\InCDsrv.exe
size: 1192050
MD5: 1C5622809694604167EF6EE991F4965E
PID: 1292 ( 824) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1444 ( 824) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1608 ( 824) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 404 ( 824) C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
size: 36903
MD5: A619A77C14E76AC387CF01288FF291DC
PID: 420 ( 824) C:\WINDOWS\system32\crypserv.exe
size: 52224
MD5: 85A6662B5F12B84D599A74119F04B381
PID: 448 ( 824) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
size: 765952
MD5: B09DF4AE62909CED13EB2DCDB612FAFE
PID: 504 ( 824) C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
size: 36947
MD5: 237A88D8AF60024CB91CB5D7903B3CC9
PID: 528 ( 504) C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
size: 290304
MD5: 8F78E6C547071B95D7D17F6D8B708926
PID: 552 ( 824) C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
size: 278581
MD5: D12006C7A59CD32442344D411A4ECC40
PID: 608 ( 528) C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
size: 248320
MD5: 3B4D0D6DAC74BC6CEBCA11F88EBB6528
PID: 1140 ( 824) C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
size: 61490
MD5: A796880CED6D0849E0D8DFC35821D931
PID: 1176 (1140) C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
size: 180274
MD5: 7DC7D1F5E4F27B13FA3954B848860D36
PID: 1288 ( 824) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 1348 (1140) C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
size: 65585
MD5: 872F3321742B9F679255BB9A031C4121
PID: 1700 ( 824) C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
size: 187168
MD5: 3FF58BEE45EF10F2FEEB6D2A64153E50
PID: 1956 (1140) C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
size: 270387
MD5: F5937DD8CDFA5160D84B22C504B32806
PID: 1972 (1140) C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
size: 32826
MD5: 69118DA5CACB250D06389287DDC1BF45
PID: 2012 (1140) C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
size: 159804
MD5: E32C981D8CB776B68CEEAC49DC7D8273
PID: 2028 (1140) C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
size: 139319
MD5: B7B424E203C526A93ADEBB871E3C0A3D
PID: 2624 ( 824) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2676 ( 824) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 2720 ( 824) C:\WINDOWS\system32\UAService7.exe
size: 126976
MD5: 0EDFE36E05A62888EFF6D97AE494B2A5
PID: 3004 (1140) C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
size: 180224
MD5: D680E8EF997361114DF93BB268CE3C63
PID: 3368 ( 824) C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
size: 61498
MD5: AC51C2E22EC58223B3DA1154DD0484F4
PID: 3408 ( 824) C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
size: 204863
MD5: C81474EFD014D51C8A1B17129F8D4DEB
PID: 3720 ( 824) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3456 ( 824) C:\Program Files\iPod\bin\iPodService.exe
size: 500800
MD5: 661194608009B558DE1925C7EBE1A4BA
PID: 11292 ( 824) C:\Program Files\MSN Messenger\usnsvc.exe
size: 97136
MD5: C5B70A6AA947667CE0E5FC84A05EC8B6
PID: 12184 (26380) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 18960 (12184) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
MD5: 915A106A2FB87292CEF0AD4F36ADF313
PID: 16984 (12184) C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
size: 49152
MD5: 1D0F6AEACEDDDA839EEB6AF0E9DB9F9B
PID: 23884 (12184) C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
size: 866816
MD5: D40191AA225638AB20E59524CDD74030
PID: 20200 (12184) C:\Program Files\Ahead\InCD\InCD.exe
size: 1450096
MD5: 833D5E9603947F735D5C264BAA6D255A
PID: 26488 (12184) C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
size: 75520
MD5: EDF5D27C6D244740418903626DF5741A
PID: 23040 (12184) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 3CF6BFF887AF6F733473D81A8921A5C5
PID: 26212 (12184) C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
size: 356352
MD5: 329F9DE88C88917E08F7F3D75704F23B
PID: 6344 (12184) C:\WINDOWS\vVX3000.exe
size: 994080
MD5: B3D143EF670569CDF5A4C4E20B65B277
PID: 28508 (20604) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 29204 (12184) C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
size: 122929
MD5: 855E795383BED05C481575BD0C1C0D37
PID: 30296 (12184) C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: 30E1F03DCC8825988528D9058312EDE2
PID: 13332 (29204) C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
size: 86064
MD5: A38CCE2B6C770CC26755D790E0F59F10
PID: 31304 (12184) C:\Program Files\iTunes\iTunesHelper.exe
size: 257088
MD5: B0E9EFADF04E9E25C0001B48757F3E71
PID: 32056 (12184) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 3512 (29204) C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
size: 233537
MD5: 63A3D48CFAFA534B2F48DAB91BD6B618
PID: 30964 (12184) C:\Program Files\Anti-Virus, Computer Clean-up, Malware detectors, etc\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496EEE0DDBE485F658693826F44D38
PID: 24216 (12184) C:\Program Files\Exif Launcher\QuickDCF.exe
size: 29696
MD5: 57A47AC444416B9E34EA7C221D9CF994
PID: 21572 (12184) C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
size: 36903
MD5: A619A77C14E76AC387CF01288FF291DC
PID: 30608 (12184) C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
size: 73728
MD5: 2D7B847DA5E569ED4E0B15FEEFB8FCC4
PID: 26512 (12184) C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
size: 53317
MD5: 5232D76D86FD285F5FA3C7CC7AD45093
PID: 31952 (1008) C:\Program Files\Common Files\Teleca Shared\Generic.exe
size: 385024
MD5: AC02CF51DCC71E97D1B602EE651518DB
PID: 19560 (1008) C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
size: 868352
MD5: 9AE089DFD4A11FDA99F1CFA23C3D11F3
PID: 28180 (12184) C:\Program Files\Anti-Virus, Computer Clean-up, Malware detectors, etc\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
PID: 15200 (26488) C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
size: 251648
MD5: 572BCED88BF2A1FBA0C2B10AC172F3DB
PID: 18928 ( 448) C:\Program Files\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe
size: 466944
MD5: 44B7BE07B30F5D178594CDC418203834
PID: 27772 (12184) C:\Program Files\MSN Messenger\msnmsgr.exe
size: 5674352
MD5: C4281AD865739E71FD1E4DAC19A68D60
PID: 24624 (12184) C:\Program Files\Mozilla Firefox\firefox.exe
size: 7633008
MD5: 7B4EFF333F1B963812F6BEDC06CA2758

Welcome to Safer Networking, if you still need help and are not receiving it elsewhere, it appears you have missed some important instructions our administrator has posted at the top of the forum, especially this: "BEFORE you POST" Mandatory Steps Before Requesting Assistance
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at own risk.
Please read and follow all instructions and post all required logs or reports, anything less will slow your process.
Use "Post Reply" to post the information in the instructions and stay in the same topic.

If it's Vundo, it's nasty and hard to remove. I will try to help, follow the directions.

Thanks

I don't mean to sound rude or annoying, but this is very complicated for me - a 15 year old.
I looked at the other link suggested, and panda is plaued by WinAntivirus pop-ups. I want to run the check, though, a WinAntivirus has the side bar occupied.
I don't trust panda, and i'm pretty sure I'll do something wrong.
Correct me if i'm wrong:

Put in e-mail address, i'l just make up another one and use it.
Click no in the panda scan, and scan.
Then, post the log in here - then do nothing until you reply?

I don't want to break anything, or screw my computer up, so is this what I need to do for the first step?
I'm well confused. :sad:

I understand and suggest you may want to seek help from someone with more computer knowledge. Those are the instructions we use at this forum to get the information we need to help. If you are positive this is the Vundo trojan, then you may look at this self-help tutorial:

http://forums.spybot.info/showthread.php?t=4394

Sooner or later there are complex instructions that will need to be followed, this is not an easy infection to get rid of.

I hope that helps

Thanks

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\mahycfva.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\cbxwtrq.dll
Spyware:spyware/virtumonde Not disinfected c:\windows\system32\ddaya.dll
Spyware:spyware/betterinet Not disinfected c:\windows\system32\in10b6s.dll
Dialer:dialer.db Not disinfected c:\windows\downloaded program files\msa64chk.inf
Spyware:spyware/web3000 Not disinfected c:\windows\hh.ico
Adware:adware/wupd Not disinfected Windows Registry
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adrian Moore\Cookies\adrian_moore@com[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Andrew Moore\Application Data\Mozilla\Firefox\Profiles\im304z16.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Andrew Moore\Application Data\Mozilla\Firefox\Profiles\im304z16.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Andrew Moore\Application Data\Mozilla\Firefox\Profiles\im304z16.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Andrew Moore\Application Data\Mozilla\Firefox\Profiles\im304z16.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Andrew Moore\Application Data\Mozilla\Firefox\Profiles\im304z16.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Andrew Moore\Application Data\Mozilla\Firefox\Profiles\im304z16.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Andrew Moore\Application Data\Mozilla\Firefox\Profiles\im304z16.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Andrew Moore\Application Data\Mozilla\Firefox\Profiles\im304z16.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Andrew Moore\Application Data\Mozilla\Firefox\Profiles\im304z16.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Andrew Moore\Application Data\Mozilla\Firefox\Profiles\im304z16.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Andrew Moore\Application Data\Mozilla\Firefox\Profiles\im304z16.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Andrew Moore\Application Data\Mozilla\Firefox\Profiles\im304z16.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Andrew Moore\Application Data\Mozilla\Firefox\Profiles\im304z16.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Andrew Moore\Application Data\Mozilla\Firefox\Profiles\im304z16.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Andrew Moore\Application Data\Mozilla\Firefox\Profiles\im304z16.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Andrew Moore\Cookies\andrew_moore@azjmp[1].txt
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Uninstall My Web Search.dll
Virus:Trj/Agent.CAV Disinfected C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ddcdcyx.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\idnuhwjp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\jxlqwkqb.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ngsyfnig.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\qtemuqkc.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tetwbngq.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\utslkajj.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vnrtvqon.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wyisnedl.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xjjmiubp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\yurigmvt.dll.bak

I thought it was one or two problems, but Panda shows:

1 Virus - disinfected
34 Spyware
1 Dialer
1 Rootkit

:sad: :sad:
What do I do now? (Daft question, but you know - want to do it right)

OK, we are making progress and you do have a Vundo infection. You should keep this computer offline except when you are working on the troubleshooting. I need the HijackThis log and we will be able to get started removing the junk. Look at any of the other topics, they all include a HijackThis log. Read the "Before you Post" instructions again. Here are a few different looks at how to post a HJT log.
http://forums.security-central.us/showthread.php?t=112for
http://russelltexas.com/malware/createhjtfolder.htm
http://www.bleepingcomputer.com/forums/tutorial94.html

This is a self-extracting download if that will help:
Download a self-extracting copy of HijackThis from :-
http://downloads.malwareremoval.com/hijackthis_sfx.exe
1. save it to your Desktop.
2. Double-click on the file hijackthis_sfx.exe and it will self-extract into its own folder,
C:\Program Files\HijackThis
3. Go to this folder and run the hijackthis.exe file
4. click Do a system scan and save a logfile
5. Copy & paste the logfile into your next post here...

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 21:27:11, on 23/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Anti-Virus, Computer Clean-up, Malware detectors, etc\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\yurigmvt.dll",setvm
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\mahycfva.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Anti-Virus, Computer Clean-up, Malware detectors, etc\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cambridgesoft.webex.com/client/v_mywebex-t20-localized/webex/ieatgpc.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

What now?

This one is hard to remove but you can do it if you follow the directions:
Here is some information about the junk you can view later if you wish:
http://www.networkworld.com/news/2007/030807-mystery-around-winfixer-slowly-unravels.html
http://www.youtube.com/watch?v=zBUZHiKhsog


Please understand these hackers can call there junk anything they wish. Vundofix may not know the files at first, but it will learn. You want to run the fix until you see all Vundo files say: "Has been deleted"

Thanks to Atribune and any others who helped with this fix.

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

(this part is important, if there are files that Vundofix can't remove then click the link and follow the directions to upload the files. Atribune will add them to the fix and a while later you will be able to kill the junk. If Vundofix is able to delete everything, follow the directions)

If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com

I need to see the Vundofix report and a new HJT log.

Thanks

The Page won't load in Firefox or In Interne Explorer.

I am having the same problem: http://www.atribune.org/ccount/click.php?id=4
even the website is down: http://www.atribune.org/
Try it every couple of hours and I will also.

This is the best tool to remove the junk. Do not use Firefox, many tools will not run on it because they are written for IE.

Thanks

Results of Vundo Scan:


VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 18:43:44 24/04/2007

Listing files found while scanning....

C:\WINDOWS\system32\knnmp.bak1
C:\WINDOWS\system32\knnmp.bak2
C:\WINDOWS\system32\knnmp.ini
C:\WINDOWS\system32\knnmp.ini2
C:\WINDOWS\system32\knnmp.tmp
C:\WINDOWS\system32\pmnnk.dll

Beginning removal...

VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 19:12:59 24/04/2007

Listing files found while scanning....

C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\cbxwtrq.dll
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\ddcdcyx.dll
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\dylvwxux.dll
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\idnuhwjp.dll
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jxlqwkqb.dll
C:\WINDOWS\system32\ngsyfnig.dll
C:\WINDOWS\system32\pmnnk.dll
C:\WINDOWS\system32\qtemuqkc.dll
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\tetwbngq.dll
C:\WINDOWS\system32\utslkajj.dll
C:\WINDOWS\system32\vnrtvqon.dll
C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\wyisnedl.dll
C:\WINDOWS\system32\xjjmiubp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwtrq.dll
C:\WINDOWS\system32\cbxwtrq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddaya.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\ddcca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcdcyx.dll
C:\WINDOWS\system32\ddcdcyx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\ddcyw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geebx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\idnuhwjp.dll
C:\WINDOWS\system32\idnuhwjp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jkhfc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jxlqwkqb.dll
C:\WINDOWS\system32\jxlqwkqb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ngsyfnig.dll
C:\WINDOWS\system32\ngsyfnig.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnk.dll
C:\WINDOWS\system32\pmnnk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtemuqkc.dll
C:\WINDOWS\system32\qtemuqkc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\ssttt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tetwbngq.dll
C:\WINDOWS\system32\tetwbngq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\utslkajj.dll
C:\WINDOWS\system32\utslkajj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vnrtvqon.dll
C:\WINDOWS\system32\vnrtvqon.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\vtutq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wyisnedl.dll
C:\WINDOWS\system32\wyisnedl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xjjmiubp.dll
C:\WINDOWS\system32\xjjmiubp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbxwtrq.dll
C:\WINDOWS\system32\cbxwtrq.dll Has been deleted!

Performing Repairs to the registry.
Done!

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 19:36:03, on 24/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Anti-Virus, Computer Clean-up, Malware detectors, etc\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ANTI-V~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {74843C4A-572D-4EFD-9D4A-5BA083240AC6} - C:\WINDOWS\system32\pmnnk.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\yurigmvt.dll",setvm
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\mahycfva.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Anti-Virus, Computer Clean-up, Malware detectors, etc\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cambridgesoft.webex.com/client/v_mywebex-t20-localized/webex/ieatgpc.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Note:
VundoFix ran when the computer was re-started, and then restarted - with one file it couldn't fix the first time still there.
Once it re-booted for the secodn time, it didn't ru, but two windows keep popping up saying 2 files cannot be oppened - which is god, because my anti-virus program sorted them out.

Does this mean that my computer is sorted?

Does this mean that my computer is sorted?
I am looking now, but we have a little more to do. First you saw the fix indicated you are running old version of Java:

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.See this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
Follow these instructions so I can take a look:

1) Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.

2) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.

3) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

4) TeaTimer will block the changes we must make, follow these instruction to turn it off:
http://russelltexas.com/malware/teatimer.htm

5) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {74843C4A-572D-4EFD-9D4A-5BA083240AC6} - C:\WINDOWS\system32\pmnnk.dll (file missing)
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\yurigmvt.dll",setvm
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\mahycfva.dll",setvm
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab

Close all programs but HJT and all browser windows, then click on "Fix Checked"

6) RIGHT Click on Start then click on Explore. Locate and delete these items:

(this is very important, until these files are gone, you are still infected)

C:\WINDOWS\system32\yurigmvt.dll <<< delete that file
C:\WINDOWS\system32\mahycfva.dll <<< delete that file

7) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post the uninstall list, a new HJT log and let me know how your computer is running now.

Thanks

This is the uninstall_list - edited: old java versions removed.

123 Free Solitaire
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 7.0.9
AirXonix version 1.37
AOpen FM56-PLX Controllerless PCI Modem
Apple Software Update
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
AviSynth 2.5
Canon CanoScan Toolbox 4.1
Championship Manager 2006
Collins English Dictionary And Thesaurus
Corel Uninstaller
CS ChemDraw Std 4.5
CutePDF Writer 2.3
Disc2Phone
Diskeeper Home Edition
Docudesk GPL Ghostscript 8.1
DP Editor Ver.1.0
Easiteach Maths
Encyclopaedia Britannica Concise Edition CD
EndNote
Exif Launcher Ver.1.0
Exif Viewer Ver.1.0
Free Solitaire
F-Secure Internet Security 2006
Google Earth
Google Toolbar for Internet Explorer
Hamsterball Gold 3.10
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
IE Privacy Keeper
Image Transfer
ImageMixer for Sony
InCD
Intel(R) PRO Network Adapters and Drivers
InterActual Player
iPod for Windows 2005-03-23
iPod for Windows 2005-10-12
ISI ResearchSoft - Export Helper
iTunes
Java(TM) SE Runtime Environment 6 Update 1
Macromedia Shockwave Player
Manual CanoScan 5000,5000F,8000F
MDL Chime/Chime Pro for Internet Explorer
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft AutoRoute Express Europe 2000
Microsoft Creative Writer 2
Microsoft Data Access Components KB870669
Microsoft Encarta 98 Encyclopedia
Microsoft Home Publishing 2000
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft Money 5.0
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Pinball Arcade
Microsoft Plus! for Kids
Microsoft Publisher 97
Microsoft Works 2000
Microsoft Works 2000 Setup Launcher
MicroStaff WINASPI
Mozilla Firefox (2.0.0.3)
MSN Search Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
Nero Media Player
Nero OEM
Nero Suite
Network Play System (Patching)
OmniPage SE
Paint Shop Pro 4.15 SE
Panda ActiveScan
Picasa 2
PowerDVD
Presto! PageManager 6
PSP Video 9 1.74
QuickTime
RealPlayer
Rome - Total War(TM)
Rome Total War - patch 1.3
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Shockwave
Sony Ericsson PC Suite 1.20.173
Sony USB Driver
SpeedTouch USB Software
StuffIt Standard
The Sims Livin' it up
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Wanadoo Search Toolbar
Web Publishing Wizard
WebEx
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
Wolfenstein - Enemy Territory
Yahoo! Anti-Spy
Yahoo! Install Manager
Yahoo! Toolbar for Internet Explorer

Uninstall list:

Messenger Plus! Live <<< be careful with this junk, here...read about it:
http://inetexplorer.mvps.org/data/lop.htm

Lop.com is installed as the Sponsor Program for Messenger Plus!

Everything else looks OK as far as I can tell. I do not know all of your programs. You should take a look and make sure nothing is there you do not know, and consider removing anything you no long need.

Let me see the HijackThis log I requested and let me know how the computer if running.

Thanks

New HijackThis Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 23:05:42, on 24/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Anti-Virus, Computer Clean-up, Malware detectors, etc\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ANTI-V~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {74843C4A-572D-4EFD-9D4A-5BA083240AC6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Anti-Virus, Computer Clean-up, Malware detectors, etc\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cambridgesoft.webex.com/client/v_mywebex-t20-localized/webex/ieatgpc.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

I have re-set all settings changed, and all that.
System seems fine, though if there is any problems I will notify you.
One thing, more like two:
In HijackThis, Back-ups, are some of the files that you told to erase (well tick in the checker). Do I remove these too?

And for some reason, the F-Secure mini-bar on the bottom right is gone?
It's still on the pc, but its strange how its just 'gone'.
The BHOs are gone, and all seems fine.
Great job, and thanks again.
:bigthumb:

One dead line still there, it's not malware, use HJT to remove it but remember, TeaTimer will block the change:
O2 - BHO: (no name) - {74843C4A-572D-4EFD-9D4A-5BA083240AC6} - (no file)
this is still there >> O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} here is information:
http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW%5FPOP%2EA

It is probably TeaTimer keeping that one there also. I have had to uninstall Spybot, remove the stuff and reinstall Spybot at times. If you want the junk gone, do what you need to get rid of it.

The backups in HJT, I don't mention them in case a nervous user removes something they should not have, so I can put it back. If you look and see nothing you might need, then clean out the backups. Delete all other tools with the exception of ATF-Cleaner, you may keep that nice little tool if you wish.

Can't tell you about the F-Secure item, at times malware will make a lot of changes in the antivirus program, you may want to check with F-Secure to see if they want to to install the program again.

Let's do this now: System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.