View Full Version : Big Help needed
O.K. I have tried highjack this and the cookie has shut that down as well.
AVG picked up yadro.ru.a4842f54 & yadro.ru.c77afad5 & Cookie.sqlite.
Please help, I ran a log file earlier, I hope it helps
Running from: C:\Programme\Download\Program Downloads\Win32kDiag.exe
Log file at : C:\Documents and Settings\PaulBerry\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB960859\KB960859
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB971557\KB971557
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB971657\KB971657
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB972260-IE7\KB972260-IE7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB973507\KB973507
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB973815\KB973815
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\A4W_DATA\A4W_DATA
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\UserMode\UserMode
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\WPD\WPD
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\3.0.6920
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\mui\mui
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Logs\Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Pixtran\Pixtran
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Profiles\All Users\Adobe\Webbuy\Webbuy
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\security\logs\logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2006-02-28 21:30:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
Running from: C:\Programme\Download\Program Downloads\Win32kDiag.exe
Log file at : C:\Documents and Settings\PaulBerry\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB960859\KB960859
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB971557\KB971557
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB971657\KB971657
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB972260-IE7\KB972260-IE7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB973507\KB973507
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB973815\KB973815
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\A4W_DATA\A4W_DATA
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\UserMode\UserMode
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\WPD\WPD
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\3.0.6920
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\mui\mui
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Logs\Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Pixtran\Pixtran
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Profiles\All Users\Adobe\Webbuy\Webbuy
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\security\logs\logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2006-02-28 21:30:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
Not sure what to do:
All Spyware and Adware program will not run
Now AVG wont run a scan
Hijacker.Affiliated_with_Browser_Hijackers(64 infections) Low :spider:
Spyware.Known_Bad_Sites(2) Low
Application.PowerRegister(3) Info & PUAs
Trojan.FakeAlert(21) High
Spy doctor found these, but I need to register to remove
Tea Timer Log
19/06/2009 10:50:02 AM Allowed (based on user decision) value "QuickTime Task" (new data: "") deleted in System Startup global entry!
19/06/2009 10:50:31 AM Allowed (based on user whitelist) value "QuickTime Task" (new data: ""C:\Program Files\QuickTime\QTTask.exe" -atboottime") added in System Startup global entry!
19/06/2009 10:51:28 AM Allowed (based on lassh blacklist) value "iTunesHelper" (new data: "") deleted in System Startup global entry!
19/06/2009 10:52:07 AM Allowed (based on user decision) value "iTunesHelper" (new data: ""C:\Program Files\iTunes\iTunesHelper.exe"") added in System Startup global entry!
21/06/2009 5:24:03 PM Allowed (based on user decision) value "SpybotDeletingB7125" (new data: "") deleted in System Startup user entry!
21/06/2009 5:24:06 PM Allowed (based on user decision) value "SpybotDeletingD6176" (new data: "") deleted in System Startup user entry!
21/06/2009 5:24:06 PM Allowed (based on user decision) value "SpybotDeletingA8749" (new data: "") deleted in System Startup global entry!
21/06/2009 5:24:06 PM Allowed (based on user decision) value "SpybotDeletingC8036" (new data: "") deleted in System Startup global entry!
29/06/2009 8:50:20 AM Allowed (based on user decision) value "{A057A204-BACC-4D26-9990-79A187E2698E}" (new data: "") deleted in Global browser toolbar!
29/06/2009 8:50:20 AM Allowed (based on user decision) value "{A057A204-BACC-4D26-9990-79A187E2698E}" (new data: "") deleted in Browser Helper Object!
4/07/2009 4:39:28 PM Allowed (based on user decision) value "Uniblue RegistryBooster 2009" (new data: "C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S") added in System Startup user entry!
4/07/2009 4:39:30 PM Allowed (based on user decision) value "UniblueSpeedUpMyPC" (new data: "C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe -minimize") added in System Startup user entry!
14/08/2009 8:53:20 PM Allowed (based on user decision) value "Ceedo Repair" (new data: "C:\DOCUME~1\PAULBE~1\LOCALS~1\Temp\AutoDetect.exe /repair /drive=E /name=Ceedo") added in System Startup user entry!
14/08/2009 10:26:58 PM Allowed (based on user decision) value "Ceedo Repair" (new data: "") deleted in System Startup user entry!
15/08/2009 11:57:58 AM Allowed (based on user decision) value "FlashPlayerUpdate" (new data: "C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p") added in System Startup user entry!
17/08/2009 7:31:37 PM Allowed (based on user whitelist) value "AnyDVD" (new data: ""C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"") changed in System Startup user entry!
17/08/2009 7:31:40 PM Allowed (based on user whitelist) value "AnyDVD" (new data: "C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe") changed in System Startup user entry!
18/08/2009 8:05:31 PM Allowed (based on user decision) value "SunJavaUpdateSched" (new data: "") deleted in System Startup global entry!
18/08/2009 8:06:01 PM Allowed (based on user whitelist) value "{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" (new data: "") deleted in Browser Helper Object!
18/08/2009 8:06:14 PM Allowed (based on user decision) value "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" (new data: "") added in Browser Helper Object!
18/08/2009 8:06:14 PM Allowed (based on user decision) value "{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}" (new data: "") added in ActiveX Distribution Unit!
18/08/2009 8:06:14 PM Allowed (based on user decision) value "{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}" (new data: "") deleted in ActiveX Distribution Unit!
18/08/2009 8:06:15 PM Allowed (based on user whitelist) value "SunJavaUpdateSched" (new data: ""C:\Program Files\Java\jre6\bin\jusched.exe"") added in System Startup global entry!
18/08/2009 8:06:18 PM Allowed (based on user whitelist) value "{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" (new data: "") added in Browser Helper Object!
18/08/2009 8:06:18 PM Allowed (based on user decision) value "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" (new data: "") deleted in Browser Helper Object!
23/08/2009 6:19:16 PM Allowed (based on user whitelist) value "FlashPlayerUpdate" (new data: "") deleted in System Startup user entry!
30/08/2009 7:39:41 PM Allowed (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\Terminator Salvation Skull.scr") changed in Desktop settings!
5/09/2009 7:14:33 PM Allowed (based on user decision) value "scrnsave.exe" (new data: "") deleted in Desktop settings!
10/09/2009 8:12:40 PM Allowed (based on user whitelist) value "DefaultUserName" (new data: "PaulBerry") changed in Winlogon!
12/09/2009 6:57:45 PM Allowed (based on user decision) value "Uninstall Adobe Download Manager" (new data: ""C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1noarp") added in System Startup global entry!
13/09/2009 9:45:52 AM Allowed (based on user whitelist) value "DefaultUserName" (new data: "Tayla & Carla") changed in Winlogon!
13/09/2009 11:54:35 AM Allowed (based on user whitelist) value "DefaultUserName" (new data: "PaulBerry") changed in Winlogon!
15/09/2009 4:06:26 PM Allowed (based on user whitelist) value "DefaultUserName" (new data: "Tayla & Carla") changed in Winlogon!
19/09/2009 11:49:55 AM Allowed (based on user decision) value "Uninstall Adobe Download Manager" (new data: "") deleted in System Startup global entry!
19/09/2009 11:49:57 AM Allowed (based on user whitelist) value "DefaultUserName" (new data: "PaulBerry") changed in Winlogon!
20/09/2009 3:14:24 AM Allowed (based on user decision) value "DW6" (new data: "") deleted in System Startup user entry!
22/09/2009 10:40:27 PM Allowed (based on user decision) value "SpybotDeletingB8433" (new data: "command.com /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup user entry!
22/09/2009 10:40:33 PM Allowed (based on user decision) value "SpybotDeletingD8409" (new data: "cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup user entry!
22/09/2009 10:40:33 PM Allowed (based on user decision) value "SpybotDeletingA2970" (new data: "command.com /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup global entry!
22/09/2009 10:40:37 PM Allowed (based on user decision) value "SpybotDeletingC6210" (new data: "cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup global entry!
22/09/2009 11:31:07 PM Allowed (based on user decision) value "PopRock" (new data: "C:\DOCUME~1\PAULBE~1\LOCALS~1\Temp\a.exe") added in System Startup user entry!
