[birani]

Hi all,

First of all i have this annoying pop up dialer (access members area.exe) which leaves an icon of a blonde girl on the desk top, also i have downloaded ''hijackthis'' but when opened and scanned it stays for about a second or two then disappears as does the log file but managed to copy it in here, also when i use control/alt and delete to bring up the task manager i get an error message saying ''Task Manager Has Been Disabled By Your Administrator''. Also couldnt download Ewido as the save box disappeared after about two seconds but have AVG Antispyware installed, which i find now is disappearing after about two seconds. also when the pc starts up 2 boxes appear ''update.exe'' saying that the system.dll is missing

SOMEONE.......PLEASE HELP!!!!!.


Many Thanks


Birani

Here is the Hijackthis log :-

Logfile of HijackThis v1.99.1
Scan saved at 13:14:39, on 05/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\SYMNET~1\SNDMon.exe
C:\WINDOWS\system32\nordsys.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Documents and Settings\Mum\Desktop\Mum N Brian\Brians MP3 player\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17E35919-92F3-E773-D1FA-C66931DC8DC3} - C:\WINDOWS\system32\jcnbspki.dll (file missing)
O2 - BHO: (no name) - {17EC0111-93F3-E726-8AFA-C66931DC8EC7} - C:\WINDOWS\system32\jsrtsw.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {E6967341-F6A3-1508-A513-3C42BECF9365} - C:\DOCUME~1\Mum\APPLIC~1\RDRERR~1\Bodymemo.exe (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\x..Kerri..x\Desktop\winstall.exe
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Windows Recylinder Check] pozlyzyzfa.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm037YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matca.../speedtest2.dll
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/gbn2650.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA2ADB7-3337-408E-934A-517706EF454D}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{46843123-250C-4184-BEDC-A257090B90F1}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{752ABCE8-AFFD-4EB1-ADB0-4097A3956AFD}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{76F0FAF3-09F3-4F3B-93DC-5D41FB7A8657}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB81FCED-A5F3-4FF0-85C4-AF0FE2549950}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{C40F2F4E-0DA3-46F2-9228-CDB01F0F2AAF}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.101 85.255.112.73
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CA2ADB7-3337-408E-934A-517706EF454D}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.101 85.255.112.73
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InteractiveLogon - Unknown owner - C:\WINDOWS\system32\Fast.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

[Advertisements]

Hello birani,

first Welcome and thanks to come to GeeksToGo.
I'll analyse your log and come back soon with instructions to help you

Tirol.

Edited by tirol, 06 December 2006 - 08:15 AM.

[tirol]

Hello birani,

first Welcome and thanks to come to GeeksToGo.
I'll analyse your log and come back soon with instructions to help you

Tirol.

Edited by tirol, 06 December 2006 - 08:15 AM.

[birani]

Hi and thanks for your reply

Awaiting your help

Many Thanks

birani

[birani]

just a quick note to also say that my internet connection {broadband} is running rather slow, as if something is eating it up.

Thanks again

birani

[tirol]

Hello birani,

Please download Combofix to your desktop.
http://download.blee...Bs/combofix.exe

Doubleclick combofix.exe to launch the application.
Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log => combofix.txt.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.


Please post that log in the next reply along with a new HijackThis log and Combofix.txt.

thanks,
tirol.

[birani]

Hi and thanks for your reply.

As requested here is the results of the combofix and also the log of uninstall_list.text and hijackthis log.

Many Thanks again

birani


combofix txt

Mum - 06-12-06 16:40:04.46 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Mum\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Common Files\{305E394B-0725-2057-0301-04102703002c}
C:\Program Files\Common Files\{305E394B-0726-2057-0301-04102703002c}
C:\Program Files\Common Files\{C05E394B-0725-2057-0301-04102703002c}
C:\Program Files\Common Files\{C05E394B-0726-2057-0301-04102703002c}
C:\WINDOWS\Sm9hbm5l

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\PPATCH~1
C:\QooBox\Purity\WINDOWS\PPPATC~1
C:\QooBox\Purity\WINDOWS\PPATCH~1\à?pPatch


((((((((((((((((((((((((((((((( Files Created from 2006-11-06 to 2006-12-06 ))))))))))))))))))))))))))))))))))


