Help with my HighjackThis log please......

Drop-Bear

Please help
As soon as I open windows xp pro this message comes up
THIS SYSTEM IS SHUTTING DOWN
Time before shut down 00:0059
Please save all work in progress. This shutdown was initiated by NT AUTHRITY\SYSTEM
MESSEGE
The system process C\windows\system32\services.exe terminated unexpectedly with status code 1073741819. The system will now shutdown and restart

I've run Blaster worm removal tool, that came back clean, Smitfraudfix, that also came back clean, and Vundfix, which wasn't clean but is now, but still having the same trouble.

I cannot access any programs such as my computer or even adobe PS, they just lock up and I have to close them with Task Manager.

Here is my HighjackThis log after vitumonde was removed, appreciate any help, thanks in advance.

Also this log was run as Scanner.exe, not HighjackThis.

Logfile of HijackThis v1.99.1
Scan saved at 11:59:05 PM, on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Steve\Desktop\hijackthis_199\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.au.acer.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0702E612-BC5D-421D-B95C-541263F75014} - (no file)
O2 - BHO: (no name) - {255E085C-C48F-4706-9A4F-AC5962320366} - (no file)
O2 - BHO: (no name) - {2EA0803B-32B3-46F7-BBFD-9C5CE2629639} - (no file)
O2 - BHO: (no name) - {3F472DA6-6E57-490E-A233-9838BC9C7D48} - (no file)
O2 - BHO: (no name) - {406F6E57-53BD-4579-9463-8B916B42E073} - (no file)
O2 - BHO: (no name) - {445B3610-4835-40B5-B5F9-AAEB70E8C046} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5FD73BA8-4DB7-451B-8BC0-B2BC1F4949EB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92BB9959-51A8-4064-B059-07FB1B355D23} - C:\WINDOWS\system32\mllji.dll
O2 - BHO: (no name) - {9AAC7F68-6F39-4D37-AB6E-511E3FF9FEB0} - (no file)
O2 - BHO: (no name) - {A3277A52-43B4-4E9A-917E-7791EC787857} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {CACA7731-9C77-464A-B1B7-462281DD8164} - C:\WINDOWS\system32\opnllmn.dll
O2 - BHO: (no name) - {DB6961DB-A809-4C63-A4D5-A9266B208691} - (no file)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\vryrxkpw.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\rpqxbklj.dll",realset
O4 - HKCU\..\Run: [LimeWire Acceleration Patch] C:\Documents and Settings\All Users\Start Menu\Programs\LimeWire Acceleration Patch\LimeWire Acceleration Patch.lnk
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll
O20 - Winlogon Notify: opnllmn - C:\WINDOWS\SYSTEM32\opnllmn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

Drop-Bear

Also it says my anti virus protection is turned off but I can see the avast Icon in the tray working......and it wont open my security centre when I click on the red shield??

Trogan

Hi Drop Bear,

Please delete your current version of VundoFix, and do the following...

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt in your next reply.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

2. I need to see another log from HijackThis.

• Run Hijackthis.
• Click on Open the Misc Tools section.
• Next click on Open uninstall manager.
• Press the Save list button.
• Save the file to your desktop, with the default name of uninstall_list
• Copy & Paste the entire contents of that file in your in your next post.

3. Please post the following...

VundoFix log
Uninstall list
New HijackThis log

Drop-Bear

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 12:06:42 AM 14/06/2007

Listing files found while scanning....