22/09/2009 11:36:01 PM Allowed (based on user decision) value "*Restore" (new data: "C:\WINDOWS\system32\restore\rstrui.exe -i") added in System Startup global entry!
22/09/2009 11:51:48 PM Allowed (based on user decision) value "PopRock" (new data: "C:\DOCUME~1\PAULBE~1\LOCALS~1\Temp\a.exe") added in System Startup user entry!
22/09/2009 11:51:48 PM Allowed (based on user decision) value "Uniblue RegistryBooster 2009" (new data: "") deleted in System Startup user entry!
22/09/2009 11:51:48 PM Allowed (based on user decision) value "UniblueSpeedUpMyPC" (new data: "") deleted in System Startup user entry!
22/09/2009 11:51:48 PM Allowed (based on user decision) value "SpybotDeletingB8433" (new data: "") deleted in System Startup user entry!
22/09/2009 11:51:48 PM Allowed (based on user decision) value "SpybotDeletingD8409" (new data: "") deleted in System Startup user entry!
22/09/2009 11:51:48 PM Allowed (based on user decision) value "SpybotDeletingA2970" (new data: "") deleted in System Startup global entry!
22/09/2009 11:51:48 PM Allowed (based on user decision) value "SpybotDeletingC6210" (new data: "") deleted in System Startup global entry!
22/09/2009 11:51:48 PM Allowed (based on user decision) value "*Restore" (new data: "") deleted in System Startup global entry!
23/09/2009 12:00:15 AM Allowed (based on user decision) value "PopRock" (new data: "") deleted in System Startup user entry!
23/09/2009 12:03:25 AM Allowed (based on user decision) value "PopRock" (new data: "C:\DOCUME~1\PAULBE~1\LOCALS~1\Temp\a.exe") added in System Startup user entry!
23/09/2009 12:03:31 AM Allowed (based on user decision) value "scrnsave.exe" (new data: "none") added in Desktop settings!
23/09/2009 12:05:10 AM Allowed (based on user decision) value "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" (new data: "hex:20,A3,C7,CC,CA,B3,99,41,B1,A6,9F,51,6D,D6,98,29") added in User-specific browser toolbar!
23/09/2009 12:34:48 AM Allowed (based on user decision) value "SpybotSD TeaTimer" (new data: "") deleted in System Startup user entry!
23/09/2009 12:34:48 AM Allowed (based on user decision) value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") deleted in Browser Helper Object!
23/09/2009 1:59:25 PM Allowed (based on user decision) value "virus" (new data: "C:\WINDOWS\system32\virus1.exe") added in System Startup global entry!
23/09/2009 1:59:25 PM Allowed (based on user decision) value "Start Page" (new data: "http://www.pagedetournee.com") changed in Browser page!
23/09/2009 2:02:46 PM Allowed (based on user decision) value "virus" (new data: "") deleted in System Startup global entry!
23/09/2009 2:02:46 PM Allowed (based on user decision) value "Start Page" (new data: "about:blank") changed in Browser page!
23/09/2009 2:06:19 PM Allowed (based on user decision) value "AROReminder" (new data: "") added in System Startup user entry!
23/09/2009 2:06:32 PM Allowed (based on user decision) value "AROReminder" (new data: "C:\Program Files\Advanced Registry Optimizer\aro.exe -rem") changed in System Startup user entry!
23/09/2009 2:08:14 PM Allowed (based on user decision) value "AROReminder" (new data: "C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem") changed in System Startup user entry!
23/09/2009 2:16:21 PM Allowed (based on user decision) value "PopRock" (new data: "") deleted in System Startup user entry!
23/09/2009 2:23:49 PM Allowed (based on user decision) value "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" (new data: "hex:00") added in Global browser toolbar!
23/09/2009 2:23:51 PM Allowed (based on user decision) value "{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" (new data: "") added in Browser Helper Object!
23/09/2009 2:26:31 PM Allowed (based on user decision) value "Crawler Search" (new data: "") added in Browser menu extension!
23/09/2009 2:26:31 PM Allowed (based on user decision) value "Search Bar" (new data: "http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60426") added in Browser page!