2006-12-06 15:50 3,542 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-05 17:11 <DIR> d-------- C:\Program Files\RegistryFix
2006-12-05 13:52 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2006-12-04 23:22 <DIR> d-------- C:\Program Files\CCleaner
2006-12-04 22:11 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-04 22:11 <DIR> d-------- C:\Program Files\Grisoft
2006-12-04 19:34 <DIR> d-------- C:\Program Files\Symantec Technical Support
2006-12-04 11:39 51,788 --a------ C:\WINDOWS\system32\csnow.exe
2006-12-04 11:35 29,696 --a------ C:\WINDOWS\system32\rpcc.dll
2006-12-04 11:35 15,927 --a------ C:\WINDOWS\system32\w.exe
2006-12-04 11:34 9,291 --a------ C:\WINDOWS\system32\z1973.exe
2006-12-04 11:34 8,609 --a------ C:\WINDOWS\system32\z2712.exe
2006-12-04 11:34 6,199 --a------ C:\WINDOWS\system32\z2240.exe
2006-12-04 11:34 6,199 --a------ C:\WINDOWS\system32\se.exe.exe
2006-12-04 11:34 54,327 --a------ C:\WINDOWS\system32\google.png.exe
2006-12-04 11:34 20,480 --a------ C:\WINDOWS\system32\z3658.dll
2006-12-04 11:34 15,927 --a------ C:\WINDOWS\system32\w.exe.exe
2006-12-04 11:34 15,927 ---h----- C:\WINDOWS\system32\nordsys.exe
2006-12-04 11:34 128,567 --a------ C:\WINDOWS\system32\ss.exe.exe
2006-12-04 10:45 <DIR> d-------- C:\WINDOWS\system32\bak
2006-12-01 23:15 30,844 --a------ C:\WINDOWS\system32\gsetup.exe
2006-12-01 22:55 8,570 --a------ C:\WINDOWS\system32\telebos.exe
2006-11-21 21:56 <DIR> d-------- C:\Documents and Settings\Mum\Application Data\ICAClient
2006-11-21 21:55 <DIR> d-------- C:\Program Files\Citrix
2006-11-15 17:49 <DIR> d-------- C:\Program Files\Azureus
2006-11-15 17:49 <DIR> d-------- C:\Documents and Settings\Mum\Application Data\Azureus
2006-11-13 12:18 <DIR> d-------- C:\Documents and Settings\Mum\Application Data\uTorrent
2006-11-13 11:06 <DIR> d-------- C:\Documents and Settings\Mum\Application Data\DivX
2006-11-13 10:52 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-11-13 10:52 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-11-13 10:52 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-11-13 10:51 <DIR> d-------- C:\Program Files\DivX
2006-11-12 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2006-11-12 19:38 <DIR> d-------- C:\Program Files\IVT Corporation
2006-11-08 23:11 <DIR> d-------- C:\Documents and Settings\Mum\Application Data\ConvertTemp
2006-11-08 23:07 <DIR> d-------- C:\Documents and Settings\Mum\Application Data\Samsung
2006-11-08 22:57 <DIR> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2006-11-08 22:56 77,824 --a------ C:\WINDOWS\system32\fun_mp4_dec.dll
2006-11-08 22:56 684,032 --a------ C:\WINDOWS\system32\fun_mp4_enc.dll
2006-11-08 22:56 2,729,472 --a------ C:\WINDOWS\system32\fun_avcodec.dll
2006-11-08 22:55 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2006-11-08 22:55 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2006-11-08 22:55 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2006-11-08 22:55 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2006-11-08 22:55 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2006-11-08 22:55 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2006-11-08 22:55 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2006-11-08 22:54 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-06 16:40 -------- d-------- C:\Program Files\Common Files
2006-12-05 14:34 -------- d-------- C:\Program Files\Norton AntiVirus
2006-12-05 14:34 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-12-04 10:45 -------- d-------- C:\Program Files\SymNetDrv
2006-12-04 10:45 -------- d-------- C:\Program Files\QuickTime
2006-12-04 10:45 -------- d-------- C:\Program Files\iTunes
2006-12-04 10:44 35787 --a------ C:\WINDOWS\system32\taskswitch.exe
2006-12-04 10:44 35787 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-12-04 10:44 35787 --a------ C:\WINDOWS\system32\fast.exe
2006-11-30 16:54 -------- d-------- C:\Documents and Settings\Mum\Application Data\Adobe
2006-11-26 19:33 -------- d-------- C:\Program Files\MSN Messenger
2006-11-26 19:33 -------- d-------- C:\Program Files\Internet Explorer
2006-11-17 11:30 -------- d-------- C:\Documents and Settings\Mum\Application Data\MSN6
2006-11-13 09:15 -------- d-------- C:\Documents and Settings\Mum\Application Data\BitTorrent
2006-11-12 19:38 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-08 22:54 -------- d-------- C:\Program Files\Samsung
2006-11-05 09:59 379 --a------ C:\Documents and Settings\Mum\Application Data\internaldb1942.dat
2006-11-05 09:59 173056 --a------ C:\Documents and Settings\Mum\Application Data\internaldb7098.dat
2006-11-05 09:59 151 --a------ C:\Documents and Settings\Mum\Application Data\internaldb2116.dat
2006-11-05 09:59 13046 --a------ C:\Documents and Settings\Mum\Application Data\internaldb6613.dat
2006-11-05 09:59 0 --a------ C:\Documents and Settings\Mum\Application Data\internaldb6312.dat
2006-11-05 09:43 6144 --a------ C:\Documents and Settings\Mum\Application Data\internaldb7173.dat
2006-11-05 09:43 0 --a------ C:\Documents and Settings\Mum\Application Data\internaldb5737.dat
2006-11-05 09:43 0 --a------ C:\Documents and Settings\Mum\Application Data\internaldb5124.dat
2006-11-05 09:42 0 --a------ C:\Documents and Settings\Mum\Application Data\internaldb562.dat
2006-11-05 09:42 0 --a------ C:\Documents and Settings\Mum\Application Data\internaldb1201.dat
2006-10-26 10:10 1743 --a------ C:\Documents and Settings\Mum\Application Data\AdobeDLM.log
2006-10-17 20:34 -------- d-------- C:\Program Files\Google
2006-10-15 15:59 -------- d-------- C:\Documents and Settings\Mum\Application Data\AdobeUM
2006-10-10 20:31 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-10 20:30 -------- d-------- C:\Program Files\Adobe
2006-10-10 20:11 -------- d-------- C:\Program Files\Amic Utilities
2006-10-09 21:53 -------- d-------- C:\Program Files\Symantec
2006-09-15 21:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Nord"="C:\\WINDOWS\\system32\\nordsys.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"FastUser"="C:\\WINDOWS\\system32\\fast.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"pdfw"="C:\\Program Files\\Amic Utilities\\PDF Writer Pro\\pdfwload.exe"
"Nord"="C:\\WINDOWS\\system32\\nordsys.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Recylinder Check"="pozlyzyzfa.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"=dword:00000000
"DisableChangePassword"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoLogoff"=dword:00000000
"NoClose"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drive mp3 comp extra]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Heck Gram"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\All Users\\Application Data\\AUDIOBINDDRIVEMP3\\Heck Gram.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipwins"
"hkey"="HKLM"
"command"="C:\\Program Files\\ipwins\\ipwins.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHost"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\kdx\\KHost.exe -all"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\software heart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ManagerInsideProc"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\Mum\\APPLIC~1\\ARMYLO~1\\ManagerInsideProc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Recylinder Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pozlyzyzfa"
"hkey"="HKLM"
"command"="pozlyzyzfa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdService"=dword:00000002

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-12-06 16:40:37.29
C:\ComboFix.txt ... 06-12-06 16:40


uninstall_list.text

Ad-Aware SE Personal
Adobe Acrobat 6.0 Professional - English, Français, Deutsch
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop CS
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.8
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
AVG Anti-Spyware 7.5
BitTorrent 4.22.1
BlueSoleil
CCleaner (remove only)
CDex extraction audio
Citrix ICA Web Client
Digimax L60 /Kenox X60
Digimax Master
Garmin City Navigator Europe NT+ v8.02
Garmin POI Loader
Google Toolbar for Internet Explorer
HijackThis 1.99.1
hp deskjet 3820 series (Remove only)
HP Photo Printing Software
hp psc 700 series
HP Share-to-Web
igLoader 2,0,0,2
Intel® PRO Network Adapters and Drivers
iPod for Windows 2005-09-23
iPod for Windows 2006-01-10
iPod Updater 2004-11-15
iTunes
J2SE Runtime Environment 5.0 Update 1
LimeWire 4.12.6
LiveUpdate 1.90 (Symantec Corporation)
Macromedia Flash Player 8
MediaTickets by OIN
Messenger Plus! 3 & Sponsor
Messenger Plus! Live & Sponsor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Money
Microsoft Money System Pack
Microsoft Office XP Professional
Nero 6 Enterprise Edition
NVIDIA Audio Driver
NVIDIA Windows 2000/XP Display Drivers
PDF Writer Pro v1.2
Powertoys For Windows XP
QuickTime
RegistryFix v5.5
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem ^^
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Spybot - Search & Destroy 1.3
SUGAR Virtual Makeover
Symantec Technical Support Web Controls
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
XTNDConnect Blue Manager 2.1


Logfile of HijackThis v1.99.1
Scan saved at 16:53:27, on 06/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\nordsys.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Mum\Desktop\Mum N Brian\Brians MP3 player\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17E35919-92F3-E773-D1FA-C66931DC8DC3} - C:\WINDOWS\system32\jcnbspki.dll (file missing)
O2 - BHO: (no name) - {17EC0111-93F3-E726-8AFA-C66931DC8EC7} - C:\WINDOWS\system32\jsrtsw.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {E6967341-F6A3-1508-A513-3C42BECF9365} - C:\DOCUME~1\Mum\APPLIC~1\RDRERR~1\Bodymemo.exe (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Windows Recylinder Check] pozlyzyzfa.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm037YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matca.../speedtest2.dll
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/gbn2650.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA2ADB7-3337-408E-934A-517706EF454D}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{46843123-250C-4184-BEDC-A257090B90F1}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{752ABCE8-AFFD-4EB1-ADB0-4097A3956AFD}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{76F0FAF3-09F3-4F3B-93DC-5D41FB7A8657}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB81FCED-A5F3-4FF0-85C4-AF0FE2549950}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{C40F2F4E-0DA3-46F2-9228-CDB01F0F2AAF}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.101 85.255.112.73
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CA2ADB7-3337-408E-934A-517706EF454D}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.101 85.255.112.73
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InteractiveLogon - Unknown owner - C:\WINDOWS\system32\Fast.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

[tirol]

Hello birani

Please, save following instructions as you will run into safe mode without Web connection.
Save in a text file on the desktop or print it.

1. Downloading
Download CWShredder here to its own folder.
Update CWShredder:
* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder


2. de-activate AVG antispyware resident shield , as it may interfere with the following actions.
To disable AVG antispyware:

From the system tray:
Right-click the system tray icon and uncheck real time protection.

or From within AVG antispyware:
Under 'Your security status', if the real time protection is active, deactivate it by clicking 'real time protection' until the status says 'inactive'.

3. Open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {17E35919-92F3-E773-D1FA-C66931DC8DC3} - C:\WINDOWS\system32\jcnbspki.dll (file missing)
O2 - BHO: (no name) - {17EC0111-93F3-E726-8AFA-C66931DC8EC7} - C:\WINDOWS\system32\jsrtsw.dll (file missing)
O2 - BHO: (no name) - {E6967341-F6A3-1508-A513-3C42BECF9365} - C:\DOCUME~1\Mum\APPLIC~1\RDRERR~1\Bodymemo.exe (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O4 - HKLM\..\RunServices: [Windows Recylinder Check] pozlyzyzfa.exe
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm037YYGB
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matca.../speedtest2.dll
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/gbn2650.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA2ADB7-3337-408E-934A-517706EF454D}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{46843123-250C-4184-BEDC-A257090B90F1}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{752ABCE8-AFFD-4EB1-ADB0-4097A3956AFD}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{76F0FAF3-09F3-4F3B-93DC-5D41FB7A8657}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB81FCED-A5F3-4FF0-85C4-AF0FE2549950}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{C40F2F4E-0DA3-46F2-9228-CDB01F0F2AAF}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.101 85.255.112.73
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CA2ADB7-3337-408E-934A-517706EF454D}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.101 85.255.112.73
O20 - AppInit_DLLs:
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

4. Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8.
A menu should come up where you will be given the option to enter Safe Mode.

5. Run CWShredder.
Click I Agree, then Fix and then Next, let it fix everything it asks about.

6. Enabling the viewing of Hidden files:

• Close all programs so that you are at your desktop.
  
• Double-click on the My Computer icon.
  
• Select the Tools menu and click Folder Options.
  
• After the new window appears select the View tab.
  
• Put a checkmark in the checkbox labeled Display the contents of system folders.
  
• Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  
• Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  
• Remove the checkmark from the checkbox labeled Hide protected operating system files.
  
• Press the Apply button and then the OK button and shutdown My Computer.
  
• Now your computer is configured to show all hidden files.

7. Uninstall unwanted programms
Click Start > Settings > Control Panel.
In the Control Panel window, double-click Add/Remove Programs.
If you do not see the Add/Remove Programs icon, click "...view all Control Panel options."
remove the following :
MediaTickets by OIN
Messenger Plus! 3 & Sponsor
Messenger Plus! Live & Sponsor

(You can re-install Messenger Plus! later but without checking the sponsors during installation)

8. Cleaning bad files
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):
C:\WINDOWS\system32\csnow.exe
C:\WINDOWS\system32\rpcc.dll
C:\WINDOWS\system32\w.exe
C:\WINDOWS\system32\z1973.exe
C:\WINDOWS\system32\z2712.exe
C:\WINDOWS\system32\z2240.exe
C:\WINDOWS\system32\se.exe.exe
C:\WINDOWS\system32\google.png.exe
C:\WINDOWS\system32\z3658.dll
C:\WINDOWS\system32\w.exe.exe
C:\WINDOWS\system32\telebos.exe
C:\WINDOWS\system32\nordsys.exe

9. Reboot your computer into normal windows.

10. Panda Active scan
Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button,
  then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Then redo a Hijackthis scan and post the result alongwith Panda'report.
Thanks,
tirol.

[birani]

Hi there - as requested log of Panda's ActiveScan report and Hijackthis log after. Whilst I was carrying out your instructions for deletion of "cleaning bad files" it would not let me delete "c:\WINDOWS\system32\rpcc.dll " it said that the file was in use.

ACTIVE SCAN REPORT:

Incident Status Location

Adware:Adware/SystemDoctor Not disinfected c:\program files\microsoft money\system\mnyexpr.exe
Adware:Adware/SystemDoctor Not disinfected c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
Adware:Adware/SystemDoctor Not disinfected c:\program files\quicktime\qttask.exe
Adware:Adware/SystemDoctor Not disinfected c:\program files\itunes\ituneshelper.exe
Adware:Adware/SystemDoctor Not disinfected c:\windows\system32\fast.exe
Adware:Adware/SystemDoctor Not disinfected c:\windows\system32\taskswitch.exe
Adware:Adware/SystemDoctor Not disinfected c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe
Adware:Adware/SystemDoctor Not disinfected c:\windows\system32\nerocheck.exe
Adware:Adware/SystemDoctor Not disinfected C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Virus:trj/abwiz.a Disinfected Operating system
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Adware:adware/commad Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mum\Cookies\mum@adrevolver[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Mum\Cookies\mum@drivecleaner[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Mum\Cookies\[email protected][2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Mum\Cookies\mum@toplist[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Mum\Cookies\[email protected][2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mum\Desktop\Junk Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mum\Desktop\Junk Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Virus:Trj/Gagar.BL Disinfected C:\Documents and Settings\Mum\T34Ms6k.exe
Virus:Trj/Downloader.LQY Disinfected C:\Documents and Settings\x!..Charlotte..!x\Desktop\telebos.exe
Adware:Adware/Beginto Not disinfected C:\Documents and Settings\x!..Charlotte..!x\Local Settings\Temp\smoAB.tmp
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\x..Kerri..x\Cookies\x..kerri..x@888[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\x..Kerri..x\Cookies\[email protected][2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\x..Kerri..x\Cookies\x..kerri..x@azjmp[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\x..Kerri..x\Cookies\x..kerri..x@go[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\x..Kerri..x\Cookies\[email protected][2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\x..Kerri..x\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\x..Kerri..x\Cookies\x..kerri..x@xiti[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\x..Kerri..x\Cookies\x..kerri.[12].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\x..Kerri..x\Cookies\x..kerri.[13].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\x..Kerri..x\Cookies\x..kerri.[15].txt
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\x..Kerri..x\Local Settings\Temp\b116.exe
Virus:Trj/Downloader.LQY Disinfected C:\Documents and Settings\x..Kerri..x\telebos.exe
Adware:Adware/SystemDoctor Not disinfected C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
Virus:W32/Licat.G.worm Disinfected C:\Program Files\MSN Messenger\msnmsgr.exe
Adware:Adware/SystemDoctor Not disinfected C:\Program Files\SymNetDrv\SNDMon.exe
Adware:Adware/SpySheriff Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1003\Dc10.exe
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1003\Dc11.exe
Virus:Trj/Downloader.LNJ Disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1003\Dc15.dll
Virus:Trj/Downloader.LQY Disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1003\Dc16.exe
Virus:W32/Nuwar.A.worm Disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1003\Dc17.exe
Virus:W32/Nuwar.A.worm Disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1003\Dc8.exe
Virus:W32/Nuwar.A.worm Disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1003\Dc9.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1009\Dc102\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1009\Dc103\Update.exe
Adware:Adware/Mytoolbar Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc30\UnInstall.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc33\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc34\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc35\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc36\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc37\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc38\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc39\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc40\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc41\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc42\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc43\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc44\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc45\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc46\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc47\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc48\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc49\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc50\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc51\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc52\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc53\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc54\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-796845957-1935655697-839522115-1010\Dc55\Update.exe
Virus:Trj/Ruins.MC Disinfected C:\WINDOWS\system32\dmwfl.exe
Virus:W32/Banwarum.H.worm Disinfected C:\WINDOWS\system32\ss.exe.exe
Adware:Adware/Beginto Not disinfected D:\Documents and Settings\x!..Charlotte..!x\Local Settings\Temp\smoAB.tmp
Spyware:Cookie/888 Not disinfected D:\Documents and Settings\x..Kerri..x\Cookies\x..kerri..x@888[1].txt
Spyware:Cookie/Hbmediapro Not disinfected D:\Documents and Settings\x..Kerri..x\Cookies\[email protected][2].txt
Spyware:Cookie/Azjmp Not disinfected D:\Documents and Settings\x..Kerri..x\Cookies\x..kerri..x@azjmp[1].txt
Spyware:Cookie/Go Not disinfected D:\Documents and Settings\x..Kerri..x\Cookies\x..kerri..x@go[1].txt
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\x..Kerri..x\Cookies\[email protected][2].txt
Spyware:Cookie/Systemdoctor Not disinfected D:\Documents and Settings\x..Kerri..x\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected D:\Documents and Settings\x..Kerri..x\Cookies\x..kerri..x@xiti[1].txt
Spyware:Cookie/888 Not disinfected D:\Documents and Settings\x..Kerri..x\Cookies\x..kerri.[12].txt
Spyware:Cookie/Cassava Not disinfected D:\Documents and Settings\x..Kerri..x\Cookies\x..kerri.[13].txt
Spyware:Cookie/Adrevolver Not disinfected D:\Documents and Settings\x..Kerri..x\Cookies\x..kerri.[15].txt
Adware:Adware/YazzleSudoku Not disinfected D:\Documents and Settings\x..Kerri..x\Local Settings\Temp\b116.exe
Adware:Adware/YazzleSudoku Not disinfected D:\Documents and Settings\x..Kerri..x\Local Settings\Temporary Internet Files\Content.IE5\3V9LKIO0\116[1].net
Virus:Trj/Downloader.LQY Disinfected D:\Documents and Settings\x..Kerri..x\Local Settings\Temporary Internet Files\Content.IE5\3V9LKIO0\telebox[1].txt
Adware:Adware/FlashTrack Not disinfected D:\Documents and Settings\x..Kerri..x\Local Settings\Temporary Internet Files\Content.IE5\PPFSNEZZ\channels_02[1].gif
Virus:Trj/Downloader.LQY Disinfected D:\Documents and Settings\x..Kerri..x\telebos.exe

Logfile of HijackThis v1.99.1
Scan saved at 22:55:15, on 06/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mum\Desktop\Junk Desktop\Mum N Brian\Brians MP3 player\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InteractiveLogon - Unknown owner - C:\WINDOWS\system32\Fast.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


Many thanks for your help...
Birani

[tirol]

Hello Birani,

more things to complete


1.I don't see any antivirus on your logs!
Please, install an Anti/Virus, these are free for personal use:

• AVG Anti-Virus
• Avast Home Edition

You should also have a good firewall. Here are 3 free ones available for personal use:

• Sygate Personal Firewall
• Kerio Personal Firewall
• ZoneAlarm

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

And take into consideration, that ONLY one of each should be installed.


2. Downloading

Please download ATF Cleaner by Atribune.
Do not use it yet, you will use it later.

Launch AVG Anti-Spyware

• On the main screen select the icon "Update" then select the "Update now" link.
  • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

3. Deleting rpcc.dll
Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • Select: "Unregister .dll before Deleting"[/B]
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\system32\rpcc.dll
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.
  Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox,
click here to download and run missingfilesetup.exe.
Then try Killbox again.

4. Open HiJackThis and scan. Check the boxes next to all the entries listed below.

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

5. Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8.
A menu should come up where you will be given the option to enter Safe Mode.

6.ATF CleanerDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

7.AVG antispyware scan

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

• Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
• AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
• Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

8.Updating Java and Clearing Cache

• Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
• It will say "Java Plug-in" under the icon.
  Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
• If you are unable to update you can manually update by going here:
  • http://www.java.com/en/download/manual.jsp
• After the reboot, go back into the Control Panel and double-click the Java Icon.
• Under Temporary Internet Files, click the Delete Files button.
• There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
  Downloaded Applications
  Other Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Java Control Panel.

Post a fresh HijackThis log and the Ewido report.
Thanks,
tirol.

[birani]

Hi tirol,

As requested a fresh hijackthis log and the report saved from the avg spyware, also have dowloaded Kerio personal firewall, can i mention that avg spyware and the firewall does not load on start up i have to initialise them from the desktop for them to start up.

