WIN32 Delf.uc

D

Diver man

New member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:29 PM, on 7/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iolo\AntiVirus\ioloAV.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iolo\AntiVirus\iAVEmailScanner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: jstdrv - C:\WINDOWS\SYSTEM32\jstdrv.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8243 bytes
 
Hi Diver man

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

uninstall-man.jpg


5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
 
OK, thanks for the help

I probably should have said before, I've had this virus for a few months now and Spy Bot S&D wont remove it, it says its fixed but then next scan the virus will pop up again. Also my Google toolbar is deleted every start up, so I need to reinstall it every time I start my computer up, would this be caused by the virus I have on my computer.

Here's the list you asked for.


32 Bit HP CIO Components Installer
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 3.0
Adobe Reader 8.1.3
AMD Processor Driver
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Authentium AntiVirus SDK - 2
Bonjour
Broadcom Gigabit Integrated Controller
Choice Guard
Dell Resource CD
Dell Wireless WLAN Card
DVD Shrink 3.2
ERUNT 1.1j
Google Earth
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Product Assistant
HP Solution Center 8.0
HP Update
HPSSupply
iolo AntiVirus
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
LimeWire 5.0.11
Math Odyssey Algebra I
Math Odyssey Algebra II
Math Odyssey Calculus
Math Odyssey Pre-Calculus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
MobileMe Control Panel
Morrowind
Mozilla Firefox (2.0.0.14)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Need for Speed™ Carbon
Nikon Message Center
OpenOffice.org 2.4
OZ776 SCR Driver V1.1.3.9
PictureProject
PowerDVD
Project64 1.6
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Safari
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Segoe UI
SigmaTel Audio
Sonic Activation Module
Spybot - Search & Destroy
TES Construction Set
The Battle for Middle-earth (tm) II
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Windows Driver Package - 2Wire (2WIREPCP) Net (09/18/2002 1.4.0.5)
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.1.3 final uninstall

Thanks
 
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 5.0.11

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall list scan when finished and post the log back here.
 
OK, I've removed Limewire, here's the new list.

32 Bit HP CIO Components Installer
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 3.0
Adobe Reader 8.1.3
AMD Processor Driver
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Authentium AntiVirus SDK - 2
Bonjour
Broadcom Gigabit Integrated Controller
Choice Guard
Dell Resource CD
Dell Wireless WLAN Card
DVD Shrink 3.2
ERUNT 1.1j
Google Earth
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Product Assistant
HP Solution Center 8.0
HP Update
HPSSupply
iolo AntiVirus
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
Math Odyssey Algebra I
Math Odyssey Algebra II
Math Odyssey Calculus
Math Odyssey Pre-Calculus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
MobileMe Control Panel
Morrowind
Mozilla Firefox (2.0.0.14)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Need for Speed™ Carbon
Nikon Message Center
OpenOffice.org 2.4
OZ776 SCR Driver V1.1.3.9
PictureProject
PowerDVD
Project64 1.6
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Safari
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Segoe UI
SigmaTel Audio
Sonic Activation Module
Spybot - Search & Destroy
TES Construction Set
The Battle for Middle-earth (tm) II
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Windows Driver Package - 2Wire (2WIREPCP) Net (09/18/2002 1.4.0.5)
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.1.3 final uninstall

Thanks,
 
Thank you :)

Are both Authentium AntiVirus SDK - 2 and iolo AntiVirus up-to-date?
 
Iolo Antivirus is up to date, It just re updated today,

I didnt know I had Authentium AntiVirus SDK - 2 on my computer, so Im not sure.

Thanks
 
Then please uninstall Authentium AntiVirus SDK - 2 and post back a fresh HijackThis log.
 
OK, I that Authentium AntiVirus SDK - 2 didn't show up in the control panels add remove programs so I pressed delete in the Hijack this Add remove programs manager, I hope this uninstalled it.

Here's my new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:24 PM, on 13/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iolo\AntiVirus\ioloAV.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iolo\AntiVirus\iAVEmailScanner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: jstdrv - jstdrv.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9219 bytes


Thanks
 
No, it didn't.

