I hate to have to do this but i have run out of options. I have also fallen victim to virtumonde and need profssional help. here i have posted my HJT log. your help is much apreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22, on 2008-06-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
G:\Program Files 2\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
G:\program files 2\itunes\iTunesHelper.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
G:\Program Files 2\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Program Files 2\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kelowna.castanet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {0526E48F-F63C-4F3D-8D9E-BAD8E030EA97} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {272EC06F-3649-4BD9-80A3-6F3369E2C4B8} - (no file)
O2 - BHO: (no name) - {329daf41-d60c-400b-91c0-8f2589f208c6} - (no file)
O2 - BHO: (no name) - {3ADE2429-6ACC-40B3-900F-A38D051E0C49} - C:\WINDOWS\system32\iiffCTND.dll (file missing)
O2 - BHO: (no name) - {55AA9E77-FBB3-41C9-B12B-A1C66426D429} - (no file)
O2 - BHO: (no name) - {5DDA4DFE-35C8-4C76-A88D-CC1F967D18C0} - C:\WINDOWS\system32\nnnmjjGY.dll
O2 - BHO: (no name) - {620C6CDB-5F4B-4FC1-833E-74630594C3AC} - C:\WINDOWS\system32\pmnoNFyx.dll (file missing)
O2 - BHO: (no name) - {6A52DC54-B037-41E8-8D6D-DD6B1F1695B0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B620472-08CF-4297-8FBE-D2D160CC8E28} - (no file)
O2 - BHO: (no name) - {A500C693-1EB6-4C6A-9A96-B82A1B15D61D} - C:\WINDOWS\system32\tuvVNHxu.dll (file missing)
O2 - BHO: (no name) - {a7814039-a06a-45bf-9038-a86f92c4396d} - C:\WINDOWS\system32\dxnmgfxf.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B4045867-A291-2821-A595-2664FFD2694A} - C:\DOCUME~1\Andrew\APPLIC~1\AIMSAV~1\clockhide.exe (file missing)
O2 - BHO: (no name) - {BF6485E8-7EE5-47F6-97DD-289BEE658730} - C:\WINDOWS\system32\nnnoLCsT.dll (file missing)
O2 - BHO: {1d8e31b3-a646-633a-a9e4-bba48e4ac74c} - {c47ca4e8-4abb-4e9a-a336-646a3b13e8d1} - C:\WINDOWS\system32\btfsnntv.dll
O2 - BHO: (no name) - {C4AD1341-C65E-49F7-8A0A-42829DAC7F16} - (no file)
O2 - BHO: (no name) - {CA3076E7-AB47-4925-9FD7-5BD899A3E816} - C:\WINDOWS\system32\efcYSjji.dll (file missing)
O2 - BHO: (no name) - {CB8D71A5-693B-4B50-B244-3FDA9AF4144D} - (no file)
O2 - BHO: (no name) - {CDA06862-EAF1-4B2F-96B4-B4A19027AF56} - C:\WINDOWS\system32\awtqqpMc.dll (file missing)
O2 - BHO: (no name) - {E582A904-68B5-4097-9FF7-898B879B9645} - (no file)
O2 - BHO: (no name) - {F291DE04-16E3-48A7-B574-48F226DC87D9} - C:\WINDOWS\system32\khfEXnLF.dll (file missing)
O2 - BHO: (no name) - {F53BAFE5-CE7A-4E95-95AC-A3912EFD3739} - C:\WINDOWS\system32\ddcBTJCU.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KeyLogRegEntry] "C:\Documents and Settings\Gavin\My Documents\files\KeyLog.exe" -ah
O4 - HKLM\..\Run: [idle heck win data] C:\Documents and Settings\All Users\Application Data\CashPlayIdleHeck\Mfcdgram.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\program files 2\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "G:\Program Files 2\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [BMdf192200] Rundll32.exe "C:\WINDOWS\system32\rqaqdklx.dll",s
O4 - HKLM\..\Run: [dc2a119c] rundll32.exe "C:\WINDOWS\system32\upypsklx.dll",b
O4 - HKLM\..\RunServices: [] C:\PROGRAM FILES\SKU62\SKU62.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [FlapAmen] C:\DOCUME~1\Gavin\APPLIC~1\EXITSI~1\Browse noun.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Detector] "G:\Program Files 2\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-1123561945-839522115-1343024091-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Andrew')
O4 - HKUS\S-1-5-21-1123561945-839522115-1343024091-1007\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet (User 'Andrew')
O4 - HKUS\S-1-5-21-1123561945-839522115-1343024091-1007\..\Run: [FlapAmen] C:\DOCUME~1\Andrew\APPLIC~1\EXITSI~1\Browse noun.exe (User 'Andrew')
O4 - HKUS\S-1-5-21-1123561945-839522115-1343024091-1007\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User 'Andrew')
O4 - HKUS\S-1-5-21-1123561945-839522115-1343024091-1007\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe (User 'Andrew')
O4 - HKUS\S-1-5-21-1123561945-839522115-1343024091-1007\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (User 'Andrew')
O4 - HKUS\S-1-5-21-1123561945-839522115-1343024091-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Andrew')
O4 - HKUS\S-1-5-21-1123561945-839522115-1343024091-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Andrew')
O4 - HKUS\S-1-5-21-1123561945-839522115-1343024091-1007\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Andrew')
O4 - HKUS\S-1-5-21-1123561945-839522115-1343024091-1007\..\Run: [cmds] rundll32.exe C:\WINDOWS\system32\nnnoLCsT.dll,c (User 'Andrew')
O4 - HKUS\S-1-5-21-1123561945-839522115-1343024091-1007\..\Run: [MS Juan] rundll32 "C:\WINDOWS\system32\yvehivwx.dll",run (User 'Andrew')
O4 - HKUS\S-1-5-21-1123561945-839522115-1343024091-1007\..\Run: [dc2a119c] rundll32.exe "C:\WINDOWS\system32\grjwgypi.dll",b (User 'Andrew')
O4 - HKUS\S-1-5-21-1123561945-839522115-1343024091-1007\..\Run: [BMdf192200] Rundll32.exe "C:\WINDOWS\system32\viahpbqc.dll",s (User 'Andrew')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = G:\program files 2\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\program files 2\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\program files 2\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\program files 2\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://G:\program files 2\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161393469042
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcBTJCU - C:\WINDOWS\SYSTEM32\ddcBTJCU.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - G:\Program Files 2\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 15340 bytes

Hi lazyboy_360

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post:

- a fresh HijackThis log
- combofix report

Thank you for replying, your help is greatly apreciated. Here are an updated HJT log scanned after the Combofix scan.

Combofix Log

ComboFix 08-06-20.4 - Gavin 2008-06-23 16:42:02.1 - NTFSx86
Running from: C:\Documents and Settings\Gavin\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gavin\Application Data\Microsoft\dtsc
C:\Documents and Settings\Gavin\Application Data\Microsoft\dtsc\id
C:\WINDOWS\BMdf192200.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\atatpefo.ini
C:\WINDOWS\system32\ayktdmio.ini
C:\WINDOWS\system32\bdbaxfeg.dll
C:\WINDOWS\system32\bdxchkue.dll
C:\WINDOWS\system32\cbqxoikb.ini
C:\WINDOWS\system32\ccKlonpo.ini
C:\WINDOWS\system32\ccKlonpo.ini2
C:\WINDOWS\system32\cjyivvmp.ini
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\cMpqqtwa.ini
C:\WINDOWS\system32\cMpqqtwa.ini2
C:\WINDOWS\system32\ddcBTJCU.dll
C:\WINDOWS\system32\DNTCffii.ini
C:\WINDOWS\system32\DNTCffii.ini2
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\drllwylp.ini
C:\WINDOWS\system32\dtubnnvk.dll
C:\WINDOWS\system32\dxnmgfxf.dll
C:\WINDOWS\system32\dxwfvcfc.ini
C:\WINDOWS\system32\eeoewoby.ini
C:\WINDOWS\system32\fbnsifex.ini
C:\WINDOWS\system32\FLnXEfhk.ini
C:\WINDOWS\system32\FLnXEfhk.ini2
C:\WINDOWS\system32\gmrxpefk.dll
C:\WINDOWS\system32\gqrfotqr.dll
C:\WINDOWS\system32\hlaxdcpo.ini
C:\WINDOWS\system32\hrsnctil.ini
C:\WINDOWS\system32\hwmpwjmd.dll
C:\WINDOWS\system32\iarxaxmj.ini
C:\WINDOWS\system32\igbwsxib.dll
C:\WINDOWS\system32\ijjSYcfe.ini
C:\WINDOWS\system32\ijjSYcfe.ini2
C:\WINDOWS\system32\ipygwjrg.ini
C:\WINDOWS\system32\irckfscw.ini
C:\WINDOWS\system32\litcnsrh.dll
C:\WINDOWS\system32\ltokctvp.dll
C:\WINDOWS\system32\lTuwDfhk.ini
C:\WINDOWS\system32\lTuwDfhk.ini2
C:\WINDOWS\system32\mcfgtujq.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhgkawba.dll
C:\WINDOWS\system32\micnvybo.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mtgswhqw.dll
C:\WINDOWS\system32\mylaiqbs.dll
C:\WINDOWS\system32\nbgdtjps.dll
C:\WINDOWS\system32\ndgoclwf.ini
C:\WINDOWS\system32\njqvdyfs.dll
C:\WINDOWS\system32\nnnmjjGY.dll
C:\WINDOWS\system32\obnmusva.ini
C:\WINDOWS\system32\oprxfegm.dll
C:\WINDOWS\system32\qinbovut.ini
C:\WINDOWS\system32\ququoicj.dll
C:\WINDOWS\system32\salwkoyl.dll
C:\WINDOWS\system32\sbqialym.ini
C:\WINDOWS\system32\selqqkiv.dll
C:\WINDOWS\system32\sfydvqjn.ini
C:\WINDOWS\system32\sqvdsufg.ini
C:\WINDOWS\system32\tdnrhosn.ini
C:\WINDOWS\system32\tEgPVvut.ini
C:\WINDOWS\system32\tEgPVvut.ini2
C:\WINDOWS\system32\tlylxnru.dll
C:\WINDOWS\system32\TsCLonnn.ini
C:\WINDOWS\system32\TsCLonnn.ini2
C:\WINDOWS\system32\tuvULEwt.dll
C:\WINDOWS\system32\twwptxlg.dll
C:\WINDOWS\system32\uqhwkmcy.dll
C:\WINDOWS\system32\uxHNVvut.ini
C:\WINDOWS\system32\uxHNVvut.ini2
C:\WINDOWS\system32\VxHPonnn.ini
C:\WINDOWS\system32\VxHPonnn.ini2
C:\WINDOWS\system32\wcsfkcri.dll
C:\WINDOWS\system32\whhiqofj.ini
C:\WINDOWS\system32\wjgewwlo.ini
C:\WINDOWS\system32\wqacrrwh.ini
C:\WINDOWS\system32\xhmcwhoq.ini
C:\WINDOWS\system32\xlkspypu.ini
C:\WINDOWS\system32\xyFNonmp.ini
C:\WINDOWS\system32\xyFNonmp.ini2
C:\WINDOWS\system32\yfhtynmo.ini
C:\WINDOWS\system32\YGjjmnnn.ini
C:\WINDOWS\system32\YGjjmnnn.ini2
C:\WINDOWS\system32\yqinmnnm.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 )))))))))))))))))))))))))))))))
.

2008-06-23 17:56 . 2008-06-23 17:56 110,419 --a------ C:\WINDOWS\BMdf192200.xml
2008-06-23 17:56 . 2008-06-23 17:56 22 --a------ C:\WINDOWS\pskt.ini
2008-06-22 16:59 . 2008-06-22 16:59 99,328 --a------ C:\WINDOWS\system32\orblwvdx.dll
2008-06-22 16:59 . 2008-06-22 16:59 90,624 --a------ C:\WINDOWS\system32\dgoosjxt.dll
2008-06-22 16:59 . 2008-06-22 16:59 80,384 --a------ C:\WINDOWS\system32\cfcvfwxd.dll
2008-06-21 18:03 . 2008-06-21 18:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-21 18:03 . 2008-06-21 18:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-21 13:36 . 2008-06-21 13:36 81,408 --a------ C:\WINDOWS\system32\upypsklx.dll
2008-06-21 13:33 . 2008-06-21 13:33 99,328 --a------ C:\WINDOWS\system32\btfsnntv.dll
2008-06-21 13:33 . 2008-06-21 13:33 90,112 --a------ C:\WINDOWS\system32\rqaqdklx.dll
2008-06-21 02:32 . 2008-06-21 02:39 <DIR> d-------- C:\ComboFix2
2008-06-21 01:48 . 2008-06-21 01:50 <DIR> d-------- C:\Combo-Fix
2008-06-21 01:35 . 2008-06-21 01:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-20 16:01 . 2008-06-20 16:01 99,328 --a------ C:\WINDOWS\system32\oueovwrv.dll
2008-06-20 15:59 . 2008-06-20 15:59 90,624 --a------ C:\WINDOWS\system32\mbybokkt.dll
2008-06-15 20:57 . 2008-06-15 20:57 <DIR> dr-h----- C:\MSOCache
2008-06-15 20:01 . 2008-06-15 20:01 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-15 19:58 . 2008-06-15 19:58 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-15 19:44 . 2008-06-16 16:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-15 19:14 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-06-15 19:14 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-06-10 17:00 . 2008-06-10 17:00 57,270 --a------ C:\WINDOWS\RGI536.tmp
2008-06-02 19:19 . 2008-06-19 22:25 788 --a------ C:\WINDOWS\wininit.ini
2008-05-29 21:13 . 2008-05-31 21:19 <DIR> d-------- C:\Documents and Settings\Gavin\Application Data\uTorrent
2008-05-29 20:30 . 2008-05-29 20:30 6,656 --a------ C:\WINDOWS\system32\beep.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 17:25 --------- d-----w C:\Program Files\McAfee
2008-06-23 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-22 01:44 --------- d-----w C:\Program Files\Creative
2008-06-22 01:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-21 07:28 --------- d-----w C:\Documents and Settings\Gavin\Application Data\SiteAdvisor
2008-06-21 04:20 --------- d-----w C:\Program Files\Greetings Workshop
2008-06-20 15:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-06-15 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-14 03:42 --------- d-----w C:\Documents and Settings\Mark\Application Data\Canon
2008-06-03 04:38 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-02 14:17 --------- d-----w C:\Documents and Settings\Mark\Application Data\SiteAdvisor
2008-05-10 06:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-10 01:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-04 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Seagate
2008-05-04 00:13 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-28 01:53 --------- d-----w C:\Program Files\Java
2007-01-31 02:26 87,608 ----a-w C:\Documents and Settings\Gavin\Application Data\ezpinst.exe
2007-01-31 02:26 47,360 ----a-w C:\Documents and Settings\Gavin\Application Data\pcouffin.sys
.

------- Sigcheck -------

2005-05-25 12:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 10:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2003-03-31 05:00 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 12:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 19:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-10-19 11:45 359808 ba57942c0029b0878afba052a3e33689 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-02-16 18:43 360064 01c7cfaeeb03b86fde965a6007450a67 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-02-16 18:43 360064 01c7cfaeeb03b86fde965a6007450a67 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ADE2429-6ACC-40B3-900F-A38D051E0C49}]
C:\WINDOWS\system32\iiffCTND.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{620C6CDB-5F4B-4FC1-833E-74630594C3AC}]
C:\WINDOWS\system32\pmnoNFyx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A500C693-1EB6-4C6A-9A96-B82A1B15D61D}]
C:\WINDOWS\system32\tuvVNHxu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4045867-A291-2821-A595-2664FFD2694A}]
C:\DOCUME~1\Andrew\APPLIC~1\AIMSAV~1\clockhide.exe

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF6485E8-7EE5-47F6-97DD-289BEE658730}]
C:\WINDOWS\system32\nnnoLCsT.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA3076E7-AB47-4925-9FD7-5BD899A3E816}]
C:\WINDOWS\system32\efcYSjji.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDA06862-EAF1-4B2F-96B4-B4A19027AF56}]
C:\WINDOWS\system32\awtqqpMc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F291DE04-16E3-48A7-B574-48F226DC87D9}]
C:\WINDOWS\system32\khfEXnLF.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [ ]
"FlapAmen"="C:\DOCUME~1\Gavin\APPLIC~1\EXITSI~1\Browse noun.exe" [ ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2005-11-18 16:13 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [ ]
"Start WingMan Profiler"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 23:20 68856]
"Creative Detector"="G:\Program Files 2\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTPreset"="VTPreset.exe" [2004-02-24 21:17 45056 C:\WINDOWS\system32\VTPreset.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"KeyLogRegEntry"="C:\Documents and Settings\Gavin\My Documents\files\KeyLog.exe" [ ]
"idle heck win data"="C:\Documents and Settings\All Users\Application Data\CashPlayIdleHeck\Mfcdgram.exe" [2005-10-19 10:53 0]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-16 15:09 7110656]
"nwiz"="nwiz.exe" [2005-07-16 15:09 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-16 15:09 86016]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 13:00 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2006-12-19 19:37 36952]
"iTunesHelper"="G:\program files 2\itunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 14:26 694272]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 14:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22 20480]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"basicsmssmenu"="G:\Program Files 2\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 16:21 169328]
"dc2a119c"="C:\WINDOWS\system32\upypsklx.dll" [2008-06-21 13:36 81408]
"BMdf192200"="C:\WINDOWS\system32\rqaqdklx.dll" [2008-06-21 13:33 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"<NO NAME>"="C:\PROGRAM FILES\SKU62\SKU62.EXE" [ ]

C:\Documents and Settings\Mark\Start Menu\Programs\Startup\
Greetings Workshop Reminders.lnk - C:\Program Files\Greetings Workshop\GWREMIND.EXE [1997-09-04 01:00:00 50688]

C:\Documents and Settings\Gavin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Microsoft Office.lnk - G:\program files 2\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.JPEG"= jpegCode.dll
"VIDC.MJPG"= jpegCode.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"G:\\program files 2\\BitComet\\BitComet.exe"=
"G:\\program files 2\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"G:\\program files 2\\itunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"G:\\program files 2\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"G:\\program files 2\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"G:\\program files 2\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25929:TCP"= 25929:TCP:BitComet 25929 TCP
"25929:UDP"= 25929:UDP:BitComet 25929 UDP
"7712:TCP"= 7712:TCP:BitComet 7712 TCP
"7712:UDP"= 7712:UDP:BitComet 7712 UDP
"19583:TCP"= 19583:TCP:BitComet 19583 TCP
"19583:UDP"= 19583:UDP:BitComet 19583 UDP
"24571:TCP"= 24571:TCP:BitComet 24571 TCP
"24571:UDP"= 24571:UDP:BitComet 24571 UDP
"25243:TCP"= 25243:TCP:BitComet 25243 TCP
"25243:UDP"= 25243:UDP:BitComet 25243 UDP
"9665:TCP"= 9665:TCP:BitComet 9665 TCP
"9665:UDP"= 9665:UDP:BitComet 9665 UDP
"2634:TCP"= 2634:TCP:BitComet 2634 TCP
"2634:UDP"= 2634:UDP:BitComet 2634 UDP
"2635:TCP"= 2635:TCP:BitComet 2635 TCP(ED2K)
"2635:UDP"= 2635:UDP:BitComet 2635 UDP(ED2K)
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R1 Cinemsup;Cinemsup;C:\WINDOWS\System32\drivers\cinemsup.sys [2002-07-19 08:10]
R2 Basics Service;Basics Service;"G:\Program Files 2\Seagate\Basics\Service\SyncServicesBasics.exe" [2007-10-09 16:21]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00]
S3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys []
S3 gtermddo;gtermddo;C:\DOCUME~1\Gavin\LOCALS~1\Temp\gtermddo.sys []
S3 VIASens;Vinyl Sensaura WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\viasens.sys [2003-11-07 08:07]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2831022-71be-11d9-b1c0-000d876eae12}]
\Shell\AutoRun\command - F:\LaunchBF.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-24 01:00:01 C:\WINDOWS\Tasks\AABF0A9091A483F0.job"
- c:\docume~1\andrew\applic~1\exitsi~1\Chin the dart.exe
"2008-06-24 01:00:01 C:\WINDOWS\Tasks\ACA68E21918500E5.job"
- c:\docume~1\gavin\applic~1\exitsi~1\Chin the dart.exe
"2008-06-15 08:00:10 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-03-01 09:00:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-06-23 01:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-06-23 07:51:20 C:\WINDOWS\Tasks\User_Feed_Synchronization-{1EBCB271-7E75-4B2C-907E-E33AF78F8C4A}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 17:54:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\drivers\MFX.sys 50524 bytes executable
C:\SYZ_DAT
C:\WINDOWS\system32\xlkspypu.ini 294 bytes

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
-> C:\WINDOWS\system32\upypsklx.dll
-> C:\WINDOWS\system32\rqaqdklx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\lexbces.exE
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-06-23 18:11:13 - machine was rebooted [Gavin]
ComboFix-quarantined-files.txt 2008-06-24 01:11:00

Pre-Run: 3,398,967,296 bytes free
Post-Run: 4,136,869,888 bytes free

349 --- E O F --- 2008-06-03 04:50:33

And Here is the HJT log.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:34 PM, on 23/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
G:\Program Files 2\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
G:\Program Files 2\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Program Files 2\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kelowna.castanet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {3ADE2429-6ACC-40B3-900F-A38D051E0C49} - C:\WINDOWS\system32\iiffCTND.dll (file missing)
O2 - BHO: (no name) - {620C6CDB-5F4B-4FC1-833E-74630594C3AC} - C:\WINDOWS\system32\pmnoNFyx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A500C693-1EB6-4C6A-9A96-B82A1B15D61D} - C:\WINDOWS\system32\tuvVNHxu.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B4045867-A291-2821-A595-2664FFD2694A} - C:\DOCUME~1\Andrew\APPLIC~1\AIMSAV~1\clockhide.exe (file missing)
O2 - BHO: (no name) - {BF6485E8-7EE5-47F6-97DD-289BEE658730} - C:\WINDOWS\system32\nnnoLCsT.dll (file missing)
O2 - BHO: (no name) - {CA3076E7-AB47-4925-9FD7-5BD899A3E816} - C:\WINDOWS\system32\efcYSjji.dll (file missing)
O2 - BHO: (no name) - {CDA06862-EAF1-4B2F-96B4-B4A19027AF56} - C:\WINDOWS\system32\awtqqpMc.dll (file missing)
O2 - BHO: (no name) - {F291DE04-16E3-48A7-B574-48F226DC87D9} - C:\WINDOWS\system32\khfEXnLF.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KeyLogRegEntry] "C:\Documents and Settings\Gavin\My Documents\files\KeyLog.exe" -ah
O4 - HKLM\..\Run: [idle heck win data] C:\Documents and Settings\All Users\Application Data\CashPlayIdleHeck\Mfcdgram.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\program files 2\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "G:\Program Files 2\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [dc2a119c] rundll32.exe "C:\WINDOWS\system32\upypsklx.dll",b
O4 - HKLM\..\Run: [BMdf192200] Rundll32.exe "C:\WINDOWS\system32\rqaqdklx.dll",s
O4 - HKLM\..\RunServices: [] C:\PROGRAM FILES\SKU62\SKU62.EXE
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [FlapAmen] C:\DOCUME~1\Gavin\APPLIC~1\EXITSI~1\Browse noun.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Detector] "G:\Program Files 2\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = G:\program files 2\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\program files 2\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\program files 2\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\program files 2\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://G:\program files 2\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161393469042
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - G:\Program Files 2\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11675 bytes

Hi

Please click this link-->Jotti (http://virusscan.jotti.org/)

Copy/paste the first file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

C:\WINDOWS\system32\beep.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

here is the scan of the above file at jotti.


Scan taken on 25 Jun 2008 02:02:06 (GMT)
A-Squared Found nothing
AntiVir Found TR/Rootkit.Gen
ArcaVir Found Trojan.Psw.Lineage.Aht
Avast Found Win32:DNSChanger-VJ
AVG Antivirus Found BackDoor.Generic9.ARTE
BitDefender Found Trojan.Agent.AIVZ
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.NtRootKit.1182
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.DNSChanger.dqm
Fortinet Found W32/DNSChanger.DQM!tr
Ikarus Found VirTool.WinNT.Pasich.A
Kaspersky Anti-Virus Found Trojan.Win32.DNSChanger.dqm
NOD32 Found probably a variant of Win32/Rootkit.Agent.AII (probable variant)
Norman Virus Control Found W32/DNSChanger.BBQY
Panda Antivirus Found nothing
Sophos Antivirus Found Troj/Agent-HCH
VirusBuster Found nothing
VBA32 Found Trojan.Win32.DNSChanger.dqm

Hi

Yes, as expected. It is a patched version of beep.sys.

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

this is the report of the second scan that i did. the first scan appeared to be a failure. it finished in safe mode but did not restart when i rebooted. the second scan finished alright but the report said no trojans found so it may be that they were deleted in the first scan that did not finish.
Thanks again.



SDFix: Version 1.197
Run by Gavin on 26/06/2008 at 02:11 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 16:06:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,8b,72,62,ad,6e,02,c1,12,77,53,0e,a7,1a,8a,a0,bc,b7,..
"hj34z0"=hex:22,58,9f,4e,c8,0f,18,d3,76,d6,b7,c8,27,fd,2e,f5,85,f7,2f,45,93,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="G:\Program Files 2\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:b0,28,bd,5b,3d,7f,b0,d4,0e,d7,a1,2d,32,71,79,44,7c,90,df,76,b5,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:28,bd,6d,f2,7f,9f,91,27,3d,ab,33,12,5e,55,6a,4f,8d,38,0c,1f,fd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="G:\Program Files 2\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:b0,28,bd,5b,3d,7f,b0,d4,0e,d7,a1,2d,32,71,79,44,7c,90,df,76,b5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:28,bd,6d,f2,7f,9f,91,27,3d,ab,33,12,5e,55,6a,4f,8d,38,0c,1f,fd,..

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\MFX.sys 50524 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"="C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe:*:Enabled:artpschd"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"G:\\program files 2\\BitComet\\BitComet.exe"="G:\\program files 2\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"G:\\program files 2\\LimeWire\\LimeWire.exe"="G:\\program files 2\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"G:\\program files 2\\itunes\\iTunes.exe"="G:\\program files 2\\itunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Disabled:McAfee Data Backup"
"G:\\program files 2\\EA GAMES\\Battlefield 1942\\BF1942.exe"="G:\\program files 2\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Disabled:BF1942"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"G:\\program files 2\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"="G:\\program files 2\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"G:\\program files 2\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"="G:\\program files 2\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat:*:Enabled:patchgrabber"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Sun 15 Feb 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 6 May 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Tue 6 May 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Sun 21 Jul 2002 418,816 A..HR --- "C:\WINDOWS\system32\Tools\All.exe"
Thu 18 Jul 2002 390,144 A..HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Fri 19 Jul 2002 574,464 A..HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Mon 19 Aug 2002 430,592 A..HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Mon 22 Jul 2002 390,656 A..HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 A..HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 A..HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Sun 1 Dec 2002 431,616 A..HR --- "C:\WINDOWS\system32\Tools\Restart.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Tue 12 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 23 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0c909c63b4fa217757574b9dcdd658c3\BIT15.tmp"
Mon 23 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7779524ce1b472c62f1b0f1a192676ad\BIT16.tmp"
Mon 23 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9664ff6405d9e0e32778ca8618d4be26\BIT14.tmp"
Mon 23 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\97de84be36b27af6e66a0586433cda52\BIT12.tmp"
Mon 23 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9ec3943a72ea4aa7fb7b808e2b7554c8\BIT13.tmp"
Mon 23 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb1cc7c8ed3868a5a32ffb677fe0fde8\BIT17.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT12.tmp"
Tue 2 Nov 2004 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL0003.tmp"
Sat 19 Mar 2005 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL0004.tmp"
Tue 28 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL0005.tmp"
Mon 28 May 2007 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL0006.tmp"
Sun 10 Jun 2007 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL0010.tmp"
Tue 29 May 2007 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL0151.tmp"
Sun 10 Jun 2007 87,552 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL0435.tmp"
Sun 10 Jun 2007 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL0497.tmp"
Thu 8 Nov 2007 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL0519.tmp"
Thu 8 Nov 2007 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL0611.tmp"
Wed 6 Jun 2007 63,488 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL0836.tmp"
Sat 19 Mar 2005 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL1177.tmp"
Tue 29 May 2007 62,976 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL1227.tmp"
Mon 28 May 2007 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL1515.tmp"
Tue 29 May 2007 37,376 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL1747.tmp"
Thu 8 Nov 2007 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL1822.tmp"
Sun 10 Jun 2007 38,400 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL1840.tmp"
Thu 8 Nov 2007 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL1972.tmp"
Sun 10 Jun 2007 38,912 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL2017.tmp"
Tue 28 Feb 2006 1,195,008 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL2110.tmp"
Tue 28 Feb 2006 367,616 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL2417.tmp"
Tue 28 Feb 2006 1,194,496 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL2446.tmp"
Tue 29 May 2007 36,864 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL2627.tmp"
Tue 29 May 2007 62,976 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL2679.tmp"
Sun 10 Jun 2007 45,056 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL2753.tmp"
Tue 28 Feb 2006 367,616 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL2761.tmp"
Sun 10 Jun 2007 60,416 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL2860.tmp"
Tue 29 May 2007 36,864 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL3135.tmp"
Tue 29 May 2007 62,976 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL3151.tmp"
Tue 28 Feb 2006 1,195,008 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL3223.tmp"
Thu 8 Nov 2007 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL3388.tmp"
Thu 8 Nov 2007 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL3395.tmp"
Sun 10 Jun 2007 28,672 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL3702.tmp"
Thu 8 Nov 2007 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL3732.tmp"
Sun 10 Jun 2007 34,816 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL3852.tmp"
Thu 8 Nov 2007 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL3859.tmp"
Tue 28 Feb 2006 366,592 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL3943.tmp"
Tue 28 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL3988.tmp"
Tue 29 May 2007 62,976 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL3997.tmp"
Sun 10 Jun 2007 34,816 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL4071.tmp"
Mon 28 May 2007 19,456 ...H. --- "C:\Documents and Settings\Gavin\Application Data\Microsoft\Word\~WRL4089.tmp"

Finished!

here is an up-to-date HJT log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:45 PM, on 26/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
G:\Program Files 2\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
G:\program files 2\itunes\iTunesHelper.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
G:\Program Files 2\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Program Files 2\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kelowna.castanet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {3ADE2429-6ACC-40B3-900F-A38D051E0C49} - C:\WINDOWS\system32\iiffCTND.dll (file missing)
O2 - BHO: (no name) - {620C6CDB-5F4B-4FC1-833E-74630594C3AC} - C:\WINDOWS\system32\pmnoNFyx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A500C693-1EB6-4C6A-9A96-B82A1B15D61D} - C:\WINDOWS\system32\tuvVNHxu.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B4045867-A291-2821-A595-2664FFD2694A} - C:\DOCUME~1\Andrew\APPLIC~1\AIMSAV~1\clockhide.exe (file missing)
O2 - BHO: (no name) - {BF6485E8-7EE5-47F6-97DD-289BEE658730} - C:\WINDOWS\system32\nnnoLCsT.dll (file missing)
O2 - BHO: (no name) - {CA3076E7-AB47-4925-9FD7-5BD899A3E816} - C:\WINDOWS\system32\efcYSjji.dll (file missing)
O2 - BHO: (no name) - {CDA06862-EAF1-4B2F-96B4-B4A19027AF56} - C:\WINDOWS\system32\awtqqpMc.dll (file missing)
O2 - BHO: (no name) - {F291DE04-16E3-48A7-B574-48F226DC87D9} - C:\WINDOWS\system32\khfEXnLF.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KeyLogRegEntry] "C:\Documents and Settings\Gavin\My Documents\files\KeyLog.exe" -ah
O4 - HKLM\..\Run: [idle heck win data] C:\Documents and Settings\All Users\Application Data\CashPlayIdleHeck\Mfcdgram.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\program files 2\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "G:\Program Files 2\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [dc2a119c] rundll32.exe "C:\WINDOWS\system32\upypsklx.dll",b
O4 - HKLM\..\Run: [BMdf192200] Rundll32.exe "C:\WINDOWS\system32\rqaqdklx.dll",s
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [FlapAmen] C:\DOCUME~1\Gavin\APPLIC~1\EXITSI~1\Browse noun.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Detector] "G:\Program Files 2\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = G:\program files 2\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\program files 2\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\program files 2\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\program files 2\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://G:\program files 2\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161393469042
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - G:\Program Files 2\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11874 bytes

Hi

Please re-scan beep.sys that we can see if sdfix replaced it during that first run.

well it dosnt look good, a lot of red print. Again, much apreciated



Scan taken on 27 Jun 2008 19:25:08 (GMT)
A-Squared Found nothing
AntiVir Found TR/Rootkit.Gen
ArcaVir Found Trojan.Psw.Lineage.Aht
Avast Found Win32:DNSChanger-VJ
AVG Antivirus Found BackDoor.Generic9.ARTE
BitDefender Found Trojan.Rootkit.GFS
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.NtRootKit.1182
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.DNSChanger.dqm
Fortinet Found W32/DNSChanger.DQM!tr
Ikarus Found VirTool.WinNT.Pasich.A
Kaspersky Anti-Virus Found Trojan.Win32.DNSChanger.dqm
NOD32 Found probably a variant of Win32/Rootkit.Agent.AII (probable variant)
Norman Virus Control Found W32/DNSChanger.BBQY
Panda Antivirus Found nothing
Sophos Antivirus Found Troj/Agent-HCH
VirusBuster Found nothing
VBA32 Found Trojan.Win32.DNSChanger.dqm

Hi

Please check also if c:\windows\system32\drivers\beep.sys is infected in jotti.

If not, we'll continue with cleaning :)

here are the results of the Jotti scan of c:\windows\system32\drivers\beep.sys

Thanks again.




Scan taken on 28 Jun 2008 20:23:46 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Hi

Great :)

Open notepad and copy/paste the text in the codebox below into it:


Rootkit::
C:\WINDOWS\system32\drivers\MFX.sys
C:\SYZ_DAT
C:\WINDOWS\system32\xlkspypu.ini

File::
C:\WINDOWS\BMdf192200.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\orblwvdx.dll
C:\WINDOWS\system32\dgoosjxt.dll
C:\WINDOWS\system32\cfcvfwxd.dll
C:\WINDOWS\system32\upypsklx.dll
C:\WINDOWS\system32\btfsnntv.dll
C:\WINDOWS\system32\rqaqdklx.dll
C:\WINDOWS\system32\oueovwrv.dll
C:\WINDOWS\system32\mbybokkt.dll
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\RGI536.tmp

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ADE2429-6ACC-40B3-900F-A38D051E0C49}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{620C6CDB-5F4B-4FC1-833E-74630594C3AC}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A500C693-1EB6-4C6A-9A96-B82A1B15D61D}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4045867-A291-2821-A595-2664FFD2694A}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF6485E8-7EE5-47F6-97DD-289BEE658730}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA3076E7-AB47-4925-9FD7-5BD899A3E816}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDA06862-EAF1-4B2F-96B4-B4A19027AF56}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F291DE04-16E3-48A7-B574-48F226DC87D9}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FlapAmen"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeyLogRegEntry"=-
"idle heck win data"=-
"dc2a119c"="-
"BMdf192200"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"<NO NAME>"=-


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Please Download NoLop to your desktop from one of the links below...
Link 1 (http://www.spywareedge.net/nolop/NoLop.exe)
Link 2 (http://www.spywaretimes.com/Tools/Download/Anti-malwareTools/NoLop!/)
Link 3 (http://www.thespykiller.co.uk/index.php?action=tpmod;dl=get16)
First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it.
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx (http://www.boletrice.com/downloads/mscomctl.ocx) to your system32 folder then rerun the program. --

Post:

- a fresh HijackThis log
- combofix report
- nolop log

here is the combofix log.



ComboFix 08-06-20.4 - Gavin 2008-06-30 1:09:48.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.121 [GMT -7:00]
Running from: C:\Documents and Settings\Gavin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gavin\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BMdf192200.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\RGI536.tmp
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\btfsnntv.dll
C:\WINDOWS\system32\cfcvfwxd.dll
C:\WINDOWS\system32\dgoosjxt.dll
C:\WINDOWS\system32\mbybokkt.dll
C:\WINDOWS\system32\orblwvdx.dll
C:\WINDOWS\system32\oueovwrv.dll
C:\WINDOWS\system32\rqaqdklx.dll
C:\WINDOWS\system32\upypsklx.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\SYZ_DAT
C:\WINDOWS\system32\drivers\MFX.sys
C:\WINDOWS\system32\xlkspypu.ini
.
---- Previous Run -------
.
C:\SYZ_DAT
C:\WINDOWS\BMdf192200.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\RGI536.tmp
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\btfsnntv.dll
C:\WINDOWS\system32\cfcvfwxd.dll
C:\WINDOWS\system32\dgoosjxt.dll
C:\WINDOWS\system32\drivers\MFX.sys
C:\WINDOWS\system32\dxwfvcfc.ini
C:\WINDOWS\system32\mbybokkt.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oueovwrv.dll
C:\WINDOWS\system32\rqaqdklx.dll
C:\WINDOWS\system32\upypsklx.dll
C:\WINDOWS\system32\xlkspypu.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-25 15:49 . 2008-06-25 15:49 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-25 14:47 . 2008-06-26 16:14 <DIR> d-------- C:\SDFix
2008-06-21 18:03 . 2008-06-29 20:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-21 18:03 . 2008-06-21 18:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-21 02:32 . 2008-06-21 02:39 <DIR> d-------- C:\ComboFix2
2008-06-21 01:48 . 2008-06-21 01:50 <DIR> d-------- C:\Combo-Fix
2008-06-21 01:35 . 2008-06-21 01:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 20:57 . 2008-06-15 20:57 <DIR> dr-h----- C:\MSOCache
2008-06-15 20:01 . 2008-06-15 20:01 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-15 19:58 . 2008-06-15 19:58 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-15 19:44 . 2008-06-25 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-15 19:14 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-06-15 19:14 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-06-02 19:19 . 2008-06-19 22:25 788 --a------ C:\WINDOWS\wininit.ini
2008-05-29 21:13 . 2008-05-31 21:19 <DIR> d-------- C:\Documents and Settings\Gavin\Application Data\uTorrent
2008-05-03 17:14 . 2008-05-03 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Seagate
2008-05-03 17:13 . 2008-05-03 17:13 <DIR> d-------- C:\Program Files\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-29 21:33 --------- d-----w C:\Program Files\McAfee
2008-06-29 07:00 --------- d-----w C:\Program Files\Greetings Workshop
2008-06-22 01:44 --------- d-----w C:\Program Files\Creative
2008-06-22 01:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-21 07:28 --------- d-----w C:\Documents and Settings\Gavin\Application Data\SiteAdvisor
2008-06-20 15:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-06-15 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-14 03:42 --------- d-----w C:\Documents and Settings\Mark\Application Data\Canon
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-03 04:38 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-02 14:17 --------- d-----w C:\Documents and Settings\Mark\Application Data\SiteAdvisor
2008-05-10 06:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-10 01:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-28 01:53 --------- d-----w C:\Program Files\Java
2007-01-31 02:26 87,608 ----a-w C:\Documents and Settings\Gavin\Application Data\ezpinst.exe
2007-01-31 02:26 47,360 ----a-w C:\Documents and Settings\Gavin\Application Data\pcouffin.sys
.

------- Sigcheck -------

2005-05-25 12:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 10:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2003-03-31 05:00 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 12:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 19:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-10-19 11:45 359808 ba57942c0029b0878afba052a3e33689 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-02-16 18:43 360064 01c7cfaeeb03b86fde965a6007450a67 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-02-16 18:43 360064 01c7cfaeeb03b86fde965a6007450a67 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot_2008-06-29_20.21.51.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-30 03:08:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 08:19:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-30 02:15:53 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-30 06:50:16 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-30 02:15:53 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-30 06:50:16 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [ ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2005-11-18 16:13 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [ ]
"Start WingMan Profiler"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 23:20 68856]
"Creative Detector"="G:\Program Files 2\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTPreset"="VTPreset.exe" [2004-02-24 21:17 45056 C:\WINDOWS\system32\VTPreset.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-16 15:09 7110656]
"nwiz"="nwiz.exe" [2005-07-16 15:09 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-16 15:09 86016]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 13:00 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2006-12-19 19:37 36952]
"iTunesHelper"="G:\program files 2\itunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 14:26 694272]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 14:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22 20480]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"basicsmssmenu"="G:\Program Files 2\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 16:21 169328]
"dc2a119c"="C:\WINDOWS\system32\upypsklx.dll" [ ]

C:\Documents and Settings\Mark\Start Menu\Programs\Startup\
Greetings Workshop Reminders.lnk - C:\Program Files\Greetings Workshop\GWREMIND.EXE [1997-09-04 01:00:00 50688]

C:\Documents and Settings\Gavin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Microsoft Office.lnk - G:\program files 2\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.JPEG"= jpegCode.dll
"VIDC.MJPG"= jpegCode.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"G:\\program files 2\\BitComet\\BitComet.exe"=
"G:\\program files 2\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"G:\\program files 2\\itunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"G:\\program files 2\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"G:\\program files 2\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"G:\\program files 2\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25929:TCP"= 25929:TCP:BitComet 25929 TCP
"25929:UDP"= 25929:UDP:BitComet 25929 UDP
"7712:TCP"= 7712:TCP:BitComet 7712 TCP
"7712:UDP"= 7712:UDP:BitComet 7712 UDP
"19583:TCP"= 19583:TCP:BitComet 19583 TCP
"19583:UDP"= 19583:UDP:BitComet 19583 UDP
"24571:TCP"= 24571:TCP:BitComet 24571 TCP
"24571:UDP"= 24571:UDP:BitComet 24571 UDP
"25243:TCP"= 25243:TCP:BitComet 25243 TCP
"25243:UDP"= 25243:UDP:BitComet 25243 UDP
"9665:TCP"= 9665:TCP:BitComet 9665 TCP
"9665:UDP"= 9665:UDP:BitComet 9665 UDP
"2634:TCP"= 2634:TCP:BitComet 2634 TCP
"2634:UDP"= 2634:UDP:BitComet 2634 UDP
"2635:TCP"= 2635:TCP:BitComet 2635 TCP(ED2K)
"2635:UDP"= 2635:UDP:BitComet 2635 UDP(ED2K)
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R1 Cinemsup;Cinemsup;C:\WINDOWS\System32\drivers\cinemsup.sys [2002-07-19 08:10]
R2 Basics Service;Basics Service;"G:\Program Files 2\Seagate\Basics\Service\SyncServicesBasics.exe" [2007-10-09 16:21]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00]
S3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys []
S3 gtermddo;gtermddo;C:\DOCUME~1\Gavin\LOCALS~1\Temp\gtermddo.sys []
S3 VIASens;Vinyl Sensaura WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\viasens.sys [2003-11-07 08:07]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2831022-71be-11d9-b1c0-000d876eae12}]
\Shell\AutoRun\command - F:\LaunchBF.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 08:00:00 C:\WINDOWS\Tasks\AABF0A9091A483F0.job"
- c:\docume~1\andrew\applic~1\exitsi~1\Chin the dart.exe
"2008-06-30 08:00:00 C:\WINDOWS\Tasks\ACA68E21918500E5.job"
- c:\docume~1\gavin\applic~1\exitsi~1\Chin the dart.exe
"2008-06-15 08:00:10 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-03-01 09:00:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-06-30 01:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-06-30 00:22:52 C:\WINDOWS\Tasks\User_Feed_Synchronization-{1EBCB271-7E75-4B2C-907E-E33AF78F8C4A}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 01:22:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\lexbces.exE
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-06-30 1:42:43 - machine was rebooted [Gavin]
ComboFix-quarantined-files.txt 2008-06-30 08:42:31
ComboFix2.txt 2008-06-24 01:11:15

Pre-Run: 3,307,094,016 bytes free
Post-Run: 3,296,514,048 bytes free

269 --- E O F --- 2008-06-25 21:52:26

and the nolop log.



NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Gavin\Desktop
[30/06/2008]
[2:07:45 AM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\AABF0A9091A483F0.job
C:\WINDOWS\tasks\ACA68E21918500E5.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\1click Dvd Copy Pro
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Altova
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Cashplayidleheck
C:\Documents and Settings\All Users\Application Data\G-force
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Mcafee
C:\Documents and Settings\All Users\Application Data\Mcafee.com
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
C:\Documents and Settings\All Users\Application Data\Microsoft Help
C:\Documents and Settings\All Users\Application Data\Motive
C:\Documents and Settings\All Users\Application Data\Motivesysids
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\River Past G5
C:\Documents and Settings\All Users\Application Data\Scansoft
C:\Documents and Settings\All Users\Application Data\Seagate
C:\Documents and Settings\All Users\Application Data\Siteadvisor
C:\Documents and Settings\All Users\Application Data\Smartsound Software Inc
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Ssscanappdatadir
C:\Documents and Settings\All Users\Application Data\Ssscanwizard
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Ulead Systems
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Whitecap (holiday Edition)
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Wlinstaller
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Gavin\Application Data\.bittorrent
C:\Documents and Settings\Gavin\Application Data\Adobe
C:\Documents and Settings\Gavin\Application Data\Adobeum
C:\Documents and Settings\Gavin\Application Data\Aim Save Settings -- EMPTY Directory
C:\Documents and Settings\Gavin\Application Data\Apple Computer
C:\Documents and Settings\Gavin\Application Data\Arcsoft
C:\Documents and Settings\Gavin\Application Data\Atari
C:\Documents and Settings\Gavin\Application Data\Avsmedia
C:\Documents and Settings\Gavin\Application Data\Canon
C:\Documents and Settings\Gavin\Application Data\Creative
C:\Documents and Settings\Gavin\Application Data\Divx
C:\Documents and Settings\Gavin\Application Data\Exitsixth
C:\Documents and Settings\Gavin\Application Data\Firstclass
C:\Documents and Settings\Gavin\Application Data\G-force
C:\Documents and Settings\Gavin\Application Data\Google
C:\Documents and Settings\Gavin\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Gavin\Application Data\Identities
C:\Documents and Settings\Gavin\Application Data\Installshield
C:\Documents and Settings\Gavin\Application Data\Installshield Installation Information
C:\Documents and Settings\Gavin\Application Data\Leadertech
C:\Documents and Settings\Gavin\Application Data\Macromedia
C:\Documents and Settings\Gavin\Application Data\Mcafee
C:\Documents and Settings\Gavin\Application Data\Media Player Classic
C:\Documents and Settings\Gavin\Application Data\Microsoft
C:\Documents and Settings\Gavin\Application Data\Motive
C:\Documents and Settings\Gavin\Application Data\Msn6
C:\Documents and Settings\Gavin\Application Data\My Battle For Middle-earth(tm) Ii Files
C:\Documents and Settings\Gavin\Application Data\My Games -- EMPTY Directory
C:\Documents and Settings\Gavin\Application Data\Nero
C:\Documents and Settings\Gavin\Application Data\Nview_wallpaper
C:\Documents and Settings\Gavin\Application Data\Opera -- EMPTY Directory
C:\Documents and Settings\Gavin\Application Data\River Past G5
C:\Documents and Settings\Gavin\Application Data\Scansoft
C:\Documents and Settings\Gavin\Application Data\Seven Zip
C:\Documents and Settings\Gavin\Application Data\Simple Star -- EMPTY Directory
C:\Documents and Settings\Gavin\Application Data\Siteadvisor
C:\Documents and Settings\Gavin\Application Data\Sonic
C:\Documents and Settings\Gavin\Application Data\Sun
C:\Documents and Settings\Gavin\Application Data\The Labyrinth Plus! Edition
C:\Documents and Settings\Gavin\Application Data\Ulead Systems
C:\Documents and Settings\Gavin\Application Data\Utorrent
C:\Documents and Settings\Gavin\Application Data\Vlc
C:\Documents and Settings\Gavin\Application Data\Vso -- EMPTY Directory
C:\Documents and Settings\Gavin\Application Data\{acd5d733-6e37-4cf9-89d9-c891db987def}
C:\Documents and Settings\Guest\Application Data\Google
C:\Documents and Settings\Guest\Application Data\Identities
C:\Documents and Settings\Guest\Application Data\Macromedia
C:\Documents and Settings\Guest\Application Data\Microsoft
C:\Documents and Settings\Guest\Application Data\Siteadvisor
C:\Documents and Settings\Guest\Application Data\Sun
C:\Documents and Settings\Localservice\Application Data\Exitsixth -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Mcafee
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Siteadvisor -- EMPTY Directory
C:\Documents and Settings\Mark\Application Data\Adobe
C:\Documents and Settings\Mark\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Mark\Application Data\Arcsoft
C:\Documents and Settings\Mark\Application Data\Atari -- EMPTY Directory
C:\Documents and Settings\Mark\Application Data\Canon
C:\Documents and Settings\Mark\Application Data\Creative
C:\Documents and Settings\Mark\Application Data\Divx
C:\Documents and Settings\Mark\Application Data\Google
C:\Documents and Settings\Mark\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Mark\Application Data\Identities
C:\Documents and Settings\Mark\Application Data\Leadertech
C:\Documents and Settings\Mark\Application Data\Macromedia
C:\Documents and Settings\Mark\Application Data\Mcafee
C:\Documents and Settings\Mark\Application Data\Microsoft
C:\Documents and Settings\Mark\Application Data\Microsoft Web Folders -- EMPTY Directory
C:\Documents and Settings\Mark\Application Data\Motive
C:\Documents and Settings\Mark\Application Data\Msn6
C:\Documents and Settings\Mark\Application Data\Scansoft
C:\Documents and Settings\Mark\Application Data\Siteadvisor
C:\Documents and Settings\Mark\Application Data\Sun
C:\Documents and Settings\Mark\Application Data\Ulead Systems
C:\Documents and Settings\Networkservice\Application Data\Microsoft

and finaly a fresh HJT log and a thanks.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:31 AM, on 30/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
G:\Program Files 2\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
G:\Program Files 2\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Program Files 2\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\McAfee\MSK\MskAgent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\program files 2\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\program files 2\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "G:\Program Files 2\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [dc2a119c] rundll32.exe "C:\WINDOWS\system32\upypsklx.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Detector] "G:\Program Files 2\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = G:\program files 2\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\program files 2\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\program files 2\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\program files 2\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://G:\program files 2\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161393469042
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - G:\Program Files 2\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10351 bytes

Hi

Open HijackThis, click do a system scan only and checkmark these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [dc2a119c] rundll32.exe "C:\WINDOWS\system32\upypsklx.dll",b
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab

Close all windows including browser and press fix checked.

Reboot.

Delete this:

C:\Documents and Settings\All Users\Application Data\Cashplayidleheck

Empty Recycle Bin.

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

I have done steps one and two but am having trouble with kaspersky. I have done the HJT cleanup and deleted the specified folder and emptied the recycle bin. when i do the scan on kaspersky the scan gets about 10% done and then the window closes. I will keep trying and will post back soon. Thanks again for your time.

here is a new HJT log if it is any help.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:26 AM, on 02/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
G:\Program Files 2\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\rundll32.exe
G:\program files 2\itunes\iTunesHelper.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
G:\Program Files 2\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Program Files 2\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\program files 2\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\program files 2\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "G:\Program Files 2\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Detector] "G:\Program Files 2\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = G:\program files 2\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\program files 2\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\program files 2\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\program files 2\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://G:\program files 2\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161393469042
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0160901214925178) (0160901214925178mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\016090~1.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - G:\Program Files 2\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10244 bytes

Hi

Please then try this instead:

Please go to Kaspersky website (http://www.kaspersky.nl/scanforvirus-en/kavwebscan.html) to perform an online scan. Please use Internet Explorer as it uses ActiveX.
Click on Accept.
It will prompt you to download an ActiveX. Allow it.
After that, you will be prompted to install it.

Note: For Vista users, if UAC is enabled, you will receive an UAC prompt. Click on Continue to install it.


Once installed, it will start downloading the definitions. This will take some time. At the same time, you may also receive another prompt to install another ActiveX. Allow it again and repeat Step 2.
When the definitions have finished downloading, click Next.
Click on Scan Settings.
Under Scan using the following antivirus database:, choose extended - protect your computer from Spyware, adware, dialers and potentially dangerous software such as remote access utilities, prank programs and jokes. We do not recommend this option to beginners or inexperienced users.
Under Scan options:, check (tick) both boxes.
Click Ok.
Under Please select a target to scan:, click on My Computer. It will start scanning. Please be patient.
Click on Save Report As....
Give this report a name and change the Save as type: to Text file (*.txt) before clicking on Save.
Please post this log in your next reply.

Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.