blank
C:\windows\system32\akmyswik.dll
C:\windows\system32\amyetlse.ini
C:\windows\system32\bcbjjpro.ini
C:\windows\system32\cprsaqfc.exe
C:\windows\system32\ddcyy.dll
C:\windows\system32\dxwmfamc.exe
C:\windows\system32\efcyyxy.dll
C:\windows\system32\eslteyma.dll
C:\windows\system32\fcgfvfqr.exe
C:\windows\system32\fhkmp.bak1
C:\windows\system32\gebya.dll
C:\windows\system32\grorxwpq.ini
C:\windows\system32\ijllm.bak1
C:\windows\system32\ijllm.bak2
C:\windows\system32\ijllm.ini
C:\windows\system32\j6251438.dll
C:\windows\system32\jkkjk.dll
C:\windows\system32\kiwsymka.ini
C:\windows\system32\ljvptfit.ini
C:\windows\system32\mljji.dll
C:\WINDOWS\system32\mllji.dll
C:\windows\system32\nsdodhvp.dll
C:\windows\system32\ohncwasm.dll
C:\WINDOWS\system32\opnllmn.dll
C:\windows\system32\orpjjbcb.dll
C:\windows\system32\pmkhf.dll
C:\windows\system32\pmnli.dll
C:\windows\system32\pmnlm.dll
C:\windows\system32\pmnnm.dll
C:\windows\system32\qpwxrorg.dll
C:\windows\system32\skxfaoex.exe
C:\windows\system32\tiftpvjl.dll
C:\windows\system32\tuwhlody.dll
C:\windows\system32\ugotunwx.ini
C:\windows\system32\vouqclvs.exe
C:\windows\system32\vryrxkpw.dll
C:\windows\system32\vtstt.dll
C:\WINDOWS\system32\wqfeujjl.dll
C:\windows\system32\wsvhdmav.exe
C:\WINDOWS\system32\xklaiwqr.dll
C:\windows\system32\xwnutogu.dll
C:\windows\system32\xxywtsr.dll
C:\windows\system32\ydolhwut.ini
C:\windows\system32\yrslhdri.dll

Beginning removal...

Attempting to delete C:\windows\system32\akmyswik.dll
C:\windows\system32\akmyswik.dll Has been deleted!

Attempting to delete C:\windows\system32\amyetlse.ini
C:\windows\system32\amyetlse.ini Has been deleted!

Attempting to delete C:\windows\system32\bcbjjpro.ini
C:\windows\system32\bcbjjpro.ini Has been deleted!

Attempting to delete C:\windows\system32\cprsaqfc.exe
C:\windows\system32\cprsaqfc.exe Has been deleted!

Attempting to delete C:\windows\system32\ddcyy.dll
C:\windows\system32\ddcyy.dll Has been deleted!

Attempting to delete C:\windows\system32\dxwmfamc.exe
C:\windows\system32\dxwmfamc.exe Has been deleted!

Attempting to delete C:\windows\system32\efcyyxy.dll
C:\windows\system32\efcyyxy.dll Has been deleted!

Attempting to delete C:\windows\system32\eslteyma.dll
C:\windows\system32\eslteyma.dll Has been deleted!

Attempting to delete C:\windows\system32\fcgfvfqr.exe
C:\windows\system32\fcgfvfqr.exe Has been deleted!

Attempting to delete C:\windows\system32\fhkmp.bak1
C:\windows\system32\fhkmp.bak1 Has been deleted!

Attempting to delete C:\windows\system32\gebya.dll
C:\windows\system32\gebya.dll Has been deleted!

Attempting to delete C:\windows\system32\grorxwpq.ini
C:\windows\system32\grorxwpq.ini Has been deleted!

Attempting to delete C:\windows\system32\ijllm.bak1
C:\windows\system32\ijllm.bak1 Has been deleted!

Attempting to delete C:\windows\system32\ijllm.bak2
C:\windows\system32\ijllm.bak2 Has been deleted!

Attempting to delete C:\windows\system32\ijllm.ini
C:\windows\system32\ijllm.ini Has been deleted!

Attempting to delete C:\windows\system32\j6251438.dll
C:\windows\system32\j6251438.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkjk.dll
C:\windows\system32\jkkjk.dll Has been deleted!

Attempting to delete C:\windows\system32\kiwsymka.ini
C:\windows\system32\kiwsymka.ini Has been deleted!

