Spybot found 42 problems - among them virtumonde. It crashed when I clicked 'fix selected items'.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:29:03, on 28/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\jryigbok.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Dot1XCfg\Dot1XCfg .exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hannah Whiteoak\Desktop\h_j_t.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cam.ac.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
F3 - REG:win.ini: load=C:\WINDOWS\system32\geedc.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {c46a51e3-d531-5a1b-0054-83b1d09cc5b3} - {3b5cc90d-1b38-4500-b1a5-135d3e15a64c} - C:\WINDOWS\system32\vnaovbmp.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {B86EAFB6-D8CE-4C90-90C5-33501E72D55D} - C:\WINDOWS\system32\geedc.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\SYSTEM32\WSBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [b4205414] rundll32.exe "C:\WINDOWS\system32\piiarrsm.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\WINDOWS\SYSTEM32\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\jryigbok.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\profsyvy.html

--

The spybot report is attached.

I've tried removing some of the files (geedc.dll, and .exe) manually, but they keep coming back. My computer is slow and frequent error messages appear.

Any help would be appreciated.

T

I apologize for the delay in getting to your log, the helpers here have been very busy lately. If you still need assistance, please post a fresh HijackThis log for review and I will take a look for you :)

Thanks, RiP!

Here is the new log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:15:43, on 01/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Dot1XCfg\Dot1XCfg .exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Hannah Whiteoak\Desktop\h_j_t.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cam.ac.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
F3 - REG:win.ini: load=C:\WINDOWS\system32\geedc.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2677CAC4-7935-4FC7-9350-57E0808176B3} - C:\WINDOWS\system32\geedc.dll
O2 - BHO: {a1bc9463-68a2-54d8-4134-40bc96fc3e55} - {55e3cf69-cb04-4314-8d45-2a863649cb1a} - C:\WINDOWS\system32\vtncajcb.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\aokyyuhf.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\SYSTEM32\WSBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [b4205414] rundll32.exe "C:\WINDOWS\system32\plosmsre.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\WINDOWS\SYSTEM32\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: aokyyuhf - C:\WINDOWS\SYSTEM32\aokyyuhf.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jryigbok.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\profsyvy.html

--

Hello tulip :)

Your version of HJT is out of date.

Please download the self-extracting version of HijackThis from here:

HijackThis Installer Download (http://www.bleepingcomputer.com/files/hijackthis-installer.php)

Save HJTInstall.exe to your desktop.

Double-click the file then click the Install button.

The file will be extracted to C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
A shortcut for future use will also be created on your desktop and the Intro Frame of HijackThis will open.

Click Do a system scan and save a log file. Copy the entire contents of that log and post it here by clicking the Add Reply button.

Please use the shortcut to run the extracted HijackThis.exe from now on. Delete any copies of HijackThis.zip that you have saved.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Combofix log - I'm splitting over two posts as it's too long:

ComboFix 08-02.02.5 - Hannah Whiteoak 2008-02-02 8:37:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.190 [GMT 0:00]
Running from: C:\Documents and Settings\Hannah Whiteoak\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\geedc.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Temporary
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows NT\profsyvy.html
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b122.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\system32\aokyyuhf.dll
C:\WINDOWS\system32\aokyyuhf.dll . . . . failed to delete
C:\WINDOWS\system32\aokyyuhf.dllbox
C:\WINDOWS\SYSTEM32\cdeeg.ini
C:\WINDOWS\SYSTEM32\cdeeg.ini2
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\SYSTEM32\ersmsolp.ini
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\geedc.exe
C:\WINDOWS\system32\htgslygt.dll
C:\WINDOWS\system32\iaahnlmm.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\mmlnhaai.ini
C:\WINDOWS\system32\modltjxq.dll
C:\WINDOWS\SYSTEM32\msrraiip.ini
C:\WINDOWS\system32\nevqedax.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\SYSTEM32\psavyael.ini
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\RCX29.tmp
C:\WINDOWS\system32\vtncajcb.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wtssvcc.exe
C:\WINDOWS\tk58.exe

----- BITS: Possible infected sites -----

hxxp://newn-sus.newn.cam.ac.uk
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NPF
-------\DomainService
-------\NPF


((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-02-02 09:05 . 2008-02-02 09:06 134 ---hs---- C:\WINDOWS\SYSTEM32\aokyyuhf.dllbox
2008-02-02 08:23 . 2008-02-02 08:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-31 11:33 . 2008-01-31 11:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-31 11:33 . 2008-01-31 11:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-30 18:21 . 2008-02-02 08:58 163,904 --a------ C:\WINDOWS\SYSTEM32\aokyyuhf.dll
2008-01-28 20:34 . 2008-01-28 20:34 1,584,836 --a------ C:\ComboFix.exe
2008-01-28 20:22 . 2008-01-28 20:21 132,608 --a------ C:\VundoFix.exe
2008-01-28 19:35 . 2008-01-28 20:13 <DIR> d-------- C:\VundoFix Backups
2008-01-28 08:56 . 2008-01-28 08:56 74,304 --a------ C:\WINDOWS\SYSTEM32\jryigbok.exe_tobedeleted_old_tobedeleted_old
2008-01-26 16:48 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\SYSTEM32\ActiveSkin.ocx
2008-01-26 16:48 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
2008-01-26 16:48 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
2008-01-25 19:50 . 2008-01-25 19:50 0 --a------ C:\WINDOWS\dwidp.INI
2008-01-25 19:43 . 2008-01-25 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Miktex
2008-01-25 18:28 . 2008-01-25 18:29 <DIR> d-------- C:\Documents and Settings\Hannah Whiteoak\Application Data\cronometer
2008-01-25 18:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-01-25 18:23 . 2008-01-25 18:23 <DIR> d-------- C:\Program Files\CRON-O-METER
2008-01-20 10:00 . 2008-02-02 08:54 <DIR> d-------- C:\Program Files\Unlocker
2008-01-19 12:55 . 2008-01-19 12:55 <DIR> d-------- C:\Program Files\Alex Feinman
2008-01-19 12:43 . 2008-01-19 12:48 731,594,752 --a------ C:\KNOPPIX_V5.1.0CD-2006-12-30-EN.iso
2008-01-19 12:41 . 2008-01-19 12:43 <DIR> d-------- C:\bcd
2008-01-19 12:38 . 2008-01-19 12:39 1,523,568 --a------ C:\bfd107.zip
2008-01-19 12:17 . 2008-01-20 11:39 <DIR> d-------- C:\Documents and Settings\Hannah Whiteoak\Application Data\wsInspector
2008-01-19 12:14 . 2008-01-19 12:15 <DIR> d-------- C:\Program Files\Startup Inspector for Windows
2008-01-19 12:14 . 2008-01-19 12:14 685,988 --a------ C:\isw2.exe
2008-01-17 18:50 . 2007-09-24 15:54 1,500 --a------ C:\newn-sus.reg
2008-01-17 18:50 . 2007-09-24 15:54 598 --a------ C:\restore-av-startup.reg
2008-01-17 18:50 . 2007-09-24 15:54 228 --a------ C:\disable-sus.reg
2008-01-15 18:51 . 2008-01-15 18:52 714 --ahs---- C:\WINDOWS\SYSTEM32\wbywwvft.ini
2008-01-14 20:10 . 2008-01-19 10:46 381,440 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-01-14 18:30 . 2008-01-15 18:51 654 --ahs---- C:\WINDOWS\SYSTEM32\daklwkgs.ini
2008-01-13 18:11 . 2008-01-14 18:22 354 --ahs---- C:\WINDOWS\SYSTEM32\rolkecrt.ini
2008-01-13 17:36 . 2008-01-13 17:36 268 --ah----- C:\sqmdata01.sqm
2008-01-13 17:36 . 2008-01-13 17:36 244 --ah----- C:\sqmnoopt01.sqm
2008-01-13 17:27 . 2008-01-13 17:27 <DIR> d-------- C:\Documents and Settings\James Shepherd\Application Data\Windows Desktop Search
2008-01-13 17:26 . 2008-01-16 18:20 174,592 --a------ C:\WINDOWS\SYSTEM32\lexpps .exe
2008-01-12 18:10 . 2008-01-13 09:31 354 --ahs---- C:\WINDOWS\SYSTEM32\mainbytt.ini
2008-01-09 15:33 . 2008-01-28 18:35 155,648 --a------ C:\WINDOWS\SYSTEM32\igfxtray .exe
2008-01-09 15:33 . 2008-01-28 18:35 118,784 --a------ C:\WINDOWS\SYSTEM32\hkcmd .exe
2008-01-09 15:33 . 2008-02-01 18:13 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon .exe
2008-01-09 15:24 . 2008-02-02 08:54 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-09 15:17 . 2008-01-09 15:17 <DIR> d-------- C:\WINDOWS\SYSTEM32\pe2
2008-01-09 15:17 . 2008-01-09 15:17 <DIR> d-------- C:\WINDOWS\SYSTEM32\ka8
2008-01-09 15:17 . 2008-01-09 15:17 <DIR> d--hs---- C:\WINDOWS\SGFubmFoIFdoaXRlb2Fr
2008-01-09 15:16 . 2008-01-09 15:16 <DIR> d-------- C:\WINDOWS\SYSTEM32\edcA01
2008-01-09 15:16 . 2008-01-09 15:17 <DIR> d-------- C:\Temp\Ryuan1
2008-01-09 15:16 . 2008-02-02 08:39 <DIR> d-------- C:\Temp
2008-01-08 13:19 . 2008-01-08 13:19 <DIR> d-------- C:\Program Files\PixiePack Codec Pack
2008-01-08 13:15 . 2008-01-09 15:33 <DIR> d-------- C:\Documents and Settings\Hannah Whiteoak\Application Data\Tunebite
2008-01-08 13:15 . 2007-12-11 09:52 26,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tbhsd.sys
2008-01-08 13:14 . 2008-01-08 13:14 <DIR> d-------- C:\Program Files\RapidSolution
2008-01-08 13:14 . 2008-01-08 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-01-08 13:02 . 2008-01-08 13:03 <DIR> d-------- C:\Program Files\MP3 Player Utilities 4.15
2008-01-08 11:21 . 2004-08-20 14:50 159,744 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 08:54 --------- d-----w C:\Program Files\MSN Messenger
2008-02-02 08:54 --------- d-----w C:\Program Files\DellSupport
2008-02-02 08:29 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-01 17:22 --------- d-----w C:\Program Files\Napster
2008-01-28 20:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-28 18:33 --------- d-----w C:\Program Files\Apoint
2008-01-25 19:44 --------- d-----w C:\Program Files\TeXnicCenter
2008-01-25 19:43 --------- d-----w C:\Program Files\MiKTeX 2.5
2008-01-25 18:27 --------- d-----w C:\Program Files\Java
2008-01-19 10:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-17 07:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-16 23:41 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-11 19:19 --------- d-----w C:\Documents and Settings\Hannah Whiteoak\Application Data\Skype
2007-12-25 15:45 --------- d-----w C:\Program Files\Microsoft Games
2007-12-22 21:09 --------- d-----w C:\Documents and Settings\Hannah Whiteoak\Application Data\dvdcss
2007-02-27 17:49 492,277 -c--a-w C:\Documents and Settings\Hannah Whiteoak\fig07_26.exe
2006-08-19 08:59 24,192 -c--a-w C:\Documents and Settings\Hannah Whiteoak\usbsermptxp.sys
2006-08-19 08:59 22,768 -c--a-w C:\Documents and Settings\Hannah Whiteoak\usbsermpt.sys
2005-06-01 20:13 4,827,968 ----a-w C:\Program Files\Firefox Setup 1.0.4.exe
2005-08-02 16:46 187,904 --sha-r C:\WINDOWS\SGFubmFoIFdoaXRlb2Fr\asappsrv.dll
2005-08-02 16:58 293,888 --sha-r C:\WINDOWS\SGFubmFoIFdoaXRlb2Fr\command.exe
2005-07-29 16:24 472 --sha-r C:\WINDOWS\SGFubmFoIFdoaXRlb2Fr\m3IRvAICKIxCurl5vZIO.vbs
.

<pre>
----a-w 39,792 2008-01-19 12:05:59 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 155,648 2008-01-28 18:35:25 C:\Program Files\Apoint\Apoint .exe
----a-w 57,344 2008-02-02 08:18:24 C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w 983,040 2008-01-14 20:11:13 C:\Program Files\Dell\QuickSet\quickset .exe
----a-w 460,784 2008-01-15 08:45:05 C:\Program Files\DellSupport\DSAgnt .exe
----a-w 61,440 2008-02-02 08:18:30 C:\Program Files\Dot1XCfg\Dot1XCfg .exe
----a-w 1,836,544 2008-01-19 12:05:59 C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
----a-w 32,881 2008-01-25 17:19:49 C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
----a-w 132,496 2008-02-02 08:18:24 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 5,674,352 2008-01-27 08:15:10 C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w 94,208 2008-01-16 16:10:14 C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
----a-w 4,961,584 2008-01-09 15:33:30 C:\Program Files\RapidSolution\Tunebite\Tunebite .exe
----a-w 20,034,600 2008-01-11 19:15:10 C:\Program Files\Skype\Phone\Skype .exe
----a-w 15,872 2008-01-28 09:29:53 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-28 09:28:03 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-27 16:19:16 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-27 11:34:02 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-27 08:13:03 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-26 16:31:35 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-25 17:19:38 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-25 08:03:36 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-25 00:17:39 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-24 17:43:46 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-24 09:27:12 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-24 07:47:43 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-24 00:01:45 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-23 20:05:18 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-23 12:20:30 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-23 07:00:50 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-22 22:09:07 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-22 08:36:38 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-21 17:23:58 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-20 19:01:47 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-20 18:12:10 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-20 11:04:29 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-20 10:33:46 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 158,208 2008-01-13 09:31:36 C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\MSConfig .exe
----a-w 15,360 2008-02-01 18:13:48 C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w 118,784 2008-01-28 18:35:06 C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w 155,648 2008-01-28 18:35:03 C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w 174,592 2008-01-16 18:20:01 C:\WINDOWS\SYSTEM32\lexpps .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-02 08:58 163904 --a------ C:\WINDOWS\system32\aokyyuhf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2004-08-04 04:00 388608 C:\WINDOWS\SYSTEM32\CMD.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoStartMenuMorePrograms"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"MaxRecentDocs"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)
"NoTrayContextMenu"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aokyyuhf]
aokyyuhf.dll 2008-02-02 08:58 163904 C:\WINDOWS\SYSTEM32\aokyyuhf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 2004-01-12 05:55 110592 C:\WINDOWS\SYSTEM32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\SYSTEM32\DRIVERS\VCdRom.sys [2001-12-19 10:45]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-11-22 19:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\Windows\AutoRun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11c2fb60-c38a-11dc-86af-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1731e6b1-c4d9-11dc-86b6-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b743e25-0fe2-11db-9faa-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fb648f0-c3c9-11dc-86b0-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93025080-6e89-11dc-bc49-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c33f1000-0eac-11db-9fa9-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c84cd420-c438-11dc-86b2-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9390610-beca-11dc-8699-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e160cfc0-702d-11dc-bc4e-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0818cd1-cfb2-11d9-9b1e-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-29 08:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-29 18:38:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 09:06:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\aokyyuhf.dll
.

------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2008-02-02 9:18:22 - machine was rebooted [Hannah Whiteoak]
ComboFix-quarantined-files.txt 2008-02-02 09:18:12
.
2008-01-24 08:46:49 --- E O F ---

And here's the new Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:31:45, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cam.ac.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\aokyyuhf.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\SYSTEM32\WSBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\WINDOWS\SYSTEM32\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: aokyyuhf - C:\WINDOWS\SYSTEM32\aokyyuhf.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 8075 bytes

Thanks for helping me with this.

Hello tulip :)

1. Please open Notepad
Click Start , then Run
Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::
File::
C:\WINDOWS\SYSTEM32\aokyyuhf.dllbox
C:\WINDOWS\SYSTEM32\aokyyuhf.dll
C:\VundoFix.exe
C:\WINDOWS\SYSTEM32\jryigbok.exe_tobedeleted_old_tobedeleted_old
C:\WINDOWS\SYSTEM32\wbywwvft.ini
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\SYSTEM32\daklwkgs.ini
C:\WINDOWS\SYSTEM32\rolkecrt.ini

DirLook::
C:\Program Files\Dot1XCfg

Folder::
C:\VundoFix Backups
C:\WINDOWS\SYSTEM32\pe2
C:\WINDOWS\SYSTEM32\ka8
C:\WINDOWS\SGFubmFoIFdoaXRlb2Fr
C:\WINDOWS\SYSTEM32\edcA01
C:\Temp

RenV::
----a-w 39,792 2008-01-19 12:05:59 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 155,648 2008-01-28 18:35:25 C:\Program Files\Apoint\Apoint .exe
----a-w 57,344 2008-02-02 08:18:24 C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w 983,040 2008-01-14 20:11:13 C:\Program Files\Dell\QuickSet\quickset .exe
----a-w 460,784 2008-01-15 08:45:05 C:\Program Files\DellSupport\DSAgnt .exe
----a-w 61,440 2008-02-02 08:18:30 C:\Program Files\Dot1XCfg\Dot1XCfg .exe
----a-w 1,836,544 2008-01-19 12:05:59 C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
----a-w 32,881 2008-01-25 17:19:49 C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
----a-w 132,496 2008-02-02 08:18:24 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 5,674,352 2008-01-27 08:15:10 C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w 94,208 2008-01-16 16:10:14 C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
----a-w 4,961,584 2008-01-09 15:33:30 C:\Program Files\RapidSolution\Tunebite\Tunebite .exe
----a-w 20,034,600 2008-01-11 19:15:10 C:\Program Files\Skype\Phone\Skype .exe
----a-w 15,872 2008-01-28 09:29:53 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-28 09:28:03 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-27 16:19:16 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-27 11:34:02 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-27 08:13:03 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-26 16:31:35 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-25 17:19:38 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-25 08:03:36 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-25 00:17:39 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-24 17:43:46 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-24 09:27:12 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-24 07:47:43 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-24 00:01:45 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-23 20:05:18 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-23 12:20:30 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-23 07:00:50 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-22 22:09:07 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-22 08:36:38 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-21 17:23:58 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-20 19:01:47 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-20 18:12:10 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-20 11:04:29 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-20 10:33:46 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 158,208 2008-01-13 09:31:36 C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\MSConfig .exe
----a-w 15,360 2008-02-01 18:13:48 C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w 118,784 2008-01-28 18:35:06 C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w 155,648 2008-01-28 18:35:03 C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w 174,592 2008-01-16 18:20:01 C:\WINDOWS\SYSTEM32\lexpps .exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aokyyuhf]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
Combofix.txt
A new HijackThis log.
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

----------------------------------------------- Step 2

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System
Microsoft Windows XP Home Edition
Without Service Packs
http://www.microsoft.com/downloads/details...55-BD5AFEE126D8 (http://www.microsoft.com/downloads/details.aspx?FamilyID=E8FE6868-6E4F-471C-B455-BD5AFEE126D8)
Service Pack 1
http://www.microsoft.com/downloads/details...05-719F45C382A4 (http://www.microsoft.com/downloads/details.aspx?FamilyID=FBE5E4FC-695F-43E5-AF05-719F45C382A4)
Service Pack 2
http://www.microsoft.com/downloads/details...3D-81C2137FF464 (http://www.microsoft.com/downloads/details.aspx?FamilyId=15491F07-99F7-4A2D-983D-81C2137FF464)

Microsoft Windows XP Professional
Without Service Packs
http://www.microsoft.com/downloads/details...B7-4FED408EA73F (http://www.microsoft.com/downloads/details.aspx?FamilyID=55820EDB-5039-4955-BCB7-4FED408EA73F)
Service Pack 1
http://www.microsoft.com/downloads/details...C2-631504EF5E26 (http://www.microsoft.com/downloads/details.aspx?FamilyID=83F53BE9-28FA-40E8-8EC2-631504EF5E26)
Service Pack 2
http://www.microsoft.com/downloads/details...0C-0A0205368124 (http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124)

## Important ##
As we do not know the name of the file that's downloaded, you have to save the file as RC.exe to the root of SystemDrive e.g. C:\RC.exe



STEP #2

Download the latest copy of ComboFix.exe => http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Open notepad and copy/paste the text in the quotebox below into it:


RecoveryConsole::
C:\RC.EXE

Save this as "CFScript"


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\CF-RC.txt. Post that log in your next reply.