Please check if here is uninstaller:

C:\Program Files\Common Files\Authentium\AntiVirus
 
OK, I found the file, but couldn't see any uninstall options,
The things in the file were:

csav
css3rde.dll
css3rdem.dll
csscan32.dll
css-dvp
Css-Dvp
defvn.dll
dvpapi
dvpmgr
dvpnt
english.tx1
english.tx2
macro
nomacro
odapi.dll
sign
sign2

I don't know if this was any help,
Thanks
 
So entire folder needs to be removed.

Go to start - run

Type sc stop dvpapi and click ok
then sc delete dvpapi and click ok

Reboot.

Delete this folder:

C:\Program Files\Common Files\Authentium

Empty Recycle Bin.

Post back a fresh HijackThis log, please.
 
When I rebooted my computer a notification came up saying:

Error
The component "DVPAPI"
is required for iolo Antivirus to operate properly and could not be started. (2)

Now Iolo Antivirus wont operate,
I haven't deleted the file C:\Program Files\Common Files\Authentium yet, because I was concerned Iolo antivirus might need it. And I wanted to here your opinion first.

Also that google toolbar problem stopped 2 days ago.

Thanks
 
OK, so they are the same antivirus. It is really confusing that they use two different names for it in control panel.

In that case. please uninstall and reinstall iolo antivirus and post back a fresh HijackThis log afterwards.
 
OK, I reinstalled Iolo Antivirus,

Here's the log,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:14 PM, on 16/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\AntiVirus\ioloAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iolo\AntiVirus\iAVEmailScanner.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\AntiVirus\ioloAV.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: jstdrv - jstdrv.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8995 bytes

Thanks,
 
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
 
OK, I have run the comboFix program, while it was running Iolo said it stopped malware, even though I turned off real time protection, would this have affected the result?

Here's the log

ComboFix 09-02-15.01 - david 2009-02-17 17:19:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.461 [GMT 11:00]
Running from: c:\documents and settings\david\Desktop\ComboFix.exe
AV: iolo AntiVirus® *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\a9k.bin

.
((((((((((((((((((((((((( Files Created from 2009-01-17 to 2009-02-17 )))))))))))))))))))))))))))))))
.

2009-02-16 16:47 . 2009-02-16 16:47 <DIR> d-------- c:\program files\Common Files\Authentium
2009-02-12 17:50 . 2009-02-12 17:50 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-07 14:04 . 2009-02-07 14:04 <DIR> d-------- c:\program files\Trend Micro
2009-02-07 14:00 . 2009-02-07 14:00 <DIR> d-------- c:\program files\ERUNT
2009-02-06 21:15 . 2009-02-06 21:15 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-06 21:12 . 2009-02-06 21:12 <DIR> d-------- c:\windows\ERUNT
2009-01-30 19:33 . 2009-02-11 14:49 <DIR> d-------- c:\documents and settings\david\Application Data\LimeWire
2009-01-30 19:32 . 2009-02-11 14:59 <DIR> d-------- c:\program files\LimeWire
2009-01-30 18:56 . 2009-02-16 16:57 <DIR> d-------- c:\documents and settings\david\Tracing
2009-01-30 18:55 . 2009-01-30 18:55 <DIR> d-------- c:\program files\Microsoft
2009-01-30 18:54 . 2009-01-30 18:54 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-30 18:34 . 2009-01-30 18:34 <DIR> d-------- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-16 05:47 --------- d-----w c:\program files\iolo
2009-02-16 05:45 --------- d-----w c:\documents and settings\david\Application Data\iolo
2009-02-12 06:50 --------- d-----w c:\program files\Java
2009-01-30 07:54 --------- d-----w c:\program files\Windows Live
2008-12-27 05:03 --------- d-----w c:\documents and settings\david\Application Data\My Battle for Middle-earth(tm) II Files
2008-12-25 05:35 59,904 ----a-w c:\windows\system32\00setup.exe
2008-12-25 01:46 --------- d-----w c:\program files\Electronic Arts
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-19 23:22 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-19 23:00 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-18 23:00 --------- d-----w c:\program files\Bonjour
2008-12-18 22:58 --------- d-----w c:\program files\iTunes
2008-12-18 22:58 --------- d-----w c:\program files\iPod
2008-12-18 22:58 --------- d-----w c:\program files\Common Files\Apple
2008-12-18 22:58 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-18 22:56 --------- d-----w c:\program files\QuickTime
2008-12-18 22:22 --------- d-----w c:\program files\Safari
2008-12-12 00:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 00:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-02 11:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-02 07:37 25,728 ----a-w c:\documents and settings\david\Application Data\GDIPFONTCACHEV1.DAT
2008-05-31 10:10 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-05-31 10:10 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-05-31 10:10 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-05-31 10:10 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-05-31 10:10 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-23 12:41 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082320080824\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-12 136600]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"iolo AntiVirus"="c:\program files\iolo\AntiVirus\ioloAV.exe" [2008-03-05 1095520]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\david\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-01-23 118784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jscript.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\iolo\\AntiVirus\\ioloAV.exe"=
"c:\\Program Files\\iolo\\AntiVirus\\iAVEmailScanner.exe"=