Attempting to delete C:\windows\system32\ljvptfit.ini
C:\windows\system32\ljvptfit.ini Has been deleted!

Attempting to delete C:\windows\system32\mljji.dll
C:\windows\system32\mljji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mllji.dll Has been deleted!

Attempting to delete C:\windows\system32\nsdodhvp.dll
C:\windows\system32\nsdodhvp.dll Has been deleted!

Attempting to delete C:\windows\system32\ohncwasm.dll
C:\windows\system32\ohncwasm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnllmn.dll
C:\WINDOWS\system32\opnllmn.dll Could not be deleted.

Attempting to delete C:\windows\system32\orpjjbcb.dll
C:\windows\system32\orpjjbcb.dll Has been deleted!

Attempting to delete C:\windows\system32\pmkhf.dll
C:\windows\system32\pmkhf.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnli.dll
C:\windows\system32\pmnli.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnlm.dll
C:\windows\system32\pmnlm.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnnm.dll
C:\windows\system32\pmnnm.dll Has been deleted!

Attempting to delete C:\windows\system32\qpwxrorg.dll
C:\windows\system32\qpwxrorg.dll Has been deleted!

Attempting to delete C:\windows\system32\skxfaoex.exe
C:\windows\system32\skxfaoex.exe Has been deleted!

Attempting to delete C:\windows\system32\tiftpvjl.dll
C:\windows\system32\tiftpvjl.dll Has been deleted!

Attempting to delete C:\windows\system32\tuwhlody.dll
C:\windows\system32\tuwhlody.dll Has been deleted!

Attempting to delete C:\windows\system32\ugotunwx.ini
C:\windows\system32\ugotunwx.ini Has been deleted!

Attempting to delete C:\windows\system32\vouqclvs.exe
C:\windows\system32\vouqclvs.exe Has been deleted!

Attempting to delete C:\windows\system32\vryrxkpw.dll
C:\windows\system32\vryrxkpw.dll Has been deleted!

Attempting to delete C:\windows\system32\vtstt.dll
C:\windows\system32\vtstt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wqfeujjl.dll
C:\WINDOWS\system32\wqfeujjl.dll Has been deleted!

Attempting to delete C:\windows\system32\wsvhdmav.exe
C:\windows\system32\wsvhdmav.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\xklaiwqr.dll
C:\WINDOWS\system32\xklaiwqr.dll Has been deleted!

Attempting to delete C:\windows\system32\xwnutogu.dll
C:\windows\system32\xwnutogu.dll Has been deleted!

Attempting to delete C:\windows\system32\xxywtsr.dll
C:\windows\system32\xxywtsr.dll Has been deleted!

Attempting to delete C:\windows\system32\ydolhwut.ini
C:\windows\system32\ydolhwut.ini Has been deleted!

Attempting to delete C:\windows\system32\yrslhdri.dll
C:\windows\system32\yrslhdri.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 12:14:22 AM 14/06/2007

Listing files found while scanning....

C:\windows\system32\opnllmn.dll

Beginning removal...

Attempting to delete C:\windows\system32\opnllmn.dll
C:\windows\system32\opnllmn.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 12:18:29 AM 14/06/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 4:38:04 AM 14/06/2007

Listing files found while scanning....

No infected files were found.

Drop-Bear

"Uninstall List"


Acer WLAN 11g USB Dongle
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
AnalogX MaxMem
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
avast! Antivirus
comsummer-1024x768
Corel Paint Shop Pro Photo XI
DH Driver Cleaner Professional Edition
DVD Shrink 3.2
Far Cry
GiPo@MoveOnBoot 1.9.5
Hauppauge MCE2005 Software Encoder
High Definition Audio Driver Package - KB888111
Hijackthis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB898444)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) Quick Resume Technology Drivers
J2SE Runtime Environment 5.0 Update 6
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 3.01 Full
LimeWire PRO 4.12.11
Media Center Extender
Media Center Extender
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Web Components
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Xbox 360 Accessories 1.1
Mozilla Firefox (2.0.0.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Demo
neroxml
ninemsn Internet Software
OCA Client history tool install
Open PLS in Windows Media Player 2.2.0
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
Otto
Realtek High Definition Audio Driver
Registry Mechanic 5.0
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Sonic Encoders
Spybot - Search & Destroy 1.4
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update Rollup 2 for Windows XP Media Center Edition 2005
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766

Drop-Bear

Logfile of HijackThis v1.99.1
Scan saved at 4:44:34 AM, on 14/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Steve\Desktop\hijackthis_199\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.au.acer.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0702E612-BC5D-421D-B95C-541263F75014} - (no file)
O2 - BHO: (no name) - {255E085C-C48F-4706-9A4F-AC5962320366} - (no file)
O2 - BHO: (no name) - {2EA0803B-32B3-46F7-BBFD-9C5CE2629639} - (no file)
O2 - BHO: (no name) - {3F472DA6-6E57-490E-A233-9838BC9C7D48} - (no file)
O2 - BHO: (no name) - {406F6E57-53BD-4579-9463-8B916B42E073} - (no file)
O2 - BHO: (no name) - {445B3610-4835-40B5-B5F9-AAEB70E8C046} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5FD73BA8-4DB7-451B-8BC0-B2BC1F4949EB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92BB9959-51A8-4064-B059-07FB1B355D23} - C:\WINDOWS\system32\mllji.dll (file missing)
O2 - BHO: (no name) - {9AAC7F68-6F39-4D37-AB6E-511E3FF9FEB0} - (no file)
O2 - BHO: (no name) - {A3277A52-43B4-4E9A-917E-7791EC787857} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {DB6961DB-A809-4C63-A4D5-A9266B208691} - (no file)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\vryrxkpw.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\rpqxbklj.dll",realset
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

Drop-Bear

I had to do all this in safe mode as it just kept locking up normally.

I hope it's what you were after.

Trogan

Hi Drop Bear,

Whoa! You had a lot of infected Vundo files.

Please check if Normal Mode works. If it does, please do the following there...

1. Please upload a file so VundoFix can be updated.

• Go here to Upload Malware
• Fill out the infomation, and post the link to this thread.
• In the File(s) To Submit: box 1. copy and paste the following:
  • C:\WINDOWS\system32\rpqxbklj.dll
• Click on Send File and close the page

2. Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:

comsummer-1024x768 <-- Remove this if you do not know what it is.
J2SE Runtime Environment 5.0 Update 6

3. Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0702E612-BC5D-421D-B95C-541263F75014} - (no file)
O2 - BHO: (no name) - {255E085C-C48F-4706-9A4F-AC5962320366} - (no file)
O2 - BHO: (no name) - {2EA0803B-32B3-46F7-BBFD-9C5CE2629639} - (no file)
O2 - BHO: (no name) - {3F472DA6-6E57-490E-A233-9838BC9C7D48} - (no file)
O2 - BHO: (no name) - {406F6E57-53BD-4579-9463-8B916B42E073} - (no file)
O2 - BHO: (no name) - {445B3610-4835-40B5-B5F9-AAEB70E8C046} - (no file)
O2 - BHO: (no name) - {5FD73BA8-4DB7-451B-8BC0-B2BC1F4949EB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {92BB9959-51A8-4064-B059-07FB1B355D23} - C:\WINDOWS\system32\mllji.dll (file missing)
O2 - BHO: (no name) - {9AAC7F68-6F39-4D37-AB6E-511E3FF9FEB0} - (no file)
O2 - BHO: (no name) - {A3277A52-43B4-4E9A-917E-7791EC787857} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {DB6961DB-A809-4C63-A4D5-A9266B208691} - (no file)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\vryrxkpw.dll (file missing)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\rpqxbklj.dll",realset

- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis

4. Run HijackThis again and click on Open the Misc Tools section.
Click on Delete a file on reboot...
Copy and paste the following into the "File name:" text box and then click Open:

C:\WINDOWS\system32\rpqxbklj.dll

When you are asked "Do you want to restart your computer now?", click OK.

Your PC MUST reboot to delete the file!

5. Please post a new HijackThis log, and let me know the status of the computer.

Drop-Bear

Nothing is responding, is it ok to do this in safe mode??

The only thing that seems to work ok is firefox..

I uploaded that file too.

Trogan

Yes!

Once completed, check Normal Mode again.

Drop-Bear

Trogan wrote:

Yes!

Once completed, check Normal Mode again.

Ok, followed your instructions to the T. The only things I couldn't do was remove "consumer-1024x768" or "J2SE Runtime Enviroment 5.0 Update 6".

I just got a message saying "The Windows installer service could not be accessed. This can occur if you are running Windows in safe mode, (which I was), or if the Windows installer is not correctly installed. Contact your support personnel for assistance".

Everything else seemed to work but still have the same problem when trying to run in normal mode......

Sorry I took so long, I had to manually write down all the files to remove as I can't save in my notepad in normal mode.

Here's the HJT log after I done what you requested.....

Logfile of HijackThis v1.99.1
Scan saved at 6:33:32 AM, on 14/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Steve\Desktop\hijackthis_199\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.au.acer.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

Trogan

What happens when you are in Normal Mode? Give as much detail as possible please.

Also, do this:

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Drop-Bear

This is what happens when I first boot up Windows, first mt desktop icons load then disappear and then load again, then I get the error message as in my first post, I then type "SHUTDOWN -a" into the run command box to stop the system from shutting down, then anything I try to open from the desktop wont open, the hourglass just appears then fades away and nothing happens.

When I try to shutdown or restart Windows the hourglass appears and then the system just hangs, and the window with the 3 options to either log off turn off or restart doesn't show either. So I hit ctrl, alt, delete and in the task manager it says SYSFADER........NOT RESPONDING, in fact that's what all the programs I try to run end up saying.

At the moment now I can't even extract the files out from SDFix.exe, can I extract them while in safe mode?

Trogan

How long has this been happening for?

Try extracting SDFix in Safe Mode.

Drop-Bear

Trogan wrote:

How long has this been happening for?

Try extracting SDFix in Safe Mode.

It happened first about a week ago, but I thought I fixed it with a system restore......It's gotten worse since yesterday.

I'll give this SDFix extraction a go in safe mode.

*EDIT* Just after I made this post I got a "system configuration utility message" saying, "An Access denied error was returned while attempting to change a service. You may need to log on using an administrator account to make the specified changes".

???

Drop-Bear

Alright....I ran the SDFix, and there's no error message and the computer started alot faster.

SDFix also asked me to run a catchme.exe file for hidden folders, should I do this also?

Here's the result....

SDFix: Version 1.87

Run by XXXXX - Thu 14/06/2007 - 8:02:33.90

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
NtmlSvc

ImagePath:
%SystemRoot%\System32\svchost.exe -k netsvcs

NtmlSvc - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service xpdx - Deleted after Reboot

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll - Deleted
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll - Deleted
C:\WINDOWS\system32\rpcc.exe - Deleted
C:\WINDOWS\Temp\$_2341233.TMP - Deleted
C:\WINDOWS\Temp\$_2341234.TMP - Deleted
C:\WINDOWS\Temp\$b17a2e8.tmp - Deleted
C:\WINDOWS\system32\xpdx.sys - Deleted



Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
:xpdt.sys 78560
Total size: 78560 bytes.

system32: deleted 78560 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking if ADS is attached to ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:

---

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer Zone\\Picture Slide DVD\\Component\\CLSLDVD.exe"="C:\\Program Files\\Acer Zone\\Picture Slide DVD\\Component\\CLSLDVD.exe:*:Enabled:Cyberlink Picture Slide DVD workprocess"
"C:\\Program Files\\Acer Zone\\Plug and Record\\Component\\ARAWP.exe"="C:\\Program Files\\Acer Zone\\Plug and Record\\Component\\ARAWP.exe:*:Enabled:Cyberlink Plug and Record ARA workprocess"
"C:\\Program Files\\Acer Zone\\Plug and Record\\Component\\DVAX2Process.exe"="C:\\Program Files\\Acer Zone\\Plug and Record\\Component\\DVAX2Process.exe:*:Enabled:Cyberlink Plug and Record AVAX workprocess"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\ehome\\ehshell.exe"="C:\\WINDOWS\\ehome\\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\OpenPlsInWMP\\OpenPlsInWMP.exe"="C:\\Program Files\\OpenPlsInWMP\\OpenPlsInWMP.exe:*:Enabled:OpenPlsInWMP"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Disabled:pando"
"C:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"="C:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe:*:Enabled:LiveUpdate"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:

---

Backups Folder: - C:\SDFix\backups\backups.zip

Listing Files with Hidden Attributes:

C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Messenger\XXXXXXXXX@hotmail.com\Sharing Folders\XXXXXXXXXXX@optusnet.com.au\Thumbs.db
C:\Documents and Settings\Steve\My Documents\Microsoft Office XP PRO (word, excel, powerpoint, outlook, access, frontpage, Publisher 2003)\MSDE2000\SQLRESLD.DLL
C:\WINDOWS\system32\NTIBUN4.dll
C:\WINDOWS\system32\NTICDMK7.dll
C:\WINDOWS\system32\NTIFCD3.dll
C:\WINDOWS\system32\NTIMP3.dll
C:\WINDOWS\system32\NTIMPEG2.dll
C:\WINDOWS\AcerDRV\InsD1211.exe
C:\WINDOWS\AcerDRV\InsD1215.exe
C:\WINDOWS\AcerDRV\rescan.exe
C:\WINDOWS\system32\KCMDNIns.exe
C:\WINDOWS\system32\reboot.exe
C:\WINDOWS\system32\rescan.exe
C:\WINDOWS\system32\6ABB69A29B.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE2.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp

Listing User Accounts:

XXXXX

Drop-Bear

And here is the latest HJT log....

Logfile of HijackThis v1.99.1
Scan saved at 8:12:01 AM, on 14/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Steve\Desktop\hijackthis_199\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.au.acer.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

Trogan

Hi Drop Bear,

Good Job! Your computer was severly infected and SDFix did a good job cleaning it.

A few more scans to make ensure the PC is clean.

Please do the following...

1. Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:

• Click the Update icon at the top and under Manual Update click the Start update button.
• The program will either update or inform you that no update was available.
• It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).

Please set up the program as follows:

• Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
• Click the Update icon and untick the automatic update option.
• Click on Scanner on the toolbar.
• Click on the Settings tab.
  • Under How to act? - make sure that Quarantine is selected.
  • Under How to scan? - All checkboxes should be ticked.
  • Under Possibly unwanted software - All checkboxes should be ticked.
  • Under Reports - Select Do not automatically generate reports.
  • Under What to scan? - Select Scan every file.

Close all open windows.

• Click on Scanner on the toolbar.
• Click on Complete System Scan to start the scan process.
• Let the program scan your computer.
• When the scan has finished, follow the instructions below:
  • Make sure that Set all elements to: shows Quarantine
  • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
  • When the program has finished, it will display the message All actions have been applied.
  • Then click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the AVG Tray Icon and select Exit.

2. Download this file to your Desktop - combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

3. Please do step 2 from post 8.

4. Please post the following...

AVG Anti-Spyware log
ComboFix log
Uninstall list
New HijackThis log

Drop-Bear

Ok, here we go......

---

AVG Anti-Spyware - Scan Report

---

+ Created at: 9:24:10 AM 14/06/2007

+ Scan result:



C:\WINDOWS\system32\jrvjgeda.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mcvyaawa.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\VundoFix Backups\efