[copperheadretro]

Hi all,
List of problems:

- Cannot Access Task Manager on the acc which is infected ( I made a new user acc with admin i can now access it, how ever couldnt when i booted in safe mode and logged in to the infected acc)
- I have to icons on my desktop named
- Trojan.Win32.BlackBird
- EditorFKWP1.5
These are existing in a file named "virii" on my DT
- Trojan-Downloader.Win32.Agent.bl.exe
- Trojan-Downloader.Win32.Agent.r.exe
- Trojan-Downloader.Win32.Agent.t.exe
- Trojan-Downloader.Win32.Agent.v.exe
There was lots more (8 or so) which i removed in safe mode and a few more spybot removed (Key logger which used @@ instead of o's)

Originally it changed my desktop background to the blackbird image which i deleted in safe mode and the xp theme so i changed that back, i am just concerned if i have any viruse's keyloggers ect ect on my computer and that something must be wrong as when i try to delete the two virus icons on my DT they are being used so something is going on, also i an access my tast manager.

I have just ran Malwarebytes and it has removed some objects so i need to restart my pc.
I will post a hijackthis log when i am back.

Any help appreciated.

Updated***
Read bottom post

Edited by copperheadretro, 27 April 2008 - 08:47 AM.

[Advertisements]

Hi there I can see a few items that need to be removed - so lets have at 'em

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN


Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\xbaqktfv.exe
  C:\WINDOWS\spwoqbmv.exe
  D:\Documents and Settings\All Users\Application Data\poryretq
  HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\z1mRn2eLCr
  Purity

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Logs required : OTMoveit and Combofix

[Essexboy]

Hi there I can see a few items that need to be removed - so lets have at 'em

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN


Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\xbaqktfv.exe
  C:\WINDOWS\spwoqbmv.exe
  D:\Documents and Settings\All Users\Application Data\poryretq
  HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\z1mRn2eLCr
  Purity

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Logs required : OTMoveit and Combofix

[copperheadretro]

***************************
I wrote this before i saw you responce so i'll post encase you need it but still do what you said

Copied what someone else was advised to do as i have important work due in so would appreciate an urgent reply..

http://www.geekstogo...ck-t196239.html

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

It didn't open 2 note pads only the main one.

Deckard's System Scanner v20071014.68
Run by l on 2008-04-27 15:32:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 2.2 GiB (less than 15%) free.


-- HijackThis (run as l.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:58, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
D:\Documents and Settings\l\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\l.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [razer] D:\razerhid.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9632 bytes

-- Files created between 2008-03-27 and 2008-04-27 -----------------------------

2008-04-27 13:22:26 0 d-------- D:\Documents and Settings\l\Application Data\DivX
2008-04-27 13:22:20 0 d-------- D:\Documents and Settings\l\Application Data\Media Player Classic
2008-04-27 12:19:46 145440 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-27 11:57:23 0 d-------- C:\Program Files\ZoneAlarmSB
2008-04-27 11:56:04 0 d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-27 11:55:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-27 11:55:40 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-04-27 11:54:30 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-27 11:53:26 0 d-------- C:\WINDOWS\Internet Logs
2008-04-27 11:43:14 0 d-------- C:\Program Files\SpywareBlaster
2008-04-27 11:22:22 0 d-------- C:\Program Files\Trend Micro
2008-04-27 11:03:32 0 --a------ C:\WINDOWS\ORUN32.EXE
2008-04-27 11:03:27 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2008-04-27 11:00:29 0 d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-27 11:00:14 0 d-------- D:\Documents and Settings\l\Application Data\SUPERAntiSpyware.com
2008-04-27 11:00:14 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-27 10:57:04 0 d-------- C:\Program Files\Panda Security
2008-04-27 10:54:39 0 d-------- D:\Documents and Settings\l\Application Data\Malwarebytes
2008-04-27 10:54:36 0 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 10:54:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 10:54:23 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-27 10:10:14 0 d-------- D:\Deckard
2008-04-27 10:05:45 0 d-------- D:\Documents and Settings\l\Application Data\Adobe
2008-04-27 10:04:03 0 d-------- D:\Documents and Settings\l\Application Data\Mozilla
2008-04-27 10:01:27 0 d--h----- D:\Documents and Settings\l\Templates
2008-04-27 10:01:27 0 dr------- D:\Documents and Settings\l\Start Menu
2008-04-27 10:01:27 0 dr-h----- D:\Documents and Settings\l\SendTo
2008-04-27 10:01:27 0 dr-h----- D:\Documents and Settings\l\Recent
2008-04-27 10:01:27 0 d--h----- D:\Documents and Settings\l\PrintHood
2008-04-27 10:01:27 1835008 --ah----- D:\Documents and Settings\l\NTUSER.DAT
2008-04-27 10:01:27 0 d--h----- D:\Documents and Settings\l\NetHood
2008-04-27 10:01:27 0 dr------- D:\Documents and Settings\l\My Documents
2008-04-27 10:01:27 0 d--h----- D:\Documents and Settings\l\Local Settings
2008-04-27 10:01:27 0 dr------- D:\Documents and Settings\l\Favorites
2008-04-27 10:01:27 0 dr------- D:\Documents and Settings\l\Desktop
2008-04-27 10:01:27 0 d--hs---- D:\Documents and Settings\l\Cookies
2008-04-27 10:01:27 0 dr-h----- D:\Documents and Settings\l\Application Data
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\You've Got Pictures Screensaver
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\Symantec
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\Real
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\Macromedia
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\Identities
2008-04-27 08:46:12 0 d-------- D:\Documents and Settings\All Users\Application Data\poryretq
2008-04-26 21:21:38 0 d-------- C:\Program Files\AliveMedia
2008-04-19 00:16:24 0 d-------- D:\Presets
2008-04-18 23:15:29 36868 --a------ C:\Program Files\uninst-Particular.exe
2008-04-18 23:15:17 0 d-------- C:\Program Files\Trapcode
2008-04-14 22:24:19 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-04-09 19:29:13 0 d--h----- D:\Documents and Settings\Administrator\Templates
2008-04-09 19:29:13 0 dr------- D:\Documents and Settings\Administrator\Start Menu
2008-04-09 19:29:13 0 dr-h----- D:\Documents and Settings\Administrator\SendTo
2008-04-09 19:29:13 0 dr-h----- D:\Documents and Settings\Administrator\Recent
2008-04-09 19:29:13 0 d--h----- D:\Documents and Settings\Administrator\PrintHood
2008-04-09 19:29:13 2097152 --ah----- D:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-09 19:29:13 0 d--h----- D:\Documents and Settings\Administrator\NetHood
2008-04-09 19:29:13 0 dr------- D:\Documents and Settings\Administrator\My Documents
2008-04-09 19:29:13 0 d--h----- D:\Documents and Settings\Administrator\Local Settings
2008-04-09 19:29:13 0 dr------- D:\Documents and Settings\Administrator\Favorites
2008-04-09 19:29:13 0 dr------- D:\Documents and Settings\Administrator\Desktop
2008-04-09 19:29:13 0 d--hs---- D:\Documents and Settings\Administrator\Cookies
2008-04-09 19:29:13 0 dr-h----- D:\Documents and Settings\Administrator\Application Data
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\Real
2008-04-09 19:29:13 0 d---s---- D:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\Identities
2008-04-09 01:07:42 0 d-------- C:\Program Files\Activision
2008-04-09 00:57:08 0 d-------- D:\dls
2008-04-09 00:50:05 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-08 23:20:47 0 d-------- C:\Program Files\PowerISO
2008-03-30 09:07:44 7450112 --a------ C:\WINDOWS\system32\FEC5 Render Engine 8BPC.dll
2008-03-30 09:07:44 6321152 --a------ C:\WINDOWS\system32\FEC5 Render Engine 16BPC.dll
2008-03-30 09:07:43 237568 -ra------ C:\WINDOWS\system32\qtmlClient.dll
2008-03-30 09:07:21 0 d-------- C:\Program Files\Final Effects Complete 5.0
2008-03-30 09:07:14 0 d-------- C:\Program Files\Boris FX, Inc
2008-03-30 03:33:26 0 d-------- C:\Program Files\EA GAMES
2008-03-29 13:58:54 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>