Many Thanks

Birani


Logfile of HijackThis v1.99.1
Scan saved at 16:19:38, on 08/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Documents and Settings\Mum\Desktop\Junk Desktop\Mum N Brian\Brians MP3 player\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InteractiveLogon - Unknown owner - C:\WINDOWS\system32\Fast.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:54:00 08/12/2006

+ Scan result:



C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0174778.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0172754.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP266\A0184026.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174793.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174884.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP261\A0178956.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP261\A0179955.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0180954.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP232\A0160872.dll -> Adware.SearchEnh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP232\A0160873.dll -> Adware.SmartShopper : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0173755.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0173756.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0173757.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173769.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173774.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173775.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173790.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173791.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173793.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174802.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174845.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174847.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174848.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174849.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186453.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186454.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186455.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186456.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186457.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186458.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186459.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186460.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186461.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186462.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186463.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186464.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186465.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186466.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186467.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186468.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186469.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186470.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186471.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186472.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186473.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186474.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186475.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186476.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186477.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186478.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186479.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186480.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186481.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186482.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186483.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186484.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186485.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186486.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186487.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186488.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186489.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186490.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186491.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186492.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186493.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186494.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186495.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186496.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186497.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186498.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186499.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186500.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186501.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186502.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186503.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186504.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186505.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186506.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186507.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186508.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186509.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186510.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186511.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186512.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186513.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186514.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186515.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186516.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186517.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186518.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186519.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186520.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186521.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186522.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186523.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186524.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186525.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186526.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186527.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186528.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186529.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186530.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186531.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186532.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186533.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186534.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186535.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186536.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186537.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186538.exe -> Adware.Softomate : Cleaned with backup (quarantined).
D:\Documents and Settings\x..Kerri..x\Local Settings\Temp\b116.exe -> Adware.Softomate : Cleaned with backup (quarantined).
D:\Documents and Settings\x..Kerri..x\Local Settings\Temporary Internet Files\Content.IE5\3V9LKIO0\116[1].net -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP233\A0163034.dll -> Adware.TrafficSol : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP233\A0163035.exe -> Adware.TrafficSol : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP271\A0191183.exe -> Backdoor.Agent.aim : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0186641.exe -> Dialer.GBDialer.h : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0186642.exe -> Dialer.GBDialer.h : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0187928.exe -> Dialer.GBDialer.h : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP261\A0178957.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP261\A0179956.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0180955.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP266\A0184027.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185048.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185049.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185050.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0186632.exe -> Downloader.Delf.aeu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0187936.exe -> Downloader.Delf.aeu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP273\A0191233.exe -> Downloader.Delf.aeu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174791.exe -> Downloader.PurityScan.dr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174882.exe -> Downloader.PurityScan.dr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186195.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP271\A0191180.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186561.exe -> Downloader.Tiny.et : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0186583.exe -> Downloader.Tiny.et : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0187937.exe -> Downloader.Tiny.et : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP273\A0191234.exe -> Downloader.Tiny.et : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP271\A0191184.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP273\A0191232.exe -> Not-A-Virus.Hoax.Win32.Renos.fk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0182975.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP263\A0182988.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP264\A0183000.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP265\A0183009.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP266\A0183018.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP266\A0184034.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP266\A0184041.exe -> Not-A-Virus.Hoax.Win32.Renos.gc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP272\A0191215.dll -> Proxy.Dlena.at : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0172757.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174794.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174868.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP260\A0176953.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP260\A0176954.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0182953.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0182955.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0182956.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0182957.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0182958.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0182959.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0182960.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0182961.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0182962.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0182963.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185047.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0187964.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0181950.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0181954.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0186633.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP271\A0191189.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP273\A0191239.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0187908.exe -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0187921.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0187975.exe -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP271\A0191181.exe -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP271\A0191182.exe -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP271\A0191185.exe -> Worm.Banwarum.f : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0188043.exe -> Worm.Banwarum.f : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP271\A0191191.exe -> Worm.Banwarum.f : Cleaned with backup (quarantined).


::Report end

[tirol]

Hello Birani,

your log is clean now !

Regarding Kerio Firewall :

i've downloaded the version given in my post (i jump over the adverts against Zone alarm's presence), and all run well !
i got this line in my Hjt log (as you have) :
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

I think the problem comes from Sunbelt Kerio which proposes during installation "Advanced mode" by default.
I used the "simple mode".
So if you want to go on with Kerio :
De-install it :*Click Start > Settings > Control Panel.
*In the Control Panel window, double-click Add/Remove Programs.
*If you do not see the Add/Remove Programs icon, click "...view all Control Panel options."
*remove the following : Sunbelt Kerio Personal Firewall
don't answer yes when it will ask you to restart, but download the following genuine cleaner to your desktop:
http://www.sunbelt-s...s/SKPFClean.exe
Run SKPFClean.exe, it will take some times....
then restart now your machine when asked to do so.

If you wish re-install Kerio, redo the installation but in "Simple mode" this time.

If you don't want it anymore, i highly suggest Zone Alarm free firewall, which is more intuitive at usage .

When you will have installed one firewall, go here : http://www.pcflank.com/test.htm and do the different tests.
All your ports should indicate "stealth".
A contrario to a "closed" port, TCP/IP handshaking won't occur, if blackHat-hackers want to intrude your machine.
As timer will expire, their attemps will consider you as not existing.
If "closed" there will be an release answer, then they know "you're there".


Before stating all is clear, please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Did all my instructions given before went well ?

At last but not least, AVG antispyware is not an AntiVirus. It's a companion.
I will suggest to download Avast! and set it updating automatically (a nice voice will indicate the upgrades )

Now, tell me if the initial bad behaviours are gone, and your surfing is back to normal speed.
And, a fresh hjt log, please

thanks,
tirol.

[birani]

Hi Tirol

The surfing speed seems to be back to normal (my router is flashing at a normal rate and not going crazy!!). Here are my two logs as requested: (25 viruses found and 175 infected objects)......

KASPERSKY ONLINE SCANNER REPORT
Saturday, December 09, 2006 11:53:01 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 9/12/2006
Kaspersky Anti-Virus database records: 253610


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
M:\

Scan Statistics
Total number of scanned objects 133352
Number of viruses found 25
Number of infected objects 175 / 0
Number of suspicious objects 0
Duration of the scan process 00:58:35

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\1952f1241daed8a1e9f3823163a7b2f1_3ade599e-3bad-4cc4-9926-48f547e8ae34 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\72a8eeb6d374854423a53c55fe19b374_3ade599e-3bad-4cc4-9926-48f547e8ae34 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\ntl\ntl Netguard\logs\Fws.log Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012006120920061210\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Mum\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Mum\Desktop\Junk Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Mum\Desktop\Junk Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Mum\Desktop\Junk Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Mum\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mum\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mum\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Mum\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\x!..Charlotte..!x\Local Settings\Temp\hsperfdata_x!..Charlotte..!x\2380 Object is locked skipped

C:\Program Files\KService\data\error.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130645.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130647.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130648.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130651.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130652.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130655.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130656.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130657.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.v skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130658.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130659.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130660.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130661.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130662.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130666.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130668.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130669.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130670.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ab skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130671.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130785.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130786.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130787.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130789.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130791.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP193\A0130804.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0172759.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0172759.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0172759.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0172759.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0172759.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0172759.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0172759.exe NSIS: infected - 6 skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0173754.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0173754.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0173754.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0173754.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0173754.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0173754.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0173754.exe NSIS: infected - 6 skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173773.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173773.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173773.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173773.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173773.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173773.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173773.exe NSIS: infected - 6 skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173808.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173810.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173811.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173813.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173816.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173817.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173819.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173820.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173821.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173822.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173823.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173824.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173825.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173826.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173827.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173829.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173832.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173834.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173835.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173836.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173838.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173839.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173841.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173842.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0173843.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP256\A0174780.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174795.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174795.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174795.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174795.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174795.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174795.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174795.exe NSIS: infected - 6 skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174796.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174796.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174796.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174796.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174796.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174796.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174796.exe NSIS: infected - 6 skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174797.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174797.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174797.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174797.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174797.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174797.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174797.exe NSIS: infected - 6 skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174798.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174798.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174798.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174798.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174798.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174798.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174798.exe NSIS: infected - 6 skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174799.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174799.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174799.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174799.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174799.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174799.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174799.exe NSIS: infected - 6 skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP257\A0174851.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0181956.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0181957.exe Infected: Email-Worm.Win32.Glowa.n skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0181958.dll Infected: Email-Worm.Win32.Banwarum.f skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0181959.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0181960.exe Infected: Trojan-Downloader.Win32.Small.cph skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0181961.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0181962.exe Infected: Trojan-Downloader.Win32.Small.dam skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0181963.exe Infected: Trojan-Downloader.Win32.Small.dgk skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0181964.exe Infected: Trojan-Downloader.Win32.Small.dgk skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0181965.exe Infected: Trojan-Downloader.Win32.Tiny.bm skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0181966.exe Infected: Trojan-Downloader.Win32.Tiny.bm skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0181967.exe Infected: Packed.Win32.PePatch.dw skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP266\A0184035.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP266\A0184039.exe Infected: Trojan-Downloader.Win32.Small.dam skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0185172.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0185173.exe Infected: Email-Worm.Win32.Glowa.n skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0185174.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0185175.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186184.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186198.exe Infected: Worm.Win32.VB.an skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186199.exe Infected: Trojan.Win32.VB.abv skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186200.dll Infected: Email-Worm.Win32.Banwarum.f skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186201.exe Infected: Trojan-Downloader.Win32.Small.awa skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186202.dll Infected: Email-Worm.Win32.Banwarum.f skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186203.dll Infected: Email-Worm.Win32.Banwarum.f skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186204.exe Infected: Packed.Win32.PePatch.dw skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186205.exe Infected: Trojan-Downloader.Win32.Small.dgk skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186206.exe Infected: Trojan-Downloader.Win32.Tiny.bm skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186207.exe Infected: Packed.Win32.PePatch.dw skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186208.exe Infected: Trojan-Downloader.Win32.Small.dam skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186209.exe Infected: Trojan-Downloader.Win32.Small.dgk skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186210.dll Infected: Email-Worm.Win32.Banwarum.f skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186211.exe Infected: Backdoor.Win32.Rbot.gen skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186212.exe Infected: Trojan-Downloader.Win32.Tiny.bm skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186213.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186214.exe Infected: Trojan-Downloader.Win32.Small.cph skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0186432.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186545.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186546.exe Infected: Email-Worm.Win32.Glowa.n skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186547.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186548.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186562.exe Infected: Email-Worm.Win32.Glowa.n skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186563.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186564.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0186568.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0186569.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0186570.exe Infected: Email-Worm.Win32.Glowa.n skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0186571.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0187904.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0187905.exe Infected: Email-Worm.Win32.Glowa.n skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0187906.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0187907.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0187929.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0187930.exe Infected: Email-Worm.Win32.Glowa.n skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0187931.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP270\A0187932.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP271\A0188093.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP271\A0191186.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP271\A0191187.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP271\A0191188.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP271\A0191190.exe Infected: Email-Worm.Win32.Glowa.n skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP273\A0191235.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP274\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP273\A0191251.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP273\A0191251.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP273\A0191251.exe NSIS: infected - 2 skipped

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 11:57:43, on 09/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NeroCheck.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Documents and Settings\Mum\Desktop\Junk Desktop\Mum N Brian\Brians MP3 player\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.129.66.245/activex/AMC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InteractiveLogon - Unknown owner - C:\WINDOWS\system32\Fast.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


Many thanks for your time and I await your reply...........
Birani

[tirol]

Hello Birani,

thats's sound good.

Norton has been uninstalled, but not completely


1. Deleting unused services
Go to Start > Run and type cmd. In the box that comes up, type the following:

sc stop NProtectService
sc delete NProtectService
sc stop SNDSrvc
sc delete SNDSrvc

2. Re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

restart your machine.

Before i'll give you the final speech with some tips to get more secured,
please, i'd like to have a look into the Hijackthis log of all the users of this PC.

thanks,
tirol.

[birani]

Hi tirol,

As requested hijackthislogs of all users on the pc.

Many Thanks once again.

birani.



Logfile of HijackThis v1.99.1
Scan saved at 18:12:39, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Mum\Desktop\Junk Desktop\Mum N Brian\Brians MP3 player\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.129.66.245/activex/AMC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InteractiveLogon - Unknown owner - C:\WINDOWS\system32\Fast.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



Logfile of HijackThis v1.99.1
Scan saved at 17:57:55, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Mum\Desktop\Junk Desktop\Mum N Brian\Brians MP3 player\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.129.66.245/activex/AMC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InteractiveLogon - Unknown owner - C:\WINDOWS\system32\Fast.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



Logfile of HijackThis v1.99.1
Scan saved at 18:01:39, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Documents and Settings\x..Kerri..x\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://piczo.com/?cr=5&rfm=y
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.c...uth.srf?lc=1033
R3 - URLSearchHook: (no name) - {17EC0111-93F3-E726-8AFA-C66931DC8EC7} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {17E35919-92F3-E773-D1FA-C66931DC8DC3} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Dwub] "C:\WINDOWS\PPATCH~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Bzc] C:\Documents and Settings\x..Kerri..x\Application Data\?icrosoft\?hkdsk.exe
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm037YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.129.66.245/activex/AMC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InteractiveLogon - Unknown owner - C:\WINDOWS\system32\Fast.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

[tirol]

Hello Birani,

you will find here after the actions to clean the machine.
Please, save following instructions as you will run into safe mode without Web connection.
Save in a text file on the desktop or print it.
I hope you remind yourself which log is linked to which session.
I've taken them in the order of the listing.
Before starting give the administrator rights temporarly to the other users if they are not (from your administrator session).
--> 1.Click START then Control Panel.
--> 2.Open User Accounts in Control Panel.
--> 3.Click the user's account name.
--> 4.Click "Change the account type".
--> 5.Click the type of account you want (administrator), and then click "Change Account Type".

--------------- LOG # 1 ----------------

this one is clean ! Just do a cleaning.

1.ATF CleanerDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

--------------- LOG # 2 ----------------

log-in the session.
1. Create a folder on the desktop and move HijackThis.exe in.

2. Open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

3. Reboot into normal mode.

4.ATF CleanerDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


--------------- LOG # 3 ----------------

log-in the session.

1. Create a folder on the desktop and move HijackThis.exe in.

2. Open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {17EC0111-93F3-E726-8AFA-C66931DC8EC7} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {17E35919-92F3-E773-D1FA-C66931DC8DC3} - (no file)
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Dwub] "C:\WINDOWS\PPATCH~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Bzc] C:\Documents and Settings\x..Kerri..x\Application Data\?icrosoft\?hkdsk.exe
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm037YYGB


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

3. Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8.
A menu should come up where you will be given the option to enter Safe Mode.

4. Enabling the viewing of Hidden files:

• Close all programs so that you are at your desktop.
• Double-click on the My Computer icon.
• Select the Tools menu and click Folder Options.
• After the new window appears select the View tab.
• Put a checkmark in the checkbox labeled Display the contents of system folders.
• Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
• Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
• Remove the checkmark from the checkbox labeled Hide protected operating system files.
• Press the Apply button and then the OK button and shutdown My Computer.
• Now your computer is configured to show all hidden files.

5. Cleaning bad files
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):
C:\WINDOWS\system32\nordsys.exe

6. Cleaning bad folders
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):
C:\Program Files\Save\
C:\WINDOWS\PPATCH~1 <--- something beginning with PPATCH
C:\Documents and Settings\x..Kerri..x\Application Data\?icrosoft <--- BE very CAREFUL, the legitimate folder is Microsoft, check for another one


7.ATF CleanerDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

8.AVG antispyware scan

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

• Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
• AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
• Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Post fresh HJT logs from all users (indicate please, which one) and the AVG report.
And please, give me a feedback on all actions required,
thanks,
tirol.