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-01-23 628584]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-01-23 628584]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
S1 jscript;JavaScript VirtualMachine Driver;c:\windows\system32\jscript.sys [2008-12-14 0]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39a8fa4a-74fd-11dd-bb37-001c2394698f}]
\Shell\AutoRun\command - E:\Officer.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-02-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-16 17:20]

2009-02-07 c:\windows\Tasks\WebReg Deskjet F2100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 22:36]
.
- - - - ORPHANS REMOVED - - - -

Notify-jstdrv - jstdrv.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\iavlsp.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 17:21:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\iavlsp.dll
.
Completion time: 2009-02-17 17:22:42
ComboFix-quarantined-files.txt 2009-02-17 06:22:39

Pre-Run: 42,158,252,032 bytes free
Post-Run: 42,277,990,400 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

163 --- E O F --- 2009-02-11 06:04:08



OK, and heres the Hijack this log,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:14 PM, on 17/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\AntiVirus\ioloAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iolo\AntiVirus\iAVEmailScanner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\AntiVirus\ioloAV.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8578 bytes


Thanks
 
No I don't think so.

Open notepad and copy/paste the text in the codebox below into it:

Code: 
Folder::
c:\documents and settings\david\Application Data\LimeWire
c:\program files\LimeWire

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
 
OK, I ran that, here's the report

ComboFix 09-02-17.01 - david 2009-02-18 15:24:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.447 [GMT 11:00]
Running from: c:\documents and settings\david\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\david\Desktop\CFScript.txt
AV: iolo AntiVirus® *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\david\Application Data\LimeWire
c:\documents and settings\david\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\david\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\david\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\david\Application Data\LimeWire\createtimes.cache
c:\documents and settings\david\Application Data\LimeWire\downloads.dat
c:\documents and settings\david\Application Data\LimeWire\fileurns.bak
c:\documents and settings\david\Application Data\LimeWire\fileurns.cache
c:\documents and settings\david\Application Data\LimeWire\gnutella.net
c:\documents and settings\david\Application Data\LimeWire\installation.props
c:\documents and settings\david\Application Data\LimeWire\library.dat
c:\documents and settings\david\Application Data\LimeWire\library5.dat
c:\documents and settings\david\Application Data\LimeWire\limewire.props
c:\documents and settings\david\Application Data\LimeWire\mojito.props
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\Cache\489D2361d01
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\Cache\6A326B34d01
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\OfflineCache\index.sqlite
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\david\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\david\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\david\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\david\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\david\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\david\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\david\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\david\Application Data\LimeWire\questions.props
c:\documents and settings\david\Application Data\LimeWire\responses.cache
c:\documents and settings\david\Application Data\LimeWire\simpp.xml
c:\documents and settings\david\Application Data\LimeWire\spam.dat
c:\documents and settings\david\Application Data\LimeWire\tables.props
c:\documents and settings\david\Application Data\LimeWire\ttrees.cache
c:\documents and settings\david\Application Data\LimeWire\ttroot.cache
c:\documents and settings\david\Application Data\LimeWire\version.xml
c:\documents and settings\david\Application Data\LimeWire\versions.props
c:\documents and settings\david\Application Data\LimeWire\xml\data\audio.sxml3
c:\program files\LimeWire
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-18 to 2009-02-18 )))))))))))))))))))))))))))))))
.