## Important ##
This is a precautionary measure. Please do not reboot the machine until we have reviewed the log & responded to you.

I have no Combofix.txt - but Combofix produced this log file (named log.txt) so I assume you mean that:

ComboFix 08-02.03.1 - Hannah Whiteoak 2008-02-04 19:03:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.279 [GMT 0:00]
Running from: C:\Documents and Settings\Hannah Whiteoak\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Hannah Whiteoak\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\VundoFix.exe
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\SYSTEM32\aokyyuhf.dll
C:\WINDOWS\SYSTEM32\aokyyuhf.dllbox
C:\WINDOWS\SYSTEM32\daklwkgs.ini
C:\WINDOWS\SYSTEM32\jryigbok.exe_tobedeleted_old_tobedeleted_old
C:\WINDOWS\SYSTEM32\rolkecrt.ini
C:\WINDOWS\SYSTEM32\wbywwvft.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp
C:\Temp\Ryuan1\tepU.log
C:\VundoFix Backups
C:\VundoFix Backups\cdeeg.ini.bad
C:\VundoFix Backups\cdeeg.ini2.bad
C:\VundoFix Backups\cebvpefl.exe.bad
C:\VundoFix Backups\cyxogavf.exe.bad
C:\VundoFix Backups\farrbjac.dll.bad
C:\VundoFix Backups\geedc.dll.bad
C:\VundoFix Backups\geedc.exe.bad
C:\VundoFix Backups\hkcmd.exe.bad
C:\VundoFix Backups\igfxtray.exe.bad
C:\VundoFix Backups\jryigbok.exe.bad
C:\VundoFix Backups\kbxydleb.dll.bad
C:\VundoFix Backups\kbxydleb.dllbox.bad
C:\VundoFix Backups\lcssladx.exe.bad
C:\VundoFix Backups\leayvasp.dll.bad
C:\VundoFix Backups\ncyiqwdq.dll.bad
C:\VundoFix Backups\piiarrsm.dll.bad
C:\VundoFix Backups\psuouhat.exe.bad
C:\VundoFix Backups\tfvwwybw.dll.bad
C:\VundoFix Backups\ttybniam.dll.bad
C:\VundoFix Backups\ureujqwb.dll.bad
C:\VundoFix Backups\vnaovbmp.dll.bad
C:\VundoFix Backups\vnrxltdh.dll.bad
C:\VundoFix Backups\ydyonmcc.dll.bad
C:\VundoFix.exe
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\SGFubmFoIFdoaXRlb2Fr
C:\WINDOWS\SGFubmFoIFdoaXRlb2Fr\asappsrv.dll
C:\WINDOWS\SGFubmFoIFdoaXRlb2Fr\command.exe
C:\WINDOWS\SGFubmFoIFdoaXRlb2Fr\m3IRvAICKIxCurl5vZIO.vbs
C:\WINDOWS\SYSTEM32\aokyyuhf.dllbox
C:\WINDOWS\SYSTEM32\daklwkgs.ini
C:\WINDOWS\SYSTEM32\edcA01
C:\WINDOWS\SYSTEM32\edcA01\edcA011065.exe
C:\WINDOWS\SYSTEM32\jryigbok.exe_tobedeleted_old_tobedeleted_old
C:\WINDOWS\SYSTEM32\ka8
C:\WINDOWS\SYSTEM32\ka8\tycodllz83122.exe
C:\WINDOWS\SYSTEM32\pe2
C:\WINDOWS\SYSTEM32\pe2\oedvers112.exe
C:\WINDOWS\SYSTEM32\rolkecrt.ini
C:\WINDOWS\SYSTEM32\wbywwvft.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.

2008-02-02 08:23 . 2008-02-02 08:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-28 20:34 . 2008-01-28 20:34 1,584,836 --a------ C:\ComboFix.exe
2008-01-26 16:48 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\SYSTEM32\ActiveSkin.ocx
2008-01-26 16:48 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
2008-01-26 16:48 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
2008-01-25 19:50 . 2008-01-25 19:50 0 --a------ C:\WINDOWS\dwidp.INI
2008-01-25 19:43 . 2008-01-25 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Miktex
2008-01-25 18:28 . 2008-01-25 18:29 <DIR> d-------- C:\Documents and Settings\Hannah Whiteoak\Application Data\cronometer
2008-01-25 18:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-01-25 18:23 . 2008-01-25 18:23 <DIR> d-------- C:\Program Files\CRON-O-METER
2008-01-20 10:00 . 2008-02-04 19:02 <DIR> d-------- C:\Program Files\Unlocker
2008-01-19 12:55 . 2008-01-19 12:55 <DIR> d-------- C:\Program Files\Alex Feinman
2008-01-19 12:43 . 2008-01-19 12:48 731,594,752 --a------ C:\KNOPPIX_V5.1.0CD-2006-12-30-EN.iso
2008-01-19 12:41 . 2008-01-19 12:43 <DIR> d-------- C:\bcd
2008-01-19 12:38 . 2008-01-19 12:39 1,523,568 --a------ C:\bfd107.zip
2008-01-19 12:17 . 2008-01-20 11:39 <DIR> d-------- C:\Documents and Settings\Hannah Whiteoak\Application Data\wsInspector
2008-01-19 12:14 . 2008-01-19 12:15 <DIR> d-------- C:\Program Files\Startup Inspector for Windows
2008-01-19 12:14 . 2008-01-19 12:14 685,988 --a------ C:\isw2.exe
2008-01-17 18:50 . 2007-09-24 15:54 1,500 --a------ C:\newn-sus.reg
2008-01-17 18:50 . 2007-09-24 15:54 598 --a------ C:\restore-av-startup.reg
2008-01-17 18:50 . 2007-09-24 15:54 228 --a------ C:\disable-sus.reg
2008-01-13 17:36 . 2008-01-13 17:36 268 --ah----- C:\sqmdata01.sqm
2008-01-13 17:36 . 2008-01-13 17:36 244 --ah----- C:\sqmnoopt01.sqm
2008-01-13 17:27 . 2008-01-13 17:27 <DIR> d-------- C:\Documents and Settings\James Shepherd\Application Data\Windows Desktop Search
2008-01-12 18:10 . 2008-01-13 09:31 354 --ahs---- C:\WINDOWS\SYSTEM32\mainbytt.ini
2008-01-09 15:56 . 2008-01-13 09:31 158,208 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msconfig.exe
2008-01-09 15:33 . 2008-01-28 18:35 155,648 --a------ C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-09 15:33 . 2008-01-28 18:35 118,784 --a------ C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-09 15:33 . 2008-02-01 18:13 15,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe
2008-01-09 15:33 . 2008-02-01 18:13 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2008-01-09 15:24 . 2008-02-04 19:02 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-08 13:19 . 2008-01-08 13:19 <DIR> d-------- C:\Program Files\PixiePack Codec Pack
2008-01-08 13:15 . 2008-01-09 15:33 <DIR> d-------- C:\Documents and Settings\Hannah Whiteoak\Application Data\Tunebite
2008-01-08 13:15 . 2007-12-11 09:52 26,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tbhsd.sys
2008-01-08 13:14 . 2008-01-08 13:14 <DIR> d-------- C:\Program Files\RapidSolution
2008-01-08 13:14 . 2008-01-08 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-01-08 13:02 . 2008-01-08 13:03 <DIR> d-------- C:\Program Files\MP3 Player Utilities 4.15
2008-01-08 11:21 . 2004-08-20 14:50 159,744 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 19:02 --------- d-----w C:\Program Files\MSN Messenger
2008-02-04 19:02 --------- d-----w C:\Program Files\DellSupport
2008-02-04 19:02 --------- d-----w C:\Program Files\Apoint
2008-02-04 17:04 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-03 22:04 --------- d-----w C:\Program Files\Napster
2008-01-28 20:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-25 19:44 --------- d-----w C:\Program Files\TeXnicCenter
2008-01-25 19:43 --------- d-----w C:\Program Files\MiKTeX 2.5
2008-01-25 18:27 --------- d-----w C:\Program Files\Java
2008-01-19 10:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-17 07:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-16 23:41 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-11 19:19 --------- d-----w C:\Documents and Settings\Hannah Whiteoak\Application Data\Skype
2007-12-25 15:45 --------- d-----w C:\Program Files\Microsoft Games
2007-12-22 21:09 --------- d-----w C:\Documents and Settings\Hannah Whiteoak\Application Data\dvdcss
2007-02-27 17:49 492,277 -c--a-w C:\Documents and Settings\Hannah Whiteoak\fig07_26.exe
2006-08-19 08:59 24,192 -c--a-w C:\Documents and Settings\Hannah Whiteoak\usbsermptxp.sys
2006-08-19 08:59 22,768 -c--a-w C:\Documents and Settings\Hannah Whiteoak\usbsermpt.sys
2005-06-01 20:13 4,827,968 ----a-w C:\Program Files\Firefox Setup 1.0.4.exe
.

<pre>
----a-w 15,872 2008-01-28 09:29:53 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-28 09:28:03 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-27 16:19:16 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-27 11:34:02 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-27 08:13:03 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-26 16:31:35 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-25 17:19:38 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-25 08:03:36 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-25 00:17:39 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-24 17:43:46 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-24 09:27:12 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-24 07:47:43 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-24 00:01:45 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-23 20:05:18 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-23 12:20:30 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-23 07:00:50 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-22 22:09:07 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-22 08:36:38 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-21 17:23:58 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-20 19:01:47 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-20 18:12:10 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 357,888 2008-01-20 11:04:29 C:\Program Files\Unlocker\UnlockerAssistant .exe
</pre>


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\Dot1XCfg ----

2008-02-02 08:18 61440 --a------ C:\Program Files\Dot1XCfg\Dot1XCfg.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-01 18:13 15360]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [2008-02-02 08:18 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-02-02 08:18 132496]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-28 18:35 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-28 18:35 118784]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2008-02-02 08:18 57344]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2008-01-28 18:35 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-02-01 18:13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2004-08-04 04:00 388608 C:\WINDOWS\SYSTEM32\CMD.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoStartMenuMorePrograms"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"MaxRecentDocs"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)
"NoTrayContextMenu"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 2004-01-12 05:55 110592 C:\WINDOWS\SYSTEM32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\SYSTEM32\DRIVERS\VCdRom.sys [2001-12-19 10:45]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-11-22 19:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11c2fb60-c38a-11dc-86af-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1731e6b1-c4d9-11dc-86b6-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b743e25-0fe2-11db-9faa-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fb648f0-c3c9-11dc-86b0-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93025080-6e89-11dc-bc49-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f93b780-c2a4-11dc-86a8-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c33f1000-0eac-11db-9fa9-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c84cd420-c438-11dc-86b2-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9390610-beca-11dc-8699-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e160cfc0-702d-11dc-bc4e-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0818cd1-cfb2-11d9-9b1e-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-29 08:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-29 18:38:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 19:09:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2008-02-04 19:22:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-04 19:22:37
ComboFix2.txt 2008-02-02 09:18:24
.
2008-01-24 08:46:49 --- E O F ---

And here's the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09:02, on 04/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cam.ac.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\SYSTEM32\WSBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\WINDOWS\SYSTEM32\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 8159 bytes

I'm stuck on step two as the link to download the latest version of ComboFix doesn't work.

Also I don't know whether my XP needs a service pack or not - how do I find out?

Ok, ignore my last post. I've downloaded the appropriate XP thing and the latest version of ComboFix, and created CFScript as instructed. However, when I drag CFScript.txt into ComboFix.exe, nothing happens.

?

(I can't see the photo on your post, just a photobucket icon.)

Ok, ignore my last post. I've downloaded the appropriate XP thing and the latest version of ComboFix, and created CFScript as instructed. However, when I drag CFScript.txt into ComboFix.exe, nothing happens.
Usually when this happens, I double check to make sure the recovery console was saved as C:\RC.EXE and that combofix is indeed being run from the desktop.

Double make sure on those points, and let me know if it still doesn't work right :)

Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.