-- Find3M Report ---------------------------------------------------------------

2008-04-27 10:59:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 10:57:05 4514 --a----c- C:\WINDOWS\mozver.dat
2008-04-27 10:54:23 0 d-------- C:\Program Files\Common Files
2008-04-27 10:19:23 0 d-------- C:\Program Files\Steam12
2008-04-10 20:28:29 0 d-------- C:\Program Files\DivX
2008-04-10 01:27:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-29 12:13:50 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-23 22:41:13 0 d-------- C:\Program Files\VisualJockey Gold SP1
2008-03-07 21:45:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-04 23:46:15 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
27/04/2008 11:57 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [27/04/2008 11:57 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 15:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 15:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 15:00]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [07/01/2005 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [08/06/2005 17:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [04/03/2005 04:36]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [11/05/2005 14:48]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/11/2005 12:15]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 14:00]
"razer"="D:\razerhid.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/07/2007 09:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/02/2008 00:13]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 02:41]
"nwiz"="nwiz.exe" [05/12/2007 02:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 02:41]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [15/03/2008 00:50]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [02/04/2008 21:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 15:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [27/02/2007 11:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
"C:\Program Files\Octoshape Streaming Services\joe\OctoshapeClient.exe" -inv:bootrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime




-- End of Deckard's System Scanner: finished at 2008-04-27 15:33:50 ------------

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

ComboFix 08-04-26.3 - l 2008-04-27 15:37:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.591 [GMT 1:00]
Running from: D:\Documents and Settings\l\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\system32\CMMGR32.EXE

.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-27 13:22 . 2008-04-27 13:22 <DIR> d-------- D:\Documents and Settings\l\Application Data\Media Player Classic
2008-04-27 13:22 . 2008-04-27 13:22 <DIR> d-------- D:\Documents and Settings\l\Application Data\DivX
2008-04-27 12:19 . 2008-04-27 15:40 278,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-27 12:19 . 2008-04-27 13:12 3,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-27 11:57 . 2008-04-27 11:57 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-27 11:56 . 2008-04-27 11:56 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-27 11:55 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-27 11:55 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-27 11:55 . 2008-04-27 11:57 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-27 11:54 . 2008-04-27 11:54 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-27 11:53 . 2008-04-27 15:28 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-27 11:43 . 2008-04-27 11:43 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-27 11:22 . 2008-04-27 11:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 11:00 . 2008-04-27 11:00 <DIR> d-------- D:\Documents and Settings\l\Application Data\SUPERAntiSpyware.com
2008-04-27 11:00 . 2008-04-27 11:00 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-27 11:00 . 2008-04-27 11:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-27 10:57 . 2008-04-27 10:57 <DIR> d-------- C:\Program Files\Panda Security
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- D:\Documents and Settings\l\Application Data\Malwarebytes
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-27 10:01 . 2005-11-01 12:09 <DIR> d-------- D:\Documents and Settings\l\Application Data\You've Got Pictures Screensaver
2008-04-27 10:01 . 2005-11-01 12:11 <DIR> d-------- D:\Documents and Settings\l\Application Data\Symantec
2008-04-27 10:01 . 2008-04-27 10:01 <DIR> d-------- D:\Documents and Settings\l
2008-04-27 10:01 . 2008-04-27 15:40 1,024 --ah----- D:\Documents and Settings\l\ntuser.dat.LOG
2008-04-27 08:46 . 2008-04-27 11:15 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\poryretq
2008-04-26 21:21 . 2008-04-26 21:21 <DIR> d-------- C:\Program Files\AliveMedia
2008-04-18 23:15 . 2008-04-18 23:15 <DIR> d-------- C:\Program Files\Trapcode
2008-04-18 23:15 . 2008-04-18 23:15 <DIR> d-------- C:\Presets
2008-04-18 23:15 . 2008-04-19 00:33 36,868 --a------ C:\Program Files\uninst-Particular.exe
2008-04-14 22:24 . 2008-04-14 22:25 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-04-09 20:29 . 2008-04-09 18:54 10,431,488 --a------ C:\xac(2).msi
2008-04-09 19:29 . 2005-11-01 12:09 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-04-09 19:29 . 2005-11-01 12:11 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-09 19:29 . 2008-04-09 19:29 <DIR> d-------- D:\Documents and Settings\Administrator
2008-04-09 19:29 . 2008-04-27 15:37 1,024 --ah----- D:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-09 01:18 . 2008-04-09 01:18 319 --a------ C:\WINDOWS\game.ini
2008-04-09 01:07 . 2008-04-09 01:07 <DIR> d-------- C:\Program Files\Activision
2008-04-09 00:50 . 2008-04-09 00:50 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-08 23:20 . 2008-04-08 23:20 <DIR> d-------- C:\Program Files\PowerISO
2008-04-03 00:26 . 2008-04-03 00:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-30 09:12 . 2008-02-01 01:27 7,450,112 --a------ C:\WINDOWS\system32\FEC5 Render Engine 8BPC.dll.BAK
2008-03-30 09:12 . 2008-02-01 02:14 6,321,152 --a------ C:\WINDOWS\system32\FEC5 Render Engine 16BPC.dll.BAK
2008-03-30 09:12 . 2008-02-05 22:46 189,440 --a------ C:\WINDOWS\system32\Final.effects.complete.5.0_Crk.exe
2008-03-30 09:07 . 2008-03-30 09:07 <DIR> d-------- C:\Program Files\Final Effects Complete 5.0
2008-03-30 09:07 . 2008-03-30 09:07 <DIR> d-------- C:\Program Files\Boris FX, Inc
2008-03-30 09:07 . 2008-03-30 09:13 7,450,112 --a------ C:\WINDOWS\system32\FEC5 Render Engine 8BPC.dll
2008-03-30 09:07 . 2008-03-30 09:13 6,321,152 --a------ C:\WINDOWS\system32\FEC5 Render Engine 16BPC.dll
2008-03-30 09:07 . 2003-06-26 09:04 237,568 -ra------ C:\WINDOWS\system32\qtmlClient.dll
2008-03-30 03:37 . 2008-04-27 03:07 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-03-30 03:37 . 2008-04-27 03:07 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-03-30 03:33 . 2008-03-30 03:33 <DIR> d-------- C:\Program Files\EA GAMES
2008-03-29 13:58 . 2003-03-16 00:15 90,112 --a------ C:\WINDOWS\unvise32.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 12:15 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-04-27 09:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 09:19 --------- d-----w C:\Program Files\Steam12
2008-04-22 19:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-22 19:19 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-10 19:28 --------- d-----w C:\Program Files\DivX
2008-04-10 00:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 00:20 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-02 20:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-29 11:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-23 21:41 --------- d-----w C:\Program Files\VisualJockey Gold SP1
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-14 06:04 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-03-01 17:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-04 22:46 131,072 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-27 11:57 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-27 11:57 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-27 11:57 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 17:55 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 04:36 36975]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48 127118]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-01 12:15 180269]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"razer"="D:\razerhid.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18 270648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 00:50 233472]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"VIDC.LAGS"= lagarith.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-10 09:18 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
C:\Program Files\Octoshape Streaming Services\joe\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\movies\\mIRC\\mirc.exe"=
"C:\\Program Files\\Steam12\\steamapps\\shankland1\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\dfg\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\shankland\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\shankland\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\mario_110\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\dfg\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\mario_110\\source sdk base\\hl2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 17:08]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 12:14]
S2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys []
S3 5702b4bh;5702b4bh;D:\DOCUME~1\caroline\LOCALS~1\Temp\9E4Ln3e []
S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 10:11]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 22:53:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-27 14:30:00 C:\WINDOWS\Tasks\Setup my PC.job"
- C:\Apps\SMP\PCSETUP.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 15:40:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\5702b4bh]
"ImagePath"="\??\D:\DOCUME~1\caroline\LOCALS~1\Temp\9E4Ln3e"
.
Completion time: 2008-04-27 15:42:07
ComboFix-quarantined-files.txt 2008-04-27 14:41:46

Pre-Run: 2,268,905,472 bytes free
Post-Run: 2,232,373,248 bytes free

222 --- E O F --- 2008-04-12 03:44:36


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:58, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [razer] D:\razerhid.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9466 bytes

[copperheadretro]

Didn't show up in scan
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
Only thing close to it but by the looks of it zonealarm has delt with it?
Starting next step.
Thanks


**********************
File/Folder C:\WINDOWS\xbaqktfv.exe not found.
File/Folder C:\WINDOWS\spwoqbmv.exe not found.
D:\Documents and Settings\All Users\Application Data\poryretq moved successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\z1mRn2eLCr >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\z1mRn2eLCr not found.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04272008_155807


The result from the moveit step.

Doing combifix now.

Edited by copperheadretro, 27 April 2008 - 08:58 AM.

[copperheadretro]

Copied what someone else was advised to do as i have important work due in so would appreciate an urgent reply..

http://www.geekstogo...ck-t196239.html

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

It didn't open 2 note pads only the main one.

Deckard's System Scanner v20071014.68
Run by l on 2008-04-27 15:32:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 2.2 GiB (less than 15%) free.


-- HijackThis (run as l.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:58, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
D:\Documents and Settings\l\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\l.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [razer] D:\razerhid.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9632 bytes

-- Files created between 2008-03-27 and 2008-04-27 -----------------------------

2008-04-27 13:22:26 0 d-------- D:\Documents and Settings\l\Application Data\DivX
2008-04-27 13:22:20 0 d-------- D:\Documents and Settings\l\Application Data\Media Player Classic
2008-04-27 12:19:46 145440 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-27 11:57:23 0 d-------- C:\Program Files\ZoneAlarmSB
2008-04-27 11:56:04 0 d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-27 11:55:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-27 11:55:40 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-04-27 11:54:30 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-27 11:53:26 0 d-------- C:\WINDOWS\Internet Logs
2008-04-27 11:43:14 0 d-------- C:\Program Files\SpywareBlaster
2008-04-27 11:22:22 0 d-------- C:\Program Files\Trend Micro
2008-04-27 11:03:32 0 --a------ C:\WINDOWS\ORUN32.EXE
2008-04-27 11:03:27 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2008-04-27 11:00:29 0 d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-27 11:00:14 0 d-------- D:\Documents and Settings\l\Application Data\SUPERAntiSpyware.com
2008-04-27 11:00:14 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-27 10:57:04 0 d-------- C:\Program Files\Panda Security
2008-04-27 10:54:39 0 d-------- D:\Documents and Settings\l\Application Data\Malwarebytes
2008-04-27 10:54:36 0 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 10:54:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 10:54:23 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-27 10:10:14 0 d-------- D:\Deckard
2008-04-27 10:05:45 0 d-------- D:\Documents and Settings\l\Application Data\Adobe
2008-04-27 10:04:03 0 d-------- D:\Documents and Settings\l\Application Data\Mozilla
2008-04-27 10:01:27 0 d--h----- D:\Documents and Settings\l\Templates
2008-04-27 10:01:27 0 dr------- D:\Documents and Settings\l\Start Menu
2008-04-27 10:01:27 0 dr-h----- D:\Documents and Settings\l\SendTo
2008-04-27 10:01:27 0 dr-h----- D:\Documents and Settings\l\Recent
2008-04-27 10:01:27 0 d--h----- D:\Documents and Settings\l\PrintHood
2008-04-27 10:01:27 1835008 --ah----- D:\Documents and Settings\l\NTUSER.DAT
2008-04-27 10:01:27 0 d--h----- D:\Documents and Settings\l\NetHood
2008-04-27 10:01:27 0 dr------- D:\Documents and Settings\l\My Documents
2008-04-27 10:01:27 0 d--h----- D:\Documents and Settings\l\Local Settings
2008-04-27 10:01:27 0 dr------- D:\Documents and Settings\l\Favorites
2008-04-27 10:01:27 0 dr------- D:\Documents and Settings\l\Desktop
2008-04-27 10:01:27 0 d--hs---- D:\Documents and Settings\l\Cookies
2008-04-27 10:01:27 0 dr-h----- D:\Documents and Settings\l\Application Data
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\You've Got Pictures Screensaver
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\Symantec
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\Real
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\Macromedia
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\Identities
2008-04-27 08:46:12 0 d-------- D:\Documents and Settings\All Users\Application Data\poryretq
2008-04-26 21:21:38 0 d-------- C:\Program Files\AliveMedia
2008-04-19 00:16:24 0 d-------- D:\Presets
2008-04-18 23:15:29 36868 --a------ C:\Program Files\uninst-Particular.exe
2008-04-18 23:15:17 0 d-------- C:\Program Files\Trapcode
2008-04-14 22:24:19 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-04-09 19:29:13 0 d--h----- D:\Documents and Settings\Administrator\Templates
2008-04-09 19:29:13 0 dr------- D:\Documents and Settings\Administrator\Start Menu
2008-04-09 19:29:13 0 dr-h----- D:\Documents and Settings\Administrator\SendTo
2008-04-09 19:29:13 0 dr-h----- D:\Documents and Settings\Administrator\Recent
2008-04-09 19:29:13 0 d--h----- D:\Documents and Settings\Administrator\PrintHood
2008-04-09 19:29:13 2097152 --ah----- D:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-09 19:29:13 0 d--h----- D:\Documents and Settings\Administrator\NetHood
2008-04-09 19:29:13 0 dr------- D:\Documents and Settings\Administrator\My Documents
2008-04-09 19:29:13 0 d--h----- D:\Documents and Settings\Administrator\Local Settings
2008-04-09 19:29:13 0 dr------- D:\Documents and Settings\Administrator\Favorites
2008-04-09 19:29:13 0 dr------- D:\Documents and Settings\Administrator\Desktop
2008-04-09 19:29:13 0 d--hs---- D:\Documents and Settings\Administrator\Cookies
2008-04-09 19:29:13 0 dr-h----- D:\Documents and Settings\Administrator\Application Data
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\Real
2008-04-09 19:29:13 0 d---s---- D:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\Identities
2008-04-09 01:07:42 0 d-------- C:\Program Files\Activision
2008-04-09 00:57:08 0 d-------- D:\dls
2008-04-09 00:50:05 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-08 23:20:47 0 d-------- C:\Program Files\PowerISO
2008-03-30 09:07:44 7450112 --a------ C:\WINDOWS\system32\FEC5 Render Engine 8BPC.dll
2008-03-30 09:07:44 6321152 --a------ C:\WINDOWS\system32\FEC5 Render Engine 16BPC.dll
2008-03-30 09:07:43 237568 -ra------ C:\WINDOWS\system32\qtmlClient.dll
2008-03-30 09:07:21 0 d-------- C:\Program Files\Final Effects Complete 5.0
2008-03-30 09:07:14 0 d-------- C:\Program Files\Boris FX, Inc
2008-03-30 03:33:26 0 d-------- C:\Program Files\EA GAMES
2008-03-29 13:58:54 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>


