Hi

I am running Windows XP SP2, Norton Antivirus. I am having all the problems with Virtumonde and despite running Spybot repeatedly (daily - more than once) it keeps returning. Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:23, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1145303948\ee\AOLSoftware.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=10599&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Sky Broadband
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\3.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145303948\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\blubster.exe SILENT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BM6b578306] Rundll32.exe "C:\WINDOWS\system32\cwbxqsin.dll",s
O4 - HKLM\..\Run: [6864b09a] rundll32.exe "C:\WINDOWS\system32\gpboakyg.dll",b
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM6b578306] Rundll32.exe "C:\WINDOWS\system32\itjhgnic.dll",s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinematycoon/sis/cinematycoon.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab?7c294e965fb7513f168564866c5ed3d95fb451fb785fda37f9a82d92293fb8460ec7b8ada60261d11ff311271e6213fe44e66e281d252acba3ae0d225995f8c385666f67604e:d23f2ef055b1287f0afb30a12aaf2cdc
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 1: (no name) - http://www.bbc.co.uk/home/beta/object/clock/tiny.swf

--
End of file - 11900 bytes

I've run another log, which appears different from the one above:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:38, on 02/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1145303948\ee\AOLSoftware.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=10599&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Sky Broadband
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {023AB618-6A81-4313-821A-59C634B1A591} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {03CC8BAB-F987-49D9-BA7D-E6E459D68A49} - (no file)
O2 - BHO: (no name) - {04BE976A-CF56-4440-B242-671CEEC47408} - (no file)
O2 - BHO: (no name) - {060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {09E92F58-02CE-4084-A788-3581FA5BEA8A} - (no file)
O2 - BHO: (no name) - {0DE7580D-CDDD-4AAA-A78E-9F8730655E4D} - (no file)
O2 - BHO: (no name) - {1052A761-4E0C-43F7-9108-C5C96BD512DD} - (no file)
O2 - BHO: (no name) - {10c4f52d-9597-408c-9545-2f5461dce88b} - (no file)
O2 - BHO: (no name) - {113727AE-4243-45F8-9D62-93F5D30079CC} - (no file)
O2 - BHO: (no name) - {1352e915-724f-4efd-8746-7e8539b872e3} - (no file)
O2 - BHO: (no name) - {14A751D2-CEAA-4B13-926D-32BDAA70438D} - (no file)
O2 - BHO: (no name) - {1d93f67a-34aa-4b20-ad9e-1688c3e085ec} - (no file)
O2 - BHO: (no name) - {1E68DA6D-8B16-4994-B2E9-5C41D038EAF0} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {22FD4AF4-EE77-4D61-A77D-A068D7100456} - (no file)
O2 - BHO: (no name) - {2A030BF6-CD85-4C59-869F-CE5270B0AD36} - (no file)
O2 - BHO: (no name) - {2BDAB5BE-9828-48A1-827C-81FAB64814B7} - (no file)
O2 - BHO: (no name) - {3291C731-FF2C-4DD0-9EC7-F4B98A9F08F8} - (no file)
O2 - BHO: (no name) - {36933486-298E-46E4-AFCE-65EFB5F47924} - (no file)
O2 - BHO: (no name) - {36C0671E-1908-4BB3-A2FC-E487FF8BB91F} - (no file)
O2 - BHO: (no name) - {393BA4FA-4F38-4546-8185-1CF77F44F922} - (no file)
O2 - BHO: (no name) - {398A890D-5182-462E-A9BF-5B9E6A47759C} - (no file)
O2 - BHO: (no name) - {3D93673C-F34C-475D-BF58-B56C8751A6B8} - (no file)
O2 - BHO: (no name) - {41077FF3-CBD1-46DB-A4B4-6392542E010F} - (no file)
O2 - BHO: (no name) - {4319BC27-CC5A-4C8D-A2A1-C8EEC02A26CF} - C:\WINDOWS\system32\urqQjkhH.dll (file missing)
O2 - BHO: (no name) - {4572226D-5388-4050-AB60-2CF958E6B8C6} - (no file)
O2 - BHO: (no name) - {47D7D4ED-4F7D-4CAD-99F4-A515869E05B0} - (no file)
O2 - BHO: (no name) - {5110DD29-0E02-41F7-A2BE-6C1128907D7B} - (no file)
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - (no file)
O2 - BHO: (no name) - {51c854a9-9e77-4560-a9fa-cb70a5cdc0b9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {691BAACA-2C62-42F4-B7E3-860F3DCB2F90} - (no file)
O2 - BHO: (no name) - {6E10035E-6DF5-494A-9C88-E05B8F84CA76} - (no file)
O2 - BHO: (no name) - {73FCC002-9811-4FF9-9D4D-FFF063B72677} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {85DA2EDE-4E14-4987-BA5D-217D9B19207D} - (no file)
O2 - BHO: (no name) - {873355ee-fb4e-4087-9a92-ab4443a17353} - (no file)
O2 - BHO: (no name) - {8c0c1953-c65e-4330-ab0b-07d47201f86e} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {916C6E57-FA44-4BE2-8562-52B23CC57563} - (no file)
O2 - BHO: (no name) - {924e2bc2-0e47-4d8b-a2e9-82beee62d50f} - (no file)
O2 - BHO: (no name) - {9A608D5C-E78D-4E67-A421-178C9A7BD0EC} - (no file)
O2 - BHO: (no name) - {9BEC5447-976D-4C25-B1CD-D4920F1643A8} - (no file)
O2 - BHO: (no name) - {a0db5f8d-003f-44e9-8cd8-60bb048238b6} - (no file)
O2 - BHO: (no name) - {a4e699fd-c820-48e2-a5e0-977110915a67} - (no file)
O2 - BHO: (no name) - {aad7b676-812e-420a-8602-c7ad8e95d515} - (no file)
O2 - BHO: (no name) - {ac54dc4a-4157-49f4-afe3-6401846110f0} - (no file)
O2 - BHO: (no name) - {b0f161a6-d360-40f1-8e12-05a13e66b80c} - (no file)
O2 - BHO: (no name) - {B7A27C50-0ACF-4E7C-AA94-BDB9751E4B7A} - (no file)
O2 - BHO: (no name) - {b9ab1357-d1c1-4446-93f2-27d5868025f6} - (no file)
O2 - BHO: (no name) - {B9F7F593-5415-4A21-B1A0-7C8A3064C857} - C:\WINDOWS\system32\xxyyxuUn.dll (file missing)
O2 - BHO: (no name) - {BBBC7BAB-A250-4918-9D90-1D498E98B257} - (no file)
O2 - BHO: (no name) - {BDBF77AD-CF6C-4466-BB62-3F00DFE2259C} - (no file)
O2 - BHO: (no name) - {bf1dffa7-b295-4e18-a6b7-e6e6ea89cfe3} - (no file)
O2 - BHO: (no name) - {C2235141-2AF9-4AB4-BE51-D076BA6E60C2} - (no file)
O2 - BHO: (no name) - {C403133D-505F-4138-BB6E-637014DAED2C} - (no file)
O2 - BHO: (no name) - {C8170946-41FD-4A39-A732-4201CD171B08} - (no file)
O2 - BHO: (no name) - {C9B6FE04-B0F0-4D24-842C-243F3AA6F2E0} - (no file)
O2 - BHO: (no name) - {cdc45b88-ffb2-4877-b7ef-5e1c723aec59} - (no file)
O2 - BHO: (no name) - {CE7947A7-3E1F-4701-A453-4C02F906383B} - (no file)
O2 - BHO: (no name) - {D354863E-22EE-4135-9548-0F061510E826} - (no file)
O2 - BHO: (no name) - {D75D8D58-87A8-4633-BB19-9EE47C38EB93} - (no file)
O2 - BHO: (no name) - {d8f7ed04-9223-483e-abe5-65ddb8d1742b} - (no file)
O2 - BHO: (no name) - {dc2fc27c-7b94-4cea-a17a-b115634939d0} - (no file)
O2 - BHO: (no name) - {E1774D6E-4D16-4FEB-90D9-47B674C64D49} - (no file)
O2 - BHO: (no name) - {e97000eb-900b-4fdb-9048-7535b8b0ef99} - (no file)
O2 - BHO: (no name) - {F1894491-E43C-47BE-AB33-9365DE1B028A} - C:\WINDOWS\system32\byXQIYQJ.dll (file missing)
O2 - BHO: (no name) - {f21b7518-ca6f-4f5c-8795-561c8eca5e8d} - (no file)
O2 - BHO: (no name) - {f579cc57-8702-46de-afa6-93de216eca18} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145303948\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\blubster.exe SILENT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [6864b09a] rundll32.exe "C:\WINDOWS\system32\wpnreoqh.dll",b
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM6b578306] Rundll32.exe "C:\WINDOWS\system32\itjhgnic.dll",s
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinematycoon/sis/cinematycoon.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O20 - Winlogon Notify: byXOiHbX - C:\WINDOWS\
O20 - Winlogon Notify: cbXPiGxx - cbXPiGxx.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 1: (no name) - http://www.bbc.co.uk/home/beta/object/clock/tiny.swf

--
End of file - 18027 bytes

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------



REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

ares

Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=218503&postcount=4) where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.

Post back a new HijackThis, so we can continue cleaning your pc.

Hi katana, thanks for the reply.

Ares wasn't in the list of installed programs but I found a broken link and the Ares setup program in one of my kids(!) folders and deleted them manually. Anyway here's the updated HJT log. I can't see it listed there any longer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:01:09, on 05/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=10599&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Sky Broadband
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {023AB618-6A81-4313-821A-59C634B1A591} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {03CC8BAB-F987-49D9-BA7D-E6E459D68A49} - (no file)
O2 - BHO: (no name) - {04BE976A-CF56-4440-B242-671CEEC47408} - (no file)
O2 - BHO: (no name) - {060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09E92F58-02CE-4084-A788-3581FA5BEA8A} - (no file)
O2 - BHO: (no name) - {0DE7580D-CDDD-4AAA-A78E-9F8730655E4D} - (no file)
O2 - BHO: (no name) - {1052A761-4E0C-43F7-9108-C5C96BD512DD} - (no file)
O2 - BHO: (no name) - {10c4f52d-9597-408c-9545-2f5461dce88b} - (no file)
O2 - BHO: (no name) - {113727AE-4243-45F8-9D62-93F5D30079CC} - (no file)
O2 - BHO: (no name) - {1352e915-724f-4efd-8746-7e8539b872e3} - (no file)
O2 - BHO: (no name) - {14A751D2-CEAA-4B13-926D-32BDAA70438D} - (no file)
O2 - BHO: (no name) - {1d93f67a-34aa-4b20-ad9e-1688c3e085ec} - (no file)
O2 - BHO: (no name) - {1E68DA6D-8B16-4994-B2E9-5C41D038EAF0} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {22FD4AF4-EE77-4D61-A77D-A068D7100456} - (no file)
O2 - BHO: (no name) - {2A030BF6-CD85-4C59-869F-CE5270B0AD36} - (no file)
O2 - BHO: (no name) - {2BDAB5BE-9828-48A1-827C-81FAB64814B7} - (no file)
O2 - BHO: (no name) - {3291C731-FF2C-4DD0-9EC7-F4B98A9F08F8} - (no file)
O2 - BHO: (no name) - {36933486-298E-46E4-AFCE-65EFB5F47924} - (no file)
O2 - BHO: (no name) - {36C0671E-1908-4BB3-A2FC-E487FF8BB91F} - (no file)
O2 - BHO: (no name) - {393BA4FA-4F38-4546-8185-1CF77F44F922} - (no file)
O2 - BHO: (no name) - {398A890D-5182-462E-A9BF-5B9E6A47759C} - (no file)
O2 - BHO: (no name) - {3D93673C-F34C-475D-BF58-B56C8751A6B8} - (no file)
O2 - BHO: (no name) - {41077FF3-CBD1-46DB-A4B4-6392542E010F} - (no file)
O2 - BHO: (no name) - {4319BC27-CC5A-4C8D-A2A1-C8EEC02A26CF} - C:\WINDOWS\system32\urqQjkhH.dll (file missing)
O2 - BHO: (no name) - {4572226D-5388-4050-AB60-2CF958E6B8C6} - (no file)
O2 - BHO: (no name) - {47D7D4ED-4F7D-4CAD-99F4-A515869E05B0} - (no file)
O2 - BHO: (no name) - {5110DD29-0E02-41F7-A2BE-6C1128907D7B} - (no file)
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - (no file)
O2 - BHO: (no name) - {51c854a9-9e77-4560-a9fa-cb70a5cdc0b9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {691BAACA-2C62-42F4-B7E3-860F3DCB2F90} - (no file)
O2 - BHO: (no name) - {6E10035E-6DF5-494A-9C88-E05B8F84CA76} - (no file)
O2 - BHO: (no name) - {73FCC002-9811-4FF9-9D4D-FFF063B72677} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {85DA2EDE-4E14-4987-BA5D-217D9B19207D} - (no file)
O2 - BHO: (no name) - {873355ee-fb4e-4087-9a92-ab4443a17353} - (no file)
O2 - BHO: (no name) - {8c0c1953-c65e-4330-ab0b-07d47201f86e} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {916C6E57-FA44-4BE2-8562-52B23CC57563} - (no file)
O2 - BHO: (no name) - {924e2bc2-0e47-4d8b-a2e9-82beee62d50f} - (no file)
O2 - BHO: (no name) - {9A608D5C-E78D-4E67-A421-178C9A7BD0EC} - (no file)
O2 - BHO: (no name) - {9BEC5447-976D-4C25-B1CD-D4920F1643A8} - (no file)
O2 - BHO: (no name) - {a0db5f8d-003f-44e9-8cd8-60bb048238b6} - (no file)
O2 - BHO: (no name) - {a4e699fd-c820-48e2-a5e0-977110915a67} - (no file)
O2 - BHO: (no name) - {aad7b676-812e-420a-8602-c7ad8e95d515} - (no file)
O2 - BHO: (no name) - {ac54dc4a-4157-49f4-afe3-6401846110f0} - (no file)
O2 - BHO: (no name) - {b0f161a6-d360-40f1-8e12-05a13e66b80c} - (no file)
O2 - BHO: (no name) - {B7A27C50-0ACF-4E7C-AA94-BDB9751E4B7A} - (no file)
O2 - BHO: (no name) - {b9ab1357-d1c1-4446-93f2-27d5868025f6} - (no file)
O2 - BHO: (no name) - {B9F7F593-5415-4A21-B1A0-7C8A3064C857} - C:\WINDOWS\system32\xxyyxuUn.dll (file missing)
O2 - BHO: (no name) - {BBBC7BAB-A250-4918-9D90-1D498E98B257} - (no file)
O2 - BHO: (no name) - {BDBF77AD-CF6C-4466-BB62-3F00DFE2259C} - (no file)
O2 - BHO: (no name) - {bf1dffa7-b295-4e18-a6b7-e6e6ea89cfe3} - (no file)
O2 - BHO: (no name) - {C2235141-2AF9-4AB4-BE51-D076BA6E60C2} - (no file)
O2 - BHO: (no name) - {C403133D-505F-4138-BB6E-637014DAED2C} - (no file)
O2 - BHO: (no name) - {C8170946-41FD-4A39-A732-4201CD171B08} - (no file)
O2 - BHO: (no name) - {C9B6FE04-B0F0-4D24-842C-243F3AA6F2E0} - (no file)
O2 - BHO: (no name) - {cdc45b88-ffb2-4877-b7ef-5e1c723aec59} - (no file)
O2 - BHO: (no name) - {CE7947A7-3E1F-4701-A453-4C02F906383B} - (no file)
O2 - BHO: (no name) - {D354863E-22EE-4135-9548-0F061510E826} - (no file)
O2 - BHO: (no name) - {D75D8D58-87A8-4633-BB19-9EE47C38EB93} - (no file)
O2 - BHO: (no name) - {d8f7ed04-9223-483e-abe5-65ddb8d1742b} - (no file)
O2 - BHO: (no name) - {dc2fc27c-7b94-4cea-a17a-b115634939d0} - (no file)
O2 - BHO: (no name) - {E1774D6E-4D16-4FEB-90D9-47B674C64D49} - (no file)
O2 - BHO: (no name) - {e97000eb-900b-4fdb-9048-7535b8b0ef99} - (no file)
O2 - BHO: (no name) - {F1894491-E43C-47BE-AB33-9365DE1B028A} - C:\WINDOWS\system32\byXQIYQJ.dll (file missing)
O2 - BHO: (no name) - {f21b7518-ca6f-4f5c-8795-561c8eca5e8d} - (no file)
O2 - BHO: (no name) - {f579cc57-8702-46de-afa6-93de216eca18} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [6864b09a] rundll32.exe "C:\WINDOWS\system32\wpnreoqh.dll",b
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM6b578306] Rundll32.exe "C:\WINDOWS\system32\itjhgnic.dll",s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinematycoon/sis/cinematycoon.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O20 - Winlogon Notify: byXOiHbX - C:\WINDOWS\
O20 - Winlogon Notify: cbXPiGxx - cbXPiGxx.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 1: (no name) - http://www.bbc.co.uk/home/beta/object/clock/tiny.swf

--
End of file - 16131 bytes

Disable Teatimer
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt



Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Installed Programs

Please could you give me a list of the programs that are installed.
Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

MBAM Log
ComboFix Log
A Fresh HJT Log
Installed Programs List
How are things running now ?

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

MBAM Log
ComboFix Log
A Fresh HJT Log
Installed Programs List

Not sure I'll get all this in one post, so I'll do two.

MBAM log:

Malwarebytes' Anti-Malware 1.24
Database version: 1015
Windows 5.1.2600 Service Pack 2

14:10:31 05/08/2008
mbam-log-8-5-2008 (14-10-31).txt

Scan type: Full Scan (C:\|)
Objects scanned: 198146
Time elapsed: 1 hour(s), 46 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 101

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP889\A0633839.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP889\A0633842.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP889\A0633844.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP889\A0633845.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP891\A0634120.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP891\A0634159.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP891\A0635233.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP891\A0635234.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP892\A0635278.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP897\A0641652.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP897\A0641696.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP897\A0641697.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP897\A0641698.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP897\A0641732.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP899\A0641994.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP900\A0642594.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP902\A0643722.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP902\A0643750.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP902\A0644846.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP906\A0649374.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP906\A0650472.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP906\A0650473.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP906\A0650474.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP907\A0651577.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP907\A0651592.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP908\A0653577.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP908\A0653578.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP909\A0655577.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP909\A0655587.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP909\A0655591.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP909\A0655592.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP909\A0655599.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP909\A0655601.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP909\A0655602.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP910\A0656764.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP910\A0656765.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP911\A0657049.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP911\A0657065.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP911\A0657066.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP911\A0657147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP911\A0657149.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP912\A0659065.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP913\A0659175.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP913\A0660175.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP913\A0660275.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP914\A0660313.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP915\A0661592.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP915\A0661593.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP915\A0661594.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP915\A0661595.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP915\A0661597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP915\A0661599.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP915\A0662757.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP915\A0662758.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP915\A0662759.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP915\A0662779.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP916\A0662918.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP916\A0662920.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP917\A0662982.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP917\A0662983.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP917\A0662984.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP917\A0663976.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP917\A0663991.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP917\A0664262.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP921\A0664901.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP921\A0664911.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP921\A0664913.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP921\A0664915.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP921\A0664918.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP921\A0664920.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP921\A0664921.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP921\A0664923.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP921\A0664926.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP921\A0664927.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP921\A0664928.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP921\A0664935.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP921\A0664943.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP921\A0664944.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP921\A0664934.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP842\A0621165.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP842\A0621163.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP842\A0621403.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP842\A0621404.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP842\A0621405.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP843\A0621470.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP816\A0616364.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\jamess\Local Settings\Temp\byXQHwVM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\jamess\Local Settings\Temp\tem28.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jamess\Local Settings\Temp\tem2C.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jamess\Local Settings\Temp\tem30.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jamess\Local Settings\Temp\tem34.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jamess\Local Settings\Temp\tem36.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jamess\Local Settings\Temp\tem3A.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jamess\Local Settings\Temp\tem3E.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jamess\Local Settings\Temp\temF.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jamess\Local Settings\Temp\tem11.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jamess\Local Settings\Temp\tem15.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jamess\Local Settings\Temp\tem19.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jamess\Local Settings\Temp\tem26.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\Emma's stuff\VideoEggPublisher.exe (Malware.Tool) -> Quarantined and deleted successfully.


ComboFix log:

ComboFix 08-08-04.01 - User 2008-08-05 12:00:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.540 [GMT 1:00]Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Emma\Application Data\Install.dat
C:\Documents and Settings\Emma\Local Settings\Temporary Internet Files\Dxc.log
C:\Documents and Settings\LocalService\Application Data\Install.dat
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Dxc.log
C:\Documents and Settings\NetworkService\Application Data\install.dat
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\AJGQG8XY\interclick.com
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\AJGQG8XY\interclick.com\ud.sol
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Program Files\Screen2Exe
C:\Program Files\Screen2Exe\Screen2Exe.ini
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\system32\abdtvlgq.ini
C:\WINDOWS\system32\afnycfms.dll
C:\WINDOWS\system32\aHRqYJlm.ini
C:\WINDOWS\system32\aHRqYJlm.ini2
C:\WINDOWS\system32\ajneglhx.dll
C:\WINDOWS\system32\akliybii.dll
C:\WINDOWS\system32\akxmgoqd.dll
C:\WINDOWS\system32\alcgakkt.dll
C:\WINDOWS\system32\anxwgoym.dll
C:\WINDOWS\system32\artdxral.ini
C:\WINDOWS\system32\bhiueo.dll
C:\WINDOWS\system32\bieadp.dll
C:\WINDOWS\system32\blfkxiwj.dll
C:\WINDOWS\system32\bpuwvccp.dll
C:\WINDOWS\system32\btbrhgfw.ini
C:\WINDOWS\system32\byumdkti.dll
C:\WINDOWS\system32\cabjeqaf.dll
C:\WINDOWS\system32\caepbkqv.dll
C:\WINDOWS\system32\cbtmpy.dll
C:\WINDOWS\system32\cfvqjsbx.dll
C:\WINDOWS\system32\cmejysgb.ini
C:\WINDOWS\system32\cmptauax.ini
C:\WINDOWS\system32\copipsth.dll
C:\WINDOWS\system32\cqjydakq.ini
C:\WINDOWS\system32\dckjtxuc.dll
C:\WINDOWS\system32\dpeykunv.dll
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\dseorghe.dll
C:\WINDOWS\system32\dtkvkmsu.dll
C:\WINDOWS\system32\dttgljat.dll
C:\WINDOWS\system32\duqkvpai.dll
C:\WINDOWS\system32\dvtpeetp.dll
C:\WINDOWS\system32\dwygacqo.ini
C:\WINDOWS\system32\eaursmhs.ini
C:\WINDOWS\system32\ebcshx.dll
C:\WINDOWS\system32\ecnohdhm.dll
C:\WINDOWS\system32\ecpghoww.dll
C:\WINDOWS\system32\ecpgyunf.dll
C:\WINDOWS\system32\egirxswj.dll
C:\WINDOWS\system32\ehioitul.ini
C:\WINDOWS\system32\emlccjgr.dll
C:\WINDOWS\system32\epppak.dll
C:\WINDOWS\system32\epxnzg.dll
C:\WINDOWS\system32\erjidlix.dll
C:\WINDOWS\system32\etmamurr.ini
C:\WINDOWS\system32\exvsnhuy.dll
C:\WINDOWS\system32\exyzwo.dll
C:\WINDOWS\system32\fdmjwxpo.ini
C:\WINDOWS\system32\feofrnfh.dll
C:\WINDOWS\system32\fgdbswnx.dll
C:\WINDOWS\system32\fiykudgq.dll
C:\WINDOWS\system32\fkfqhdbr.ini
C:\WINDOWS\system32\fqubnvrk.dll
C:\WINDOWS\system32\fryoidco.dll
C:\WINDOWS\system32\fsabkash.dll
C:\WINDOWS\system32\fsqvxogk.dll
C:\WINDOWS\system32\gkkmhbat.ini
C:\WINDOWS\system32\griwwo.dll
C:\WINDOWS\system32\gtjfqdto.dll
C:\WINDOWS\system32\hdaxkeav.dll
C:\WINDOWS\system32\hfvoplfq.dll
C:\WINDOWS\system32\hfwujqrr.dll
C:\WINDOWS\system32\HhkjQqru.ini
C:\WINDOWS\system32\HhkjQqru.ini2
C:\WINDOWS\system32\hjiroykq.dll
C:\WINDOWS\system32\hmzaoc.dll
C:\WINDOWS\system32\hosrnxyi.ini
C:\WINDOWS\system32\hqoernpw.ini
C:\WINDOWS\system32\htewsnxe.dll
C:\WINDOWS\system32\huoghw.dll
C:\WINDOWS\system32\hwmxafhe.dll
C:\WINDOWS\system32\ibqquwwd.dll
C:\WINDOWS\system32\ieoimp.dll
C:\WINDOWS\system32\ighcrdmi.dll
C:\WINDOWS\system32\ijaapxpt.ini
C:\WINDOWS\system32\ijdqjipw.dll
C:\WINDOWS\system32\inbehjlg.dll
C:\WINDOWS\system32\intotnfl.dll
C:\WINDOWS\system32\ioshihvv.ini
C:\WINDOWS\system32\iuitmf.dll
C:\WINDOWS\system32\ixyrrnnn.dll
C:\WINDOWS\system32\jaqwthns.dll
C:\WINDOWS\system32\jasaxtrr.ini
C:\WINDOWS\system32\jcbbso.dll
C:\WINDOWS\system32\jikjih.dll
C:\WINDOWS\system32\jilnonpo.ini
C:\WINDOWS\system32\jilnonpo.ini2
C:\WINDOWS\system32\jpjsim.dll
C:\WINDOWS\system32\jprdmstp.dll
C:\WINDOWS\system32\jvmntiae.dll
C:\WINDOWS\system32\jvypneio.dll
C:\WINDOWS\system32\kchplnnk.dll
C:\WINDOWS\system32\klghus.dll
C:\WINDOWS\system32\krnotymr.dll
C:\WINDOWS\system32\ktfmyars.ini
C:\WINDOWS\system32\kwufzu.dll
C:\WINDOWS\system32\lalknftc.dll
C:\WINDOWS\system32\lcecufer.ini
C:\WINDOWS\system32\lecgdimk.dll
C:\WINDOWS\system32\lhhworkc.ini
C:\WINDOWS\system32\limmxytn.ini
C:\WINDOWS\system32\llvcwjkd.dll
C:\WINDOWS\system32\lpovcdnc.dll
C:\WINDOWS\system32\ltmtddqs.ini
C:\WINDOWS\system32\lybtvjvg.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfbanekc.dll
C:\WINDOWS\system32\mffbtwjg.dll
C:\WINDOWS\system32\mfttwrtq.dll
C:\WINDOWS\system32\mklipqyj.dll
C:\WINDOWS\system32\mrcilkic.dll
C:\WINDOWS\system32\mrvocfvf.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msujjmti.dll
C:\WINDOWS\system32\mxkitahu.ini
C:\WINDOWS\system32\ncmiorio.dll
C:\WINDOWS\system32\ngdogl.dll
C:\WINDOWS\system32\nghdmfde.dll
C:\WINDOWS\system32\nlnyqxgn.ini
C:\WINDOWS\system32\nlnywdrt.dll
C:\WINDOWS\system32\nUuxyyxx.ini
C:\WINDOWS\system32\nUuxyyxx.ini2
C:\WINDOWS\system32\nxnpiryb.dll
C:\WINDOWS\system32\nyassgnq.dll
C:\WINDOWS\system32\odqqxgws.dll
C:\WINDOWS\system32\oekxkpqo.dll
C:\WINDOWS\system32\ohammfme.ini
C:\WINDOWS\system32\ooicnwwb.dll
C:\WINDOWS\system32\opgyxpmi.dll
C:\WINDOWS\system32\opjxbeee.dll
C:\WINDOWS\system32\orrnuv.dll
C:\WINDOWS\system32\osfetyqj.dll
C:\WINDOWS\system32\ovbpoklm.dll
C:\WINDOWS\system32\pedalclm.dll
C:\WINDOWS\system32\plviqngj.dll
C:\WINDOWS\system32\pnyuddic.dll
C:\WINDOWS\system32\pqavcm.dll
C:\WINDOWS\system32\prcfsc.dll
C:\WINDOWS\system32\psmfnfhc.dll
C:\WINDOWS\system32\qcrbeytg.dll
C:\WINDOWS\system32\qdeludlw.ini
C:\WINDOWS\system32\qioiqjeb.dll
C:\WINDOWS\system32\qjnfzu.dll
C:\WINDOWS\system32\qmkohmti.dll
C:\WINDOWS\system32\qnxrcndr.dll
C:\WINDOWS\system32\qqqnljyy.dll
C:\WINDOWS\system32\qsqoknkh.dll
C:\WINDOWS\system32\qwwkkfbq.dll
C:\WINDOWS\system32\qxmdkjie.dll
C:\WINDOWS\system32\rbmfgs.dll
C:\WINDOWS\system32\rfvhkdfk.dll
C:\WINDOWS\system32\rfvrlf.dll
C:\WINDOWS\system32\rkpgjcvw.dll
C:\WINDOWS\system32\rlcnfc.dll
C:\WINDOWS\system32\rmqvnawq.ini
C:\WINDOWS\system32\rrezkz.dll
C:\WINDOWS\system32\rxfbaj.dll
C:\WINDOWS\system32\rxmxcs.dll
C:\WINDOWS\system32\sarxnyhk.dll
C:\WINDOWS\system32\semwrhnp.dll
C:\WINDOWS\system32\sjivwtaj.dll
C:\WINDOWS\system32\skcqxhqn.ini
C:\WINDOWS\system32\skqfbdem.dll
C:\WINDOWS\system32\sokxgroj.ini
C:\WINDOWS\system32\ssyxwr.dll
C:\WINDOWS\system32\suvoit.dll
C:\WINDOWS\system32\szemys.dll
C:\WINDOWS\system32\tdffntsc.ini
C:\WINDOWS\system32\tgitwgok.dll
C:\WINDOWS\system32\tkgulqip.ini
C:\WINDOWS\system32\toufeekp.dll
C:\WINDOWS\system32\tskbunxx.ini
C:\WINDOWS\system32\tvwssb.dll
C:\WINDOWS\system32\twxegj.dll
C:\WINDOWS\system32\ufnkgihc.dll
C:\WINDOWS\system32\uinikbdr.dll
C:\WINDOWS\system32\uisvpjdc.ini
C:\WINDOWS\system32\upcnvj.dll
C:\WINDOWS\system32\upsvtilw.dll
C:\WINDOWS\system32\uuuwrvwh.dll
C:\WINDOWS\system32\uwpqgm.dll
C:\WINDOWS\system32\vfzkxr.dll
C:\WINDOWS\system32\vgpadv.dll
C:\WINDOWS\system32\vhgsbcpa.ini
C:\WINDOWS\system32\vkrvkqrb.dll
C:\WINDOWS\system32\vllvfoif.ini
C:\WINDOWS\system32\vmudmrnf.dll
C:\WINDOWS\system32\vtdmhuur.dll
C:\WINDOWS\system32\vvmceisj.dll
C:\WINDOWS\system32\vvvwa.bak1
C:\WINDOWS\system32\vvvwa.bak2
C:\WINDOWS\system32\vvvwa.ini2
C:\WINDOWS\system32\vvvwa.tmp
C:\WINDOWS\system32\vwgmglgs.dll
C:\WINDOWS\system32\WinNB55.dll
C:\WINDOWS\system32\wnqfffuy.dll
C:\WINDOWS\system32\wtvccp.dll
C:\WINDOWS\system32\xaleqybu.ini
C:\WINDOWS\system32\xemdenls.ini
C:\WINDOWS\system32\xgcoffni.dll
C:\WINDOWS\system32\xmkafhno.dll
C:\WINDOWS\system32\xpfhalpe.dll
C:\WINDOWS\system32\xpjuayae.dll
C:\WINDOWS\system32\xqttqqmy.dll
C:\WINDOWS\system32\xtraek.dll
C:\WINDOWS\system32\xysgerff.ini
C:\WINDOWS\system32\yaxukoue.dll
C:\WINDOWS\system32\ybdlcdlr.dll
C:\WINDOWS\system32\yhguex.dll
C:\WINDOWS\system32\ykxjaoot.dll
C:\WINDOWS\system32\yphouwik.ini
C:\WINDOWS\system32\yrdfxrud.ini
C:\WINDOWS\system32\yrvredvh.dll
C:\WINDOWS\system32\ysylrkme.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.

2008-08-05 10:05 . 2008-08-05 10:05 <DIR> d-------- C:\Documents and Settings\User\Application Data\SaveThePuppy
2008-08-05 08:08 . 2008-08-05 10:58 <DIR> d-------- C:\Program Files\Nick Jr. Arcade
2008-08-03 14:37 . 2008-08-03 14:37 <DIR> d-------- C:\Program Files\Opera
2008-08-02 18:39 . 2008-08-02 18:39 <DIR> d-------- C:\Program Files\CCleaner
2008-08-01 19:47 . 2008-08-01 19:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-01 19:47 . 2008-08-01 19:47 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-08-01 19:47 . 2008-08-01 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-01 19:47 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-01 19:47 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-28 12:52 . 2008-07-31 16:08 <DIR> d-------- C:\Documents and Settings\james\Shared
2008-07-28 12:52 . 2008-07-31 18:32 <DIR> d-------- C:\Documents and Settings\james\Incomplete
2008-07-28 12:52 . 2008-07-29 12:49 <DIR> d-------- C:\Documents and Settings\james\Application Data\MP3Rocket
2008-07-25 13:25 . 2005-04-26 02:27 <DIR> d-------- C:\Documents and Settings\james\WINDOWS
2008-07-25 13:25 . 2005-09-17 14:40 <DIR> d-------- C:\Documents and Settings\james\Application Data\SampleView
2008-07-25 13:25 . 2007-11-24 11:02 <DIR> d-------- C:\Documents and Settings\james\Application Data\Apple Computer
2008-07-25 13:25 . 2008-08-01 18:00 <DIR> d-------- C:\Documents and Settings\james
2008-07-20 21:06 . 2008-07-20 21:06 110 --a------ C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
2008-07-19 21:30 . 2008-07-19 21:30 81,743 --a------ C:\WINDOWS\system32\wsjclajg.dll
2008-07-19 21:03 . 2008-07-19 21:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-19 21:03 . 2008-08-05 07:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-17 18:16 . 2008-03-02 16:00 58,952 --a------ C:\WINDOWS\system32\MsgPlusLoader.dll
2008-07-16 05:13 . 2008-07-16 05:13 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-16 05:07 . 2008-07-16 05:07 <DIR> d-------- C:\Program Files\NOS
2008-07-16 05:07 . 2008-07-16 05:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-15 21:13 . 2008-07-15 21:13 <DIR> d-------- C:\Program Files\Conduit
2008-07-15 19:32 . 2008-07-15 19:32 <DIR> d-------- C:\WINDOWS\speech
2008-07-15 17:10 . 2008-07-15 17:10 <DIR> d-------- C:\Program Files\NaturalSoft
2008-07-15 13:46 . 2008-07-15 13:46 <DIR> d-------- C:\Program Files\AliveMedia
2008-07-15 13:46 . 2002-12-03 03:02 491,520 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
2008-07-15 13:46 . 2002-12-03 03:10 158,208 --a------ C:\WINDOWS\system32\NCTTextToAudio.dll
2008-07-14 21:09 . 2008-07-14 21:09 63,971 --a------ C:\WINDOWS\system32\iyfndiuo.dll
2008-07-14 17:06 . 2008-07-20 18:26 <DIR> d-------- C:\Program Files\WM Converter
2008-07-14 16:49 . 2008-07-14 17:21 <DIR> d-------- C:\WINDOWS\system32\olixds05
2008-07-14 16:49 . 2008-07-14 16:49 <DIR> d-------- C:\Temp\stmpv4
2008-07-12 21:12 . 2008-07-12 21:12 <DIR> d-------- C:\Program Files\AnalogX
2008-07-11 13:11 . 2008-07-12 16:28 <DIR> d-------- C:\Program Files\Paint.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 11:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-05 10:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-05 08:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-08-05 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-02 17:45 --------- d-----w C:\Program Files\WordBiz
2008-08-02 17:45 --------- d-----w C:\Program Files\NCH Swift Sound
2008-08-02 17:45 --------- d-----w C:\Documents and Settings\User\Application Data\NCH Swift Sound
2008-08-02 15:26 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-31 18:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 18:31 --------- d-----w C:\Program Files\Electronic Arts
2008-07-30 16:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 16:28 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 16:28 10,537 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-29 04:50 --------- d-----w C:\Program Files\Norton Internet Security
2008-07-27 18:58 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-27 07:53 --------- d-----w C:\Program Files\FrostWire
2008-07-26 15:00 --------- d-----w C:\Documents and Settings\User\Application Data\FrostWire
2008-07-24 04:13 --------- d-----w C:\Program Files\Java
2008-07-21 16:09 --------- d-----w C:\Documents and Settings\User\Application Data\MP3Rocket
2008-07-20 17:25 --------- d-----w C:\Program Files\Pivot Stickfigure Animator
2008-07-16 04:10 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-14 19:49 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-14 19:49 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-07-14 19:49 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-14 19:49 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-14 19:49 --------- d-----w C:\Program Files\Symantec
2008-07-14 14:57 --------- d-----w C:\Program Files\iMesh Applications
2008-07-12 15:32 --------- d-----w C:\Program Files\Zylom Games
2008-07-12 15:29 --------- d-----w C:\Program Files\quicksnooker
2008-07-12 15:27 --------- d-----w C:\Program Files\Easy DVD Creator
2008-06-28 09:55 --------- d-----w C:\Program Files\WinLemm
2008-06-24 09:58 390 ----a-w C:\Documents and Settings\User\Application Data\wklnhst.dat
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Astar Games
2008-06-07 10:55 --------- d-----w C:\Program Files\Dealio
2008-06-06 11:25 --------- d-----w C:\Documents and Settings\User\Application Data\Uniblue
2008-06-06 11:09 --------- d-----w C:\Program Files\Blubster Toolbar
2008-06-05 15:59 --------- d-----w C:\Program Files\Shareaza Applications
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-03-03 16:36 68,288 ----a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
2008-02-29 11:03 0 -c--a-w C:\Program Files\temp01
2007-10-30 17:10 64,568 -c--a-w C:\Documents and Settings\Emma\Application Data\GDIPFONTCACHEV1.DAT
2007-08-16 17:49 246 -c--a-w C:\Program Files\Common Files\qujaxi915
2007-07-28 09:06 135 -c--a-w C:\Program Files\Common Files\rtereme.html
2007-07-19 15:53 146 -c--a-w C:\Documents and Settings\Emma\Application Data\wklnhst.dat
2007-07-14 10:35 104 --sh--r C:\WINDOWS\system32\08FB85A369.sys
2008-02-16 10:20 80 --sh--r C:\WINDOWS\system32\7FE9FEDC47.dll
2007-07-14 10:35 1,786 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2003-08-16 08:41 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012003081620030817\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2008-02-27 17:56 1032376]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-15 20:04 180269]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 02:22 26248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-03-02 16:00 190024]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Broadband Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Broadband Assistant.lnk
backup=C:\WINDOWS\pss\AOL Broadband Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
backup=C:\WINDOWS\pss\Install Pending Files.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^wkcalrem.LNK]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\wkcalrem.LNK
backup=C:\WINDOWS\pss\wkcalrem.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aimdeleteactivegram]
--a--c--- 2006-10-12 17:25 542208 C:\Documents and Settings\All Users\Application Data\base ford aim delete\skip error.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2007-12-07 16:30 71008 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--a--c--- 2005-06-11 04:51 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 20:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-11-01 16:06 50736 C:\Program Files\Common Files\AOL\1145303948\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a--c--- 2005-04-25 10:29 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2005-04-25 10:32 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2008-02-27 17:56 1032376 C:\Program Files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2008-03-02 16:00 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-10-11 12:45 75304 C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a--c--- 2005-04-25 10:32 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2002-09-13 23:42 212992 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra--c--- 2005-10-26 17:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a--c--- 2004-11-15 15:04 135168 C:\Program Files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-05-15 20:04 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a--c--- 2005-05-03 18:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a--c--- 2005-05-03 14:02 543232 C:\WINDOWS\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a--c--- 2005-07-13 10:37 14679552 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2007-12-20 22:52]
S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys []
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 10:25]
S3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2008-03-13 17:12]
S3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS []
S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]
S3 vgadrv;vgadrv;C:\WINDOWS\system32\DRIVERS\vgadrv.sys [2006-06-10 10:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2faf5121-2784-11da-8803-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-01 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - User.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2006-09-07 06:38]
.
- - - - ORPHANS REMOVED - - - -

BHO-{4319BC27-CC5A-4C8D-A2A1-C8EEC02A26CF} - C:\WINDOWS\system32\urqQjkhH.dll
BHO-{B9F7F593-5415-4A21-B1A0-7C8A3064C857} - C:\WINDOWS\system32\xxyyxuUn.dll
BHO-{F1894491-E43C-47BE-AB33-9365DE1B028A} - C:\WINDOWS\system32\byXQIYQJ.dll
Toolbar-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-BM6b578306 - C:\WINDOWS\system32\itjhgnic.dll
HKLM-Run-6864b09a - C:\WINDOWS\system32\wpnreoqh.dll
Notify-byXOiHbX - (no file)
Notify-cbXPiGxx - cbXPiGxx.dll
MSConfigStartUp-%FP%Friendly fts - C:\Program Files\VoyagerTest\fts.exe
MSConfigStartUp-ares - C:\Program Files\Ares\Ares.exe
MSConfigStartUp-Blubster - C:\Program Files\Blubster\blubster.exe
MSConfigStartUp-Debug Road - C:\DOCUME~1\User\APPLIC~1\SUPPOR~1\WinIsoTest.exe
MSConfigStartUp-EzPrint - C:\Program Files\Lexmark 4300 Series\ezprint.exe
MSConfigStartUp-FaxCenterServer - C:\Program Files\Lexmark Fax Solutions\fm3032.exe
MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-lxcemon - C:\Program Files\Lexmark 4300 Series\lxcemon.exe
MSConfigStartUp-MCAgentExe - c:\PROGRA~1\mcafee.com\agent\McAgent.exe
MSConfigStartUp-MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-MPFExe - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-NapsterShell - C:\Program Files\Napster\napster.exe
MSConfigStartUp-NoteBurner - C:\Program Files\NoteBurner\VTBurnerGUI.exe
MSConfigStartUp-OASClnt - C:\Program Files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-SinglesMSetup - C:\DOCUME~1\User\Desktop\SINGLE~1.EXE
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
MSConfigStartUp-VirusScan Online - c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
MSConfigStartUp-DSLAGENTEXE - dslagent.exe
MSConfigStartUp-GSICONEXE - GSICON.EXE


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ikerbbxd.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ask.com/?o=10599&l=dis
FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 12:10:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-05 12:16:57
ComboFix-quarantined-files.txt 2008-08-05 11:16:53

Pre-Run: 21,466,816,512 bytes free
Post-Run: 22,388,662,272 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

521 --- E O F --- 2008-08-02 15:24:47

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:08, on 05/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=10599&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinematycoon/sis/cinematycoon.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 1: (no name) - http://www.bbc.co.uk/home/beta/object/clock/tiny.swf

--
End of file - 9741 bytes


Installed programs:

Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 9
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Adobe® Photoshop® Album Starter Edition 3.0
AnalogX SayIt
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
BBC iPlayer Download Manager
Big Fish Games Client
BigFix
Bonusprint PhotoBook Editor
Canon MP Navigator 3.0
Canon MP180
Canon MP180 User Registration
Canon Utilities Easy-PhotoPrint
Cars
Cars - Radiator Springs Adventures
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.7
Digital Media Reader
Disc2Phone
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Docudesk GPL Ghostscript 8.15
Emperors New Groove
Express Burn
Google Earth
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
InterActual Player
Intergraph SmartSketch
Intergraph SmartSketch AEC Solutions
Intergraph SmartSketch CAD Translators
Intergraph SmartSketch Electrical Diagramming
Intergraph SmartSketch GD&T and Weld Symbols
Intergraph SmartSketch Image Integrator
Intergraph SmartSketch Process Solutions
Intergraph SmartSketch Programming Tools
Intergraph SmartSketch Symbol Authoring
Intergraph SmartSketch Web Publishing
iTunes
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
LiveUpdate 3.1 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Mario Forever 4.0
Meet Blue's Baby Brother
Messenger Plus! 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft Office Word Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mozilla Firefox (3.0.1)
Mozilla Thunderbird (2.0.0.16)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Keyboard Driver
Nero BurnRights
Nero OEM
Norton Internet Security (Symantec Corporation)
Norton Security Scan
Opera 9.51
PowerDVD
QuickTime
Real Lives 2004
Real Lives 2007
RealPlayer
Realtek High Definition Audio Driver
Recovery Software Suite eMachines
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
ScanSoft OmniPage SE 4.0
SCRABBLE
Serif DrawPlus 5.0
Serif PhotoPlus 6.0
Sky Broadband
SoftV92 Data Fax Modem with SmartCP
Sony Ericsson PC Suite 1.20.173
Spybot - Search & Destroy
The Sims 2
The Sims™ Life Stories
The Wonder Pets Save the Puppy!
Toy Story 2 ToyShelf_Cone
Wildlife Tycoon Venture Africa
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Vista Upgrade Advisor
XviD MPEG-4 Video Codec



How are things running now ?
Early days and my machine is never going to break any speed records, but it seems OK. I rebooted and didn't get any of those RUNDLL pop-ups, so I suppose that's an encouraging sign.

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


http://forums.spybot.info/showthread.php?p=220028#post220028

Collect::[4]
C:\WINDOWS\system32\wsjclajg.dll
C:\WINDOWS\system32\iyfndiuo.dll
C:\Program Files\Common Files\qujaxi915
C:\Program Files\Common Files\rtereme.html
Dirlook::
C:\Documents and Settings\User\Application Data
File::
C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
C:\WINDOWS\system32\08FB85A369.sys
C:\WINDOWS\system32\7FE9FEDC47.dll
Folder::
C:\Documents and Settings\All Users\Application Data\base ford aim delete
C:\Program Files\iMesh Applications
C:\Program Files\Blubster Toolbar
C:\Program Files\Shareaza Applications
C:\Program Files\temp01
C:\WINDOWS\system32\olixds05
C:\Temp\stmpv4
C:\Program Files\FrostWire
C:\Documents and Settings\User\Application Data\FrostWire
C:\Documents and Settings\james\Shared
C:\Documents and Settings\james\Incomplete
Driver::
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aimdeleteactivegram]
ADS::
Save this as CFScript.txt and place it on your desktop.


http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
A window will open asking you to ensure you are connected to the internet, this is so a file can be submitted for analysis.
Click OK and follow the instructions to submit the file.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

NoLop
Please Download NoLop to your desktop from one of the links below...
Link 1 (http://www.spywareedge.net/nolop/NoLop.exe)
Link 2 (http://www.greyknight17.com/spy/NoLop.exe)
Link 3 (http://thespykiller.co.uk/index.php?action=tpmod;dl=get6)
First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx (http://www.boletrice.com/downloads/mscomctl.ocx) to your system32 folder then rerun the program.--


Remove Programs

Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,
click on the program to highlight it, and click on remove.

J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Now close the Control Panel.


Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis



Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.



Logs/Information to Post in Reply
Please post the following logs/Information in your reply

ComboFix Log
NoLop Log
A fresh HJT log
Kaspersky Log
How are things running now ?

Daveydee, this topic has been archived due to inactivity.

As it has been five days or more since your last post, this topic has been archived and will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread.

Applies only to the original poster, anyone else with similar problems please start a new topic.

Thank you katana. :)