23/09/2009 2:26:31 PM Allowed (based on user decision) value "SearchAssistant" (new data: "http://www.crawler.com/search/ie.aspx?tb_id=60426") added in Browser page!
23/09/2009 2:26:32 PM Allowed (based on user decision) value "SearchAssistant" (new data: "http://www.crawler.com/search/ie.aspx?tb_id=60426") changed in Browser page!
23/09/2009 2:26:32 PM Allowed (based on user decision) value "CustomizeSearch" (new data: "http://dnl.crawler.com/support/sa_customize.aspx?TbId=60426") changed in Browser page!
23/09/2009 2:26:34 PM Allowed (based on user decision) value "{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" (new data: "") added in Internet Explorer searches!
23/09/2009 2:26:37 PM Allowed (based on user decision) value "{A3BC75A2-1F87-4686-AA43-5347D756017C}" (new data: "") deleted in Internet Explorer searches!
23/09/2009 2:26:37 PM Allowed (based on user decision) value "*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (new data: "") deleted in Internet Explorer searches!
23/09/2009 2:27:00 PM Allowed (based on user decision) value "SpywareTerminatorUpdate" (new data: ""C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"") added in System Startup user entry!
23/09/2009 2:49:13 PM Allowed (based on user decision) value "SpywareTerminator" (new data: ""C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"") added in System Startup global entry!
23/09/2009 3:20:20 PM Allowed (based on user decision) value "avast!" (new data: ""C:\Program Files\Alwil Software\Avast4\ashDisp.exe"") added in System Startup global entry!
23/09/2009 3:20:28 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
aswBoot.exe /A:"*" /L:"English" /KBD:3
") changed in Session manager!
23/09/2009 4:35:42 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") changed in Session manager!
23/09/2009 5:42:53 PM Allowed (based on user decision) value "RegistryMechanic" (new data: "C:\Program Files\Registry Mechanic\RegMech.exe /H") added in System Startup user entry!
23/09/2009 5:42:55 PM Allowed (based on user decision) value "ISTray" (new data: ""C:\Program Files\Spyware Doctor\pctsTray.exe"") added in System Startup global entry!
23/09/2009 7:09:02 PM Allowed (based on user decision) value "SpyHunter Security Suite" (new data: "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe") added in System Startup global entry!
23/09/2009 7:09:08 PM Allowed (based on user decision) value "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" (new data: "hex:EA,03,38,4B,30,52,C3,4D,A7,FC,33,63,8F,3D,35,42") added in User-specific browser toolbar!
23/09/2009 7:09:10 PM Allowed (based on user decision) value "{A3BC75A2-1F87-4686-AA43-5347D756017C}" (new data: "") added in Internet Explorer searches!
23/09/2009 7:09:11 PM Allowed (based on user decision) value "*{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" (new data: "") added in Internet Explorer searches!
23/09/2009 7:09:14 PM Allowed (based on user decision) value "{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" (new data: "") deleted in Internet Explorer searches!
23/09/2009 7:19:38 PM Allowed (based on user decision) value "!SASWinLogon" (new data: "") added in Winlogon Notifiers!
23/09/2009 7:20:41 PM Allowed (based on user decision) value "SUPERAntiSpyware" (new data: "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe") added in System Startup user entry!
23/09/2009 9:22:35 PM Allowed (based on user decision) value "{7530BFB8-7293-4D34-9923-61A11451AFC5}" (new data: "") added in ActiveX Distribution Unit!
23/09/2009 10:10:38 PM Allowed (based on user decision) value "SpyHunter Security Suite" (new data: "") deleted in System Startup global entry!
ComboFix 09-09-23.02 - PaulBerry 24/09/2009 22:06.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.2046.1299 [GMT 9.5:30]
Running from: c:\documents and settings\PaulBerry\Desktop\ComeOn.exe
AV: avast! antivirus 4.8.1351 [VPS 090923-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\12d5cc04.msp
c:\windows\Installer\2906197.msi
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.
2009-09-23 11:51 . 2009-09-23 11:51 -------- d-----w- c:\program files\ESET
2009-09-23 10:52 . 2009-09-23 10:52 -------- d-----w- c:\documents and settings\PaulBerry\Application Data\AVG8
2009-09-23 09:49 . 2009-09-23 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-23 09:49 . 2009-09-24 12:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-23 09:49 . 2009-09-23 09:49 -------- d-----w- c:\documents and settings\PaulBerry\Application Data\SUPERAntiSpyware.com
2009-09-23 09:38 . 2009-09-23 09:38 -------- d-----w- c:\program files\Enigma Software Group
2009-09-23 07:32 . 2008-12-10 23:08 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-23 07:32 . 2009-08-24 04:35 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-23 07:32 . 2009-08-19 01:31 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-23 07:31 . 2009-09-23 08:13 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-23 07:31 . 2008-12-10 02:06 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-23 07:30 . 2009-09-24 12:28 -------- d-----w- c:\program files\Spyware Doctor
2009-09-23 07:30 . 2009-09-23 07:30 -------- d-----w- c:\documents and settings\PaulBerry\Application Data\PC Tools
2009-09-23 07:30 . 2009-09-23 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-23 07:14 . 2009-09-22 17:03 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-09-23 05:50 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-23 05:50 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-23 05:50 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-23 05:49 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-23 05:49 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-23 05:49 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-23 05:49 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-23 05:49 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-23 05:49 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-23 05:49 . 2009-09-23 05:49 -------- d-----w- c:\program files\Alwil Software
2009-09-23 04:53 . 2009-09-23 13:35 -------- d-----w- c:\program files\Crawler
2009-09-23 04:36 . 2009-09-23 04:36 -------- d-----w- c:\documents and settings\PaulBerry\Application Data\Sammsoft
2009-09-23 04:36 . 2009-09-23 04:36 -------- d-----w- c:\program files\Advanced Registry Optimizer
2009-09-23 04:28 . 2009-09-23 04:28 -------- d-----w- c:\program files\AxBx
2009-09-22 17:30 . 2009-09-24 12:44 -------- d-----w- c:\program files\SDistTest
2009-09-22 17:12 . 2009-09-22 17:12 -------- d-----w- c:\program files\Trend Micro
2009-09-22 17:03 . 2009-09-23 07:14 -------- d-----w- c:\documents and settings\PaulBerry\.housecall6.6
2009-09-22 16:58 . 2009-09-22 16:59 -------- d-----w- C:\Reg Back up 230909
2009-09-22 16:57 . 2009-09-22 16:57 -------- d-----w- c:\program files\ERUNT
2009-09-22 16:48 . 2009-09-22 16:48 -------- d-----w- c:\documents and settings\PaulBerry\Application Data\Safer Networking
2009-09-22 15:00 . 2009-09-22 15:00 -------- d-----w- c:\program files\Safer Networking
2009-09-22 14:13 . 2009-09-23 14:37 0 ----a-r- c:\windows\win32k.sys
2009-09-19 17:38 . 2009-09-19 17:38 -------- d-----w- C:\Drivers
2009-09-12 16:07 . 2009-09-12 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-12 09:27 . 2009-09-12 09:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-12 09:26 . 2009-09-19 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-30 10:09 . 2009-09-22 14:33 -------- d-----w- c:\windows\system32\Terminator Salvation Skull dir
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 12:44 . 2008-05-31 09:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-24 12:44 . 2008-03-01 09:32 -------- d-----w- c:\documents and settings\PaulBerry\Application Data\MailWasherPro
2009-09-24 08:39 . 2008-12-13 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-23 12:41 . 2008-02-28 06:36 -------- d-----w- c:\program files\SpywareBlaster
2009-09-23 10:56 . 2008-10-08 07:08 -------- d-----w- c:\program files\AVG
2009-09-23 04:36 . 2009-05-01 12:24 -------- d-----w- c:\program files\AskBarDis
2009-09-23 04:29 . 2008-02-28 06:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-22 15:10 . 2008-02-28 06:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-22 15:06 . 2008-06-14 08:44 -------- d-----w- c:\program files\Google
2009-09-19 17:37 . 2009-07-04 06:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-09-04 03:11 . 2009-06-28 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-18 10:36 . 2008-02-28 06:35 -------- d-----w- c:\program files\Java
2009-08-16 23:45 . 2009-01-28 23:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 23:45 . 2008-10-08 07:08 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 23:45 . 2008-02-28 06:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-13 21:28 . 2009-09-23 07:32 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-11 06:26 . 2008-08-13 07:34 109368 ----a-w- c:\documents and settings\Tayla & Carla\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 18:01 . 2009-08-05 18:01 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-07-24 19:53 . 2008-12-21 14:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-13 14:13 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-04 06:50 . 2008-02-28 07:51 109368 ----a-w- c:\documents and settings\PaulBerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2004-10-01 05:30 . 2008-09-13 08:31 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 00:25 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-08-08 2980800]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\2\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-08-17 81000]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-22 1181064]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\Tayla & Carla\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
c:\documents and settings\PaulBerry\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2008-3-1 17846152]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 23:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Uniblue RegistryBooster 2009"=c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe /S
"UniblueSpeedUpMyPC"=c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe -minimize
"PopRock"=c:\docume~1\PAULBE~1\LOCALS~1\Temp\a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [23/09/2009 5:02 PM 206256]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23/09/2009 3:19 PM 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/10/2008 4:38 PM 335240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/09/2009 3:19 PM 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [29/01/2009 8:51 AM 297752]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [23/09/2009 5:00 PM 348752]
R2 SDisTestService;SpybotSnD Distributed Testing;c:\program files\SDistTest\SDistTestSvc.exe [23/09/2009 3:00 AM 907680]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13/04/2009 11:59 AM 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13/04/2009 11:59 AM 8320]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 03:04]
2009-09-24 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-06-09 06:05]
2009-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-13 04:13]
2009-02-12 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-09-22 06:01]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\PaulBerry\Application Data\Mozilla\Firefox\Profiles\h0mw0ypy.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p=
FF - component: c:\documents and settings\PaulBerry\Application Data\Mozilla\Firefox\Profiles\h0mw0ypy.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Nero - Burning Rom!UninstallKey - e:\nero\nero\uninstall\UNNERO.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 22:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(1776)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\searchindexer.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-24 22:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-24 12:47
Pre-Run: 245,680,558,080 bytes free
Post-Run: 245,815,296,000 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
275 --- E O F --- 2009-09-23 08:09
Here is exehelper log
exeHelper by Raktor - 09
Build 20090923
Run at 23:47:47 on 09/25/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
exeHelper by Raktor - 09
Build 20090923
Run at 23:49:50 on 09/25/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
Running from: C:\Programme\Download\Program Downloads\Win32kDiag.exe
Log file at : C:\Documents and Settings\PaulBerry\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Cannot access: C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe
[1] 2004-10-14 09:34:54 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 10:34:54 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 10:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)
[1] 2004-10-15 04:04:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 10:34:54 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 13:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 18:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 13:46:40 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 13:05:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 13:05:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:28 716000 C:\WINDOWS\$hf_mig$\KB911164\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB920213\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB920342\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)
[1] 2008-11-16 02:48:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB925720\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:28 716000 C:\WINDOWS\$hf_mig$\KB925876\update\update.exe (Microsoft Corporation)
[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:46:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)
[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)
[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)
[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)
[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)
[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation)
[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB935448\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)
[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)
[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 08:42:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)
[1] 2006-01-20 04:59:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:56 716000 C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB942840\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:56 716000 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 20:50:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:56 716000 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:56 716000 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 22:09:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)
[1] 2007-12-04 00:55:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 22:09:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 22:09:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 22:09:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:56 716000 C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 22:32:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 20:48:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 22:09:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)
[1] 2008-11-16 02:48:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 22:09:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 10:52:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 21:10:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 22:09:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 22:09:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 17:08:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 22:32:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)
Paully, because of the number of posts in your thread (eight) it appeared you were already being assisted.
However: Do NOT run 'fixes' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806 )
FYI for future reference: Post here if still waiting for help in the Malware Forum, (AFTER) FOUR days (http://forums.spybot.info/showthread.php?t=1137)
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Best regards.