-- Find3M Report ---------------------------------------------------------------

2008-04-27 10:59:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 10:57:05 4514 --a----c- C:\WINDOWS\mozver.dat
2008-04-27 10:54:23 0 d-------- C:\Program Files\Common Files
2008-04-27 10:19:23 0 d-------- C:\Program Files\Steam12
2008-04-10 20:28:29 0 d-------- C:\Program Files\DivX
2008-04-10 01:27:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-29 12:13:50 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-23 22:41:13 0 d-------- C:\Program Files\VisualJockey Gold SP1
2008-03-07 21:45:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-04 23:46:15 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
27/04/2008 11:57 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [27/04/2008 11:57 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 15:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 15:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 15:00]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [07/01/2005 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [08/06/2005 17:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [04/03/2005 04:36]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [11/05/2005 14:48]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/11/2005 12:15]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 14:00]
"razer"="D:\razerhid.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/07/2007 09:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/02/2008 00:13]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 02:41]
"nwiz"="nwiz.exe" [05/12/2007 02:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 02:41]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [15/03/2008 00:50]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [02/04/2008 21:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 15:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [27/02/2007 11:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
"C:\Program Files\Octoshape Streaming Services\joe\OctoshapeClient.exe" -inv:bootrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime




-- End of Deckard's System Scanner: finished at 2008-04-27 15:33:50 ------------

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

ComboFix 08-04-26.3 - l 2008-04-27 15:37:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.591 [GMT 1:00]
Running from: D:\Documents and Settings\l\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\system32\CMMGR32.EXE

.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-27 13:22 . 2008-04-27 13:22 <DIR> d-------- D:\Documents and Settings\l\Application Data\Media Player Classic
2008-04-27 13:22 . 2008-04-27 13:22 <DIR> d-------- D:\Documents and Settings\l\Application Data\DivX
2008-04-27 12:19 . 2008-04-27 15:40 278,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-27 12:19 . 2008-04-27 13:12 3,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-27 11:57 . 2008-04-27 11:57 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-27 11:56 . 2008-04-27 11:56 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-27 11:55 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-27 11:55 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-27 11:55 . 2008-04-27 11:57 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-27 11:54 . 2008-04-27 11:54 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-27 11:53 . 2008-04-27 15:28 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-27 11:43 . 2008-04-27 11:43 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-27 11:22 . 2008-04-27 11:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 11:00 . 2008-04-27 11:00 <DIR> d-------- D:\Documents and Settings\l\Application Data\SUPERAntiSpyware.com
2008-04-27 11:00 . 2008-04-27 11:00 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-27 11:00 . 2008-04-27 11:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-27 10:57 . 2008-04-27 10:57 <DIR> d-------- C:\Program Files\Panda Security
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- D:\Documents and Settings\l\Application Data\Malwarebytes
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-27 10:01 . 2005-11-01 12:09 <DIR> d-------- D:\Documents and Settings\l\Application Data\You've Got Pictures Screensaver
2008-04-27 10:01 . 2005-11-01 12:11 <DIR> d-------- D:\Documents and Settings\l\Application Data\Symantec
2008-04-27 10:01 . 2008-04-27 10:01 <DIR> d-------- D:\Documents and Settings\l
2008-04-27 10:01 . 2008-04-27 15:40 1,024 --ah----- D:\Documents and Settings\l\ntuser.dat.LOG
2008-04-27 08:46 . 2008-04-27 11:15 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\poryretq
2008-04-26 21:21 . 2008-04-26 21:21 <DIR> d-------- C:\Program Files\AliveMedia
2008-04-18 23:15 . 2008-04-18 23:15 <DIR> d-------- C:\Program Files\Trapcode
2008-04-18 23:15 . 2008-04-18 23:15 <DIR> d-------- C:\Presets
2008-04-18 23:15 . 2008-04-19 00:33 36,868 --a------ C:\Program Files\uninst-Particular.exe
2008-04-14 22:24 . 2008-04-14 22:25 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-04-09 20:29 . 2008-04-09 18:54 10,431,488 --a------ C:\xac(2).msi
2008-04-09 19:29 . 2005-11-01 12:09 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-04-09 19:29 . 2005-11-01 12:11 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-09 19:29 . 2008-04-09 19:29 <DIR> d-------- D:\Documents and Settings\Administrator
2008-04-09 19:29 . 2008-04-27 15:37 1,024 --ah----- D:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-09 01:18 . 2008-04-09 01:18 319 --a------ C:\WINDOWS\game.ini
2008-04-09 01:07 . 2008-04-09 01:07 <DIR> d-------- C:\Program Files\Activision
2008-04-09 00:50 . 2008-04-09 00:50 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-08 23:20 . 2008-04-08 23:20 <DIR> d-------- C:\Program Files\PowerISO
2008-04-03 00:26 . 2008-04-03 00:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-30 09:12 . 2008-02-01 01:27 7,450,112 --a------ C:\WINDOWS\system32\FEC5 Render Engine 8BPC.dll.BAK
2008-03-30 09:12 . 2008-02-01 02:14 6,321,152 --a------ C:\WINDOWS\system32\FEC5 Render Engine 16BPC.dll.BAK
2008-03-30 09:12 . 2008-02-05 22:46 189,440 --a------ C:\WINDOWS\system32\Final.effects.complete.5.0_Crk.exe
2008-03-30 09:07 . 2008-03-30 09:07 <DIR> d-------- C:\Program Files\Final Effects Complete 5.0
2008-03-30 09:07 . 2008-03-30 09:07 <DIR> d-------- C:\Program Files\Boris FX, Inc
2008-03-30 09:07 . 2008-03-30 09:13 7,450,112 --a------ C:\WINDOWS\system32\FEC5 Render Engine 8BPC.dll
2008-03-30 09:07 . 2008-03-30 09:13 6,321,152 --a------ C:\WINDOWS\system32\FEC5 Render Engine 16BPC.dll
2008-03-30 09:07 . 2003-06-26 09:04 237,568 -ra------ C:\WINDOWS\system32\qtmlClient.dll
2008-03-30 03:37 . 2008-04-27 03:07 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-03-30 03:37 . 2008-04-27 03:07 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-03-30 03:33 . 2008-03-30 03:33 <DIR> d-------- C:\Program Files\EA GAMES
2008-03-29 13:58 . 2003-03-16 00:15 90,112 --a------ C:\WINDOWS\unvise32.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 12:15 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-04-27 09:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 09:19 --------- d-----w C:\Program Files\Steam12
2008-04-22 19:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-22 19:19 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-10 19:28 --------- d-----w C:\Program Files\DivX
2008-04-10 00:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 00:20 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-02 20:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-29 11:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-23 21:41 --------- d-----w C:\Program Files\VisualJockey Gold SP1
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-14 06:04 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-03-01 17:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-04 22:46 131,072 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-27 11:57 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-27 11:57 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-27 11:57 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 17:55 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 04:36 36975]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48 127118]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-01 12:15 180269]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"razer"="D:\razerhid.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18 270648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 00:50 233472]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"VIDC.LAGS"= lagarith.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-10 09:18 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
C:\Program Files\Octoshape Streaming Services\joe\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\movies\\mIRC\\mirc.exe"=
"C:\\Program Files\\Steam12\\steamapps\\nameremoved\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\nameremoved\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\nameremoved\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\nameremoved\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\nameremoved\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\dfg\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\mario_110\\source sdk base\\hl2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 17:08]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 12:14]
S2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys []
S3 5702b4bh;5702b4bh;D:\DOCUME~1\caroline\LOCALS~1\Temp\9E4Ln3e []
S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 10:11]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 22:53:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-27 14:30:00 C:\WINDOWS\Tasks\Setup my PC.job"
- C:\Apps\SMP\PCSETUP.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 15:40:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\5702b4bh]
"ImagePath"="\??\D:\DOCUME~1\caroline\LOCALS~1\Temp\9E4Ln3e"
.
Completion time: 2008-04-27 15:42:07
ComboFix-quarantined-files.txt 2008-04-27 14:41:46

Pre-Run: 2,268,905,472 bytes free
Post-Run: 2,232,373,248 bytes free

222 --- E O F --- 2008-04-12 03:44:36


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:58, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [razer] D:\razerhid.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -

[Essexboy]

Hi there two things

First : do not try other fixes from similar posts as all infections are different

Second : do not edit your posts - as I am now totally confused as to what has been done and what hasn't

Could you confirm that you have run OTMoveit and could you re-run DSS and post a new main.txt please so that I can see where we are at

[copperheadretro]

Sorry just had the same virus so i made a bad assumption.
Yeh i have run OTmovieIT

All the trojans on my desktop have gone and i can now use task manager.
But i would like to be on the safe side so i will quickly run dss

[copperheadretro]

Deckard's System Scanner v20071014.68
Run by l on 2008-04-27 16:37:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 2.06 GiB (less than 15%) free.


-- HijackThis (run as l.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37, on 2008-04-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\l\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\l.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [razer] D:\razerhid.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9527 bytes

-- Files created between 2008-03-27 and 2008-04-27 -----------------------------

2008-04-27 15:58:07 0 d-------- D:\_OTMoveIt
2008-04-27 15:36:59 68096 --a------ C:\WINDOWS\zip.exe
2008-04-27 15:36:59 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-27 15:36:59 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-27 15:36:59 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-27 15:36:59 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-27 15:36:59 98816 --a------ C:\WINDOWS\sed.exe
2008-04-27 15:36:59 80412 --a------ C:\WINDOWS\grep.exe
2008-04-27 15:36:59 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-27 13:22:26 0 d-------- D:\Documents and Settings\l\Application Data\DivX
2008-04-27 13:22:20 0 d-------- D:\Documents and Settings\l\Application Data\Media Player Classic
2008-04-27 12:19:46 329760 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-27 11:57:23 0 d-------- C:\Program Files\ZoneAlarmSB
2008-04-27 11:56:04 0 d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-27 11:55:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-27 11:55:40 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-04-27 11:54:30 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-27 11:53:26 0 d-------- C:\WINDOWS\Internet Logs
2008-04-27 11:43:14 0 d-------- C:\Program Files\SpywareBlaster
2008-04-27 11:22:22 0 d-------- C:\Program Files\Trend Micro
2008-04-27 11:00:29 0 d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-27 11:00:14 0 d-------- D:\Documents and Settings\l\Application Data\SUPERAntiSpyware.com
2008-04-27 11:00:14 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-27 10:57:04 0 d-------- C:\Program Files\Panda Security
2008-04-27 10:54:39 0 d-------- D:\Documents and Settings\l\Application Data\Malwarebytes
2008-04-27 10:54:36 0 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 10:54:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 10:54:23 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-27 10:10:14 0 d-------- D:\Deckard
2008-04-27 10:05:45 0 d-------- D:\Documents and Settings\l\Application Data\Adobe
2008-04-27 10:04:03 0 d-------- D:\Documents and Settings\l\Application Data\Mozilla
2008-04-27 10:01:27 0 d--h----- D:\Documents and Settings\l\Templates
2008-04-27 10:01:27 0 dr------- D:\Documents and Settings\l\Start Menu
2008-04-27 10:01:27 0 dr-h----- D:\Documents and Settings\l\SendTo
2008-04-27 10:01:27 0 dr-h----- D:\Documents and Settings\l\Recent
2008-04-27 10:01:27 0 d--h----- D:\Documents and Settings\l\PrintHood
2008-04-27 10:01:27 2097152 --ah----- D:\Documents and Settings\l\NTUSER.DAT
2008-04-27 10:01:27 0 d--h----- D:\Documents and Settings\l\NetHood
2008-04-27 10:01:27 0 dr------- D:\Documents and Settings\l\My Documents
2008-04-27 10:01:27 0 d--h----- D:\Documents and Settings\l\Local Settings
2008-04-27 10:01:27 0 dr------- D:\Documents and Settings\l\Favorites
2008-04-27 10:01:27 0 dr------- D:\Documents and Settings\l\Desktop
2008-04-27 10:01:27 0 d--hs---- D:\Documents and Settings\l\Cookies
2008-04-27 10:01:27 0 dr-h----- D:\Documents and Settings\l\Application Data
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\You've Got Pictures Screensaver
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\Symantec
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\Real
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\Macromedia
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\Identities
2008-04-26 21:21:38 0 d-------- C:\Program Files\AliveMedia
2008-04-19 00:16:24 0 d-------- D:\Presets
2008-04-18 23:15:29 36868 --a------ C:\Program Files\uninst-Particular.exe
2008-04-18 23:15:17 0 d-------- C:\Program Files\Trapcode
2008-04-14 22:24:19 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-04-09 19:29:13 0 d--h----- D:\Documents and Settings\Administrator\Templates
2008-04-09 19:29:13 0 dr------- D:\Documents and Settings\Administrator\Start Menu
2008-04-09 19:29:13 0 dr-h----- D:\Documents and Settings\Administrator\SendTo
2008-04-09 19:29:13 0 dr-h----- D:\Documents and Settings\Administrator\Recent
2008-04-09 19:29:13 0 d--h----- D:\Documents and Settings\Administrator\PrintHood
2008-04-09 19:29:13 2097152 --ah----- D:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-09 19:29:13 0 d--h----- D:\Documents and Settings\Administrator\NetHood
2008-04-09 19:29:13 0 dr------- D:\Documents and Settings\Administrator\My Documents
2008-04-09 19:29:13 0 d--h----- D:\Documents and Settings\Administrator\Local Settings
2008-04-09 19:29:13 0 dr------- D:\Documents and Settings\Administrator\Favorites
2008-04-09 19:29:13 0 dr------- D:\Documents and Settings\Administrator\Desktop
2008-04-09 19:29:13 0 d--hs---- D:\Documents and Settings\Administrator\Cookies
2008-04-09 19:29:13 0 dr-h----- D:\Documents and Settings\Administrator\Application Data
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\Real
2008-04-09 19:29:13 0 d---s---- D:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\Identities
2008-04-09 01:07:42 0 d-------- C:\Program Files\Activision
2008-04-09 00:57:08 0 d-------- D:\dls
2008-04-09 00:50:05 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-08 23:20:47 0 d-------- C:\Program Files\PowerISO
2008-03-30 09:07:44 7450112 --a------ C:\WINDOWS\system32\FEC5 Render Engine 8BPC.dll
2008-03-30 09:07:44 6321152 --a------ C:\WINDOWS\system32\FEC5 Render Engine 16BPC.dll
2008-03-30 09:07:43 237568 -ra------ C:\WINDOWS\system32\qtmlClient.dll
2008-03-30 09:07:21 0 d-------- C:\Program Files\Final Effects Complete 5.0
2008-03-30 09:07:14 0 d-------- C:\Program Files\Boris FX, Inc
2008-03-30 03:33:26 0 d-------- C:\Program Files\EA GAMES
2008-03-29 13:58:54 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>


-- Find3M Report ---------------------------------------------------------------

2008-04-27 16:28:50 0 d-------- C:\Program Files\Steam12
2008-04-27 10:59:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 10:57:05 4514 --a----c- C:\WINDOWS\mozver.dat
2008-04-27 10:54:23 0 d-------- C:\Program Files\Common Files
2008-04-10 20:28:29 0 d-------- C:\Program Files\DivX
2008-04-10 01:27:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-29 12:13:50 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-23 22:41:13 0 d-------- C:\Program Files\VisualJockey Gold SP1
2008-03-07 21:45:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-04 23:46:15 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-27 11:57 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-27 11:57 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 17:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 04:36]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-01 12:15]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"razer"="D:\razerhid.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41]
"nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 00:50]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
"C:\Program Files\Octoshape Streaming Services\joe\OctoshapeClient.exe" -inv:bootrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

*Newly Created Service* - GTNDIS5



-- End of Deckard's System Scanner: finished at 2008-04-27 16:38:21 ------------

[Essexboy]

Sorry just had the same virus so i made a bad assumption.
Yeh i have run OTmovieIT All the trojans on my desktop have gone and i can now use task manager.
But i would like to be on the safe side so i will quickly run dss

The reason we say this is that some tools are very powerfull and may have unintended consequences if used improperly Nuff said

OTMoveit killed the files and registry items - good
Combofix killed the remainder - good

So subject to there being no more problems ...............

Now the best part of the day ----- Your log now appears clean

Double click OTmoveit once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTmoveit wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe

[copperheadretro]

Thanks.
It works for my new account but not my original one (Still can't open task manager)
Reason i originally said it worked was because it did for the account i installed all the dss on ect ect.
Shall i do same process for my main acc?

Edited by copperheadretro, 27 April 2008 - 09:59 AM.

[Essexboy]

Yes re-run on your main account and then do the following. I thought you were on your main account

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

• Close ALL OTHER PROGRAMS.
• Open the OTScanit folder and double-click on OTScanit.exe to start the program.
• Check the box that says Scan All User Accounts
• Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
• Under Additional Scans check the following:
  • File - Additional Folder Scans
  • File - Purity Scan
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

[copperheadretro]

Ok attached the file  OTScanIt.Txt   264.86KB   125 downloads

[Essexboy]

On completion of this fix can you let me know how your system is running

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> egkhxkih -> %SystemRoot%\system32\liruvync.exe [C:\WINDOWS\system32\liruvync.exe]
< Run [HKEY_USERS\S-1-5-21-3370090084-1161283519-642073430-1007\] > -> HKEY_USERS\S-1-5-21-3370090084-1161283519-642073430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> egkhxkih -> %SystemRoot%\system32\liruvync.exe [C:\WINDOWS\system32\liruvync.exe]
[Files/Folders - Modified Within 90 days]
NY -> a7r67cqd.dll -> D:\Documents and Settings\joe\Local Settings\Temp\a7r67cqd.dll
NY -> vzw1vrue.dll -> D:\Documents and Settings\joe\Local Settings\Temp\vzw1vrue.dll
NY -> xunjvijv.dll -> D:\Documents and Settings\joe\Local Settings\Temp\xunjvijv.dll
NY -> bx18dxv.dat -> D:\Documents and Settings\joe\Local Settings\Temp\bx18dxv.dat
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

[copperheadretro]

[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\egkhxkih deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3370090084-1161283519-642073430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\egkhxkih not found.
[Files/Folders - Modified Within 90 days]
DllUnregisterServer procedure not found in D:\Documents and Settings\joe\Local Settings\Temp\a7r67cqd.dll
D:\Documents and Settings\joe\Local Settings\Temp\a7r67cqd.dll NOT unregistered.
D:\Documents and Settings\joe\Local Settings\Temp\a7r67cqd.dll moved successfully.
DllUnregisterServer procedure not found in D:\Documents and Settings\joe\Local Settings\Temp\vzw1vrue.dll
D:\Documents and Settings\joe\Local Settings\Temp\vzw1vrue.dll NOT unregistered.
D:\Documents and Settings\joe\Local Settings\Temp\vzw1vrue.dll moved successfully.
DllUnregisterServer procedure not found in D:\Documents and Settings\joe\Local Settings\Temp\xunjvijv.dll
D:\Documents and Settings\joe\Local Settings\Temp\xunjvijv.dll NOT unregistered.
D:\Documents and Settings\joe\Local Settings\Temp\xunjvijv.dll moved successfully.
D:\Documents and Settings\joe\Local Settings\Temp\bx18dxv.dat moved successfully.
[Empty Temp Folders]
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ct1_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=1x1&regspeed=-1&genre=action&name=ATAtracker&PageId=1152892385761&random=1152892385761&ct=js&network=gamespy& scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ct1_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=1x1&regspeed=-1&genre=action&name=ATAtracker&PageId=1152892788185&random=1152892788185&ct=js&network=gamespy& scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892827950&random=1152892827950&regzip=tw1+4hy&network=gamespy&tile=1152892828421 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892844340&random=1152892844340&regzip=tw1+4hy&network=gamespy&tile=1152892844796 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892919681&random=1152892919681&regzip=tw1+4hy&network=gamespy&tile=1152892920125 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892931368&random=1152892931368&regzip=tw1+4hy&network=gamespy&tile=1152892931828 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152893491163&random=1152893491163&regzip=tw1+4hy&network=gamespy&tile=1152893491625 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894577644&random=1152894577644&regzip=tw1+4hy&network=gamespy&tile=1152894578109 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894596065&random=1152894596065&regzip=tw1+4hy&network=gamespy&tile=1152894596515 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894745888&random=1152894745888&regzip=tw1+4hy&network=gamespy&tile=1152894746343 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894768622&random=1152894768622&regzip=tw1+4hy&network=gamespy&tile=1152894769078 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898177390&random=1152898177390&regzip=tw1+4hy&network=gamespy&tile=1152898177750 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898916835&random=1152898916835&regzip=tw1+4hy&network=gamespy&tile=1152898917187 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899123250&random=1152899123250&regzip=tw1+4hy&network=gamespy&tile=1152899123609 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899275808&random=1152899275808&regzip=tw1+4hy&network=gamespy&tile=1152899276171 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899405757&random=1152899405757&regzip=tw1+4hy&network=gamespy&tile=1152899406109 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899439084&random=1152899439084&regzip=tw1+4hy&network=gamespy&tile=1152899439453 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899547034&random=1152899547034&regzip=tw1+4hy&network=gamespy&tile=1152899547406 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ject2_id=482217&site=counterstrike&dechannel=planet&size=1x1&regspeed=0&genre=action&name=ATAtracker&PageId=1152899123250&random=1152899123250&ct=js&regzip=tw1%2B4hy&network=gamespy& scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152890869137&random=1152890869137&network=gamespy&tile=1152890869609 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152890884871&random=1152890884871&network=gamespy&tile=1152890885328 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152890930432&random=1152890930432&network=gamespy&tile=1152890930906 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152892385761&random=1152892385761&network=gamespy&tile=1152892386203 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152892740484&random=1152892740484&network=gamespy&tile=1152892740937 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ct1_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=1x1&regspeed=-1&genre=action&name=ATAtracker&PageId=1152890869137&random=1152890869137&ct=js&network=gamespy& scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ct1_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=1x1&regspeed=-1&genre=action&name=ATAtracker&PageId=1152892795826&random=1152892795826&ct=js&network=gamespy& scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892834059&random=1152892834059&regzip=tw1+4hy&network=gamespy&tile=1152892834515 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892898166&random=1152892898166&regzip=tw1+4hy&network=gamespy&tile=1152892898625 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892904275&random=1152892904275&regzip=tw1+4hy&network=gamespy&tile=1152892904750 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892912291&random=1152892912291&regzip=tw1+4hy&network=gamespy&tile=1152892912750 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892937899&random=1152892937899&regzip=tw1+4hy&network=gamespy&tile=1152892938359 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152893058349&random=1152893058349&regzip=tw1+4hy&network=gamespy&tile=1152893058796 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152893153502&random=1152893153502&regzip=tw1+4hy&network=gamespy&tile=1152893153953 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894572222&random=1152894572222&regzip=tw1+4hy&network=gamespy&tile=1152894572687 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894589971&random=1152894589971&regzip=tw1+4hy&network=gamespy&tile=1152894590421 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894609471&random=1152894609471&regzip=tw1+4hy&network=gamespy&tile=1152894609921 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898187390&random=1152898187390&regzip=tw1+4hy&network=gamespy&tile=1152898187750 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898889617&random=1152898889617&regzip=tw1+4hy&network=gamespy&tile=1152898889968 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898953662&random=1152898953662&regzip=tw1+4hy&network=gamespy&tile=1152898954031 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898971552&random=1152898971552&regzip=tw1+4hy&network=gamespy&tile=1152898971906 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899128063&random=1152899128063&regzip=tw1+4hy&network=gamespy&tile=1152899128421 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899239825&random=1152899239825&regzip=tw1+4hy&network=gamespy&tile=1152899240187 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899270558&random=1152899270558&regzip=tw1+4hy&network=gamespy&tile=1152899270937 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899371368&random=1152899371368&regzip=tw1+4hy&network=gamespy&tile=1152899371718 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ject2_id=482217&site=counterstrike&dechannel=planet&size=1x1&regspeed=0&genre=action&name=ATAtracker&PageId=1152894572222&random=1152894572222&ct=js&regzip=tw1%2B4hy&network=gamespy& scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ject2_id=482217&site=counterstrike&dechannel=planet&size=1x1&regspeed=0&genre=action&name=ATAtracker&PageId=1152898177390&random=1152898177390&ct=js&regzip=tw1%2B4hy&network=gamespy& scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152890900589&random=1152890900589&network=gamespy&tile=1152890901078 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152892391979&random=1152892391979&network=gamespy&tile=1152892392453 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152892477133&random=1152892477133&network=gamespy&tile=1152892477593 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152892744609&random=1152892744609&network=gamespy&tile=1152892745078 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892855464&random=1152892855464&regzip=tw1+4hy&network=gamespy&tile=1152892855921 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892893416&random=1152892893416&regzip=tw1+4hy&network=gamespy&tile=1152892893875 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892963430&random=1152892963430&regzip=tw1+4hy&network=gamespy&tile=1152892963890 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152893024412&random=1152893024412&regzip=tw1+4hy&network=gamespy&tile=1152893024859 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152893030865&random=1152893030865&regzip=tw1+4hy&network=gamespy&tile=1152893031328 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152893065661&random=1152893065661&regzip=tw1+4hy&network=gamespy&tile=1152893066109 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894581800&random=1152894581800&regzip=tw1+4hy&network=gamespy&tile=1152894582281 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894665453&random=1152894665453&regzip=tw1+4hy&network=gamespy&tile=1152894665906 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894758029&random=1152894758029&regzip=tw1+4hy&network=gamespy&tile=1152894758468 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894782543&random=1152894782543&regzip=tw1+4hy&network=gamespy&tile=1152894783000 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898199108&random=1152898199108&regzip=tw1+4hy&network=gamespy&tile=1152898199468 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898202921&random=1152898202921&regzip=tw1+4hy&network=gamespy&tile=1152898203281 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898893820&random=1152898893820&regzip=tw1+4hy&network=gamespy&tile=1152898894171 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898899305&random=1152898899305&regzip=tw1+4hy&network=gamespy&tile=1152898899656 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898929960&random=1152898929960&regzip=tw1+4hy&network=gamespy&tile=1152898930328 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898966552&random=1152898966552&regzip=tw1+4hy&network=gamespy&tile=1152898966921 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899062706&random=1152899062706&regzip=tw1+4hy&network=gamespy&tile=1152899063062 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899110470&random=1152899110470&regzip=tw1+4hy&network=gamespy&tile=1152899110843 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899329681&random=1152899329681&regzip=tw1+4hy&network=gamespy&tile=1152899330046 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899367977&random=1152899367977&regzip=tw1+4hy&network=gamespy&tile=1152899368328 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899430756&random=1152899430756&regzip=tw1+4hy&network=gamespy&tile=1152899431125 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899536487&random=1152899536487&regzip=tw1+4hy&network=gamespy&tile=1152899536843 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899557158&random=1152899557158&regzip=tw1+4hy&network=gamespy&tile=1152899557515 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ject2_id=482217&site=counterstrike&dechannel=planet&size=1x1&regspeed=0&genre=action&name=ATAtracker&PageId=1152892827950&random=1152892827950&ct=js&regzip=tw1%2B4hy&network=gamespy& scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ject2_id=482217&site=counterstrike&dechannel=planet&size=1x1&regspeed=0&genre=action&name=ATAtracker&PageId=1152898889617&random=1152898889617&ct=js&regzip=tw1%2B4hy&network=gamespy& scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152892795826&random=1152892795826&network=gamespy&tile=1152892796281 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ct1_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=1x1&regspeed=-1&genre=action&name=ATAtracker&PageId=1152890959588&random=1152890959588&ct=js&network=gamespy& scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892839637&random=1152892839637&regzip=tw1+4hy&network=gamespy&tile=1152892840093 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892861855&random=1152892861855&regzip=tw1+4hy&network=gamespy&tile=1152892862328 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892908244&random=1152892908244&regzip=tw1+4hy&network=gamespy&tile=1152892908703 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892946524&random=1152892946524&regzip=tw1+4hy&network=gamespy&tile=1152892946968 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892972226&random=1152892972226&regzip=tw1+4hy&network=gamespy&tile=1152892972687 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152893093566&random=1152893093566&regzip=tw1+4hy&network=gamespy&tile=1152893094015 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894603034&random=1152894603034&regzip=tw1+4hy&network=gamespy&tile=1152894603484 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894738639&random=1152894738639&regzip=tw1+4hy&network=gamespy&tile=1152894739078 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898183671&random=1152898183671&regzip=tw1+4hy&network=gamespy&tile=1152898184031 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898959224&random=1152898959224&regzip=tw1+4hy&network=gamespy&tile=1152898959593 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899119266&random=1152899119266&regzip=tw1+4hy&network=gamespy&tile=1152899119625 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899300885&random=1152899300885&regzip=tw1+4hy&network=gamespy&tile=1152899301250 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899339087&random=1152899339087&regzip=tw1+4hy&network=gamespy&tile=1152899339453 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899358946&random=1152899358946&regzip=tw1+4hy&network=gamespy&tile=1152899359296 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899383789&random=1152899383789&regzip=tw1+4hy&network=gamespy&tile=1152899384140 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899432584&random=1152899432584&regzip=tw1+4hy&network=gamespy&tile=1152899432937 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899494707&random=1152899494707&regzip=tw1+4hy&network=gamespy&tile=1152899495093 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XYJCTE3\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152892788185&random=1152892788185&network=gamespy&tile=1152892788640 scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\joe\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_av_proI.tm~a00492\setup.lok scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_544.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT04691.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT07591.TMP scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.11.5 fix logfile created on 04292008_185701

Files moved on Reboot...
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ct1_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=1x1&regspeed=-1&genre=action&name=ATAtracker&PageId=1152892385761&random=1152892385761&ct=js&network=gamespy& not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ct1_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=1x1&regspeed=-1&genre=action&name=ATAtracker&PageId=1152892788185&random=1152892788185&ct=js&network=gamespy& not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892827950&random=1152892827950&regzip=tw1+4hy&network=gamespy&tile=1152892828421 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892844340&random=1152892844340&regzip=tw1+4hy&network=gamespy&tile=1152892844796 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892919681&random=1152892919681&regzip=tw1+4hy&network=gamespy&tile=1152892920125 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892931368&random=1152892931368&regzip=tw1+4hy&network=gamespy&tile=1152892931828 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152893491163&random=1152893491163&regzip=tw1+4hy&network=gamespy&tile=1152893491625 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894577644&random=1152894577644&regzip=tw1+4hy&network=gamespy&tile=1152894578109 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894596065&random=1152894596065&regzip=tw1+4hy&network=gamespy&tile=1152894596515 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894745888&random=1152894745888&regzip=tw1+4hy&network=gamespy&tile=1152894746343 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894768622&random=1152894768622&regzip=tw1+4hy&network=gamespy&tile=1152894769078 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898177390&random=1152898177390&regzip=tw1+4hy&network=gamespy&tile=1152898177750 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898916835&random=1152898916835&regzip=tw1+4hy&network=gamespy&tile=1152898917187 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899123250&random=1152899123250&regzip=tw1+4hy&network=gamespy&tile=1152899123609 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899275808&random=1152899275808&regzip=tw1+4hy&network=gamespy&tile=1152899276171 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899405757&random=1152899405757&regzip=tw1+4hy&network=gamespy&tile=1152899406109 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899439084&random=1152899439084&regzip=tw1+4hy&network=gamespy&tile=1152899439453 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899547034&random=1152899547034&regzip=tw1+4hy&network=gamespy&tile=1152899547406 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\ject2_id=482217&site=counterstrike&dechannel=planet&size=1x1&regspeed=0&genre=action&name=ATAtracker&PageId=1152899123250&random=1152899123250&ct=js&regzip=tw1%2B4hy&network=gamespy& not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152890869137&random=1152890869137&network=gamespy&tile=1152890869609 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152890884871&random=1152890884871&network=gamespy&tile=1152890885328 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152890930432&random=1152890930432&network=gamespy&tile=1152890930906 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152892385761&random=1152892385761&network=gamespy&tile=1152892386203 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5QZOT2F\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152892740484&random=1152892740484&network=gamespy&tile=1152892740937 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ct1_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=1x1&regspeed=-1&genre=action&name=ATAtracker&PageId=1152890869137&random=1152890869137&ct=js&network=gamespy& not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ct1_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=1x1&regspeed=-1&genre=action&name=ATAtracker&PageId=1152892795826&random=1152892795826&ct=js&network=gamespy& not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892834059&random=1152892834059&regzip=tw1+4hy&network=gamespy&tile=1152892834515 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892898166&random=1152892898166&regzip=tw1+4hy&network=gamespy&tile=1152892898625 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892904275&random=1152892904275&regzip=tw1+4hy&network=gamespy&tile=1152892904750 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892912291&random=1152892912291&regzip=tw1+4hy&network=gamespy&tile=1152892912750 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892937899&random=1152892937899&regzip=tw1+4hy&network=gamespy&tile=1152892938359 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152893058349&random=1152893058349&regzip=tw1+4hy&network=gamespy&tile=1152893058796 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152893153502&random=1152893153502&regzip=tw1+4hy&network=gamespy&tile=1152893153953 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894572222&random=1152894572222&regzip=tw1+4hy&network=gamespy&tile=1152894572687 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894589971&random=1152894589971&regzip=tw1+4hy&network=gamespy&tile=1152894590421 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894609471&random=1152894609471&regzip=tw1+4hy&network=gamespy&tile=1152894609921 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898187390&random=1152898187390&regzip=tw1+4hy&network=gamespy&tile=1152898187750 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898889617&random=1152898889617&regzip=tw1+4hy&network=gamespy&tile=1152898889968 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898953662&random=1152898953662&regzip=tw1+4hy&network=gamespy&tile=1152898954031 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152898971552&random=1152898971552&regzip=tw1+4hy&network=gamespy&tile=1152898971906 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899128063&random=1152899128063&regzip=tw1+4hy&network=gamespy&tile=1152899128421 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899239825&random=1152899239825&regzip=tw1+4hy&network=gamespy&tile=1152899240187 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899270558&random=1152899270558&regzip=tw1+4hy&network=gamespy&tile=1152899270937 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152899371368&random=1152899371368&regzip=tw1+4hy&network=gamespy&tile=1152899371718 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ject2_id=482217&site=counterstrike&dechannel=planet&size=1x1&regspeed=0&genre=action&name=ATAtracker&PageId=1152894572222&random=1152894572222&ct=js&regzip=tw1%2B4hy&network=gamespy& not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\ject2_id=482217&site=counterstrike&dechannel=planet&size=1x1&regspeed=0&genre=action&name=ATAtracker&PageId=1152898177390&random=1152898177390&ct=js&regzip=tw1%2B4hy&network=gamespy& not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152890900589&random=1152890900589&network=gamespy&tile=1152890901078 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152892391979&random=1152892391979&network=gamespy&tile=1152892392453 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152892477133&random=1152892477133&network=gamespy&tile=1152892477593 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5YR4LQR\_id=684438&object2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=-1&genre=action&PageId=1152892744609&random=1152892744609&network=gamespy&tile=1152892745078 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892855464&random=1152892855464&regzip=tw1+4hy&network=gamespy&tile=1152892855921 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892893416&random=1152892893416&regzip=tw1+4hy&network=gamespy&tile=1152892893875 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152892963430&random=1152892963430&regzip=tw1+4hy&network=gamespy&tile=1152892963890 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152893024412&random=1152893024412&regzip=tw1+4hy&network=gamespy&tile=1152893024859 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152893030865&random=1152893030865&regzip=tw1+4hy&network=gamespy&tile=1152893031328 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152893065661&random=1152893065661&regzip=tw1+4hy&network=gamespy&tile=1152893066109 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894581800&random=1152894581800&regzip=tw1+4hy&network=gamespy&tile=1152894582281 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894665453&random=1152894665453&regzip=tw1+4hy&network=gamespy&tile=1152894665906 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscraper&regspeed=0&genre=action&PageId=1152894758029&random=1152894758029&regzip=tw1+4hy&network=gamespy&tile=1152894758468 not found!
File D:\Documents and Settings\joe\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L6B81IB\ect2_id=482217&site=counterstrike&dechannel=planet&size=skyscr

Edited by copperheadretro, 29 April 2008 - 12:05 PM.

[Essexboy]

How is this account running now ?

And is it an admin account or a user account ?