2009-02-16 16:47 . 2009-02-16 16:47 <DIR> d-------- c:\program files\Common Files\Authentium
2009-02-12 17:50 . 2009-02-12 17:50 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-07 14:04 . 2009-02-07 14:04 <DIR> d-------- c:\program files\Trend Micro
2009-02-07 14:00 . 2009-02-07 14:00 <DIR> d-------- c:\program files\ERUNT
2009-02-06 21:15 . 2009-02-06 21:15 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-06 21:12 . 2009-02-06 21:12 <DIR> d-------- c:\windows\ERUNT
2009-01-30 18:56 . 2009-02-17 17:45 <DIR> d-------- c:\documents and settings\david\Tracing
2009-01-30 18:55 . 2009-01-30 18:55 <DIR> d-------- c:\program files\Microsoft
2009-01-30 18:54 . 2009-01-30 18:54 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-30 18:34 . 2009-01-30 18:34 <DIR> d-------- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-16 05:47 --------- d-----w c:\program files\iolo
2009-02-16 05:45 --------- d-----w c:\documents and settings\david\Application Data\iolo
2009-02-12 06:50 --------- d-----w c:\program files\Java
2009-01-30 07:54 --------- d-----w c:\program files\Windows Live
2008-12-27 05:03 --------- d-----w c:\documents and settings\david\Application Data\My Battle for Middle-earth(tm) II Files
2008-12-25 05:35 59,904 ----a-w c:\windows\system32\00setup.exe
2008-12-25 01:46 --------- d-----w c:\program files\Electronic Arts
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-19 23:22 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-19 23:00 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-18 23:00 --------- d-----w c:\program files\Bonjour
2008-12-18 22:58 --------- d-----w c:\program files\iTunes
2008-12-18 22:58 --------- d-----w c:\program files\iPod
2008-12-18 22:58 --------- d-----w c:\program files\Common Files\Apple
2008-12-18 22:58 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-18 22:56 --------- d-----w c:\program files\QuickTime
2008-12-18 22:22 --------- d-----w c:\program files\Safari
2008-12-12 00:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 00:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-02 11:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-02 07:37 25,728 ----a-w c:\documents and settings\david\Application Data\GDIPFONTCACHEV1.DAT
2008-05-31 10:10 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-05-31 10:10 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-05-31 10:10 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-05-31 10:10 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-05-31 10:10 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-23 12:41 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082320080824\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-17_17.21.32.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 01:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\18-02-2009\ERDNT.EXE
+ 2009-02-18 03:52:25 6,873,088 ----a-w c:\windows\ERDNT\AutoBackup\18-02-2009\Users\00000001\NTUSER.DAT
+ 2009-02-18 03:52:25 241,664 ----a-w c:\windows\ERDNT\AutoBackup\18-02-2009\Users\00000002\UsrClass.dat
- 2009-02-17 06:02:42 53,166 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-18 03:56:35 53,166 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-17 06:02:42 380,918 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-18 03:56:35 380,918 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-18 03:52:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_974.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-12 136600]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"iolo AntiVirus"="c:\program files\iolo\AntiVirus\ioloAV.exe" [2008-03-05 1095520]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\david\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-01-23 118784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jscript.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\iolo\\AntiVirus\\ioloAV.exe"=
"c:\\Program Files\\iolo\\AntiVirus\\iAVEmailScanner.exe"=

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-01-23 628584]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-01-23 628584]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
S1 jscript;JavaScript VirtualMachine Driver;c:\windows\system32\jscript.sys [2008-12-14 0]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39a8fa4a-74fd-11dd-bb37-001c2394698f}]
\Shell\AutoRun\command - E:\Officer.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-02-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-16 17:20]

2009-02-07 c:\windows\Tasks\WebReg Deskjet F2100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\iavlsp.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 15:26:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\iavlsp.dll
.
Completion time: 2009-02-18 15:27:47
ComboFix-quarantined-files.txt 2009-02-18 04:27:45
ComboFix2.txt 2009-02-17 06:22:43

Pre-Run: 42,265,341,952 bytes free
Post-Run: 42,202,107,904 bytes free

577 --- E O F --- 2009-02-11 06:04:08


And the Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:31:12 PM, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\AntiVirus\ioloAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iolo\AntiVirus\iAVEmailScanner.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\AntiVirus\ioloAV.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8642 bytes


Thanks
 
Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select ''Run as administrator'' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
 
You must log in or register to reply here.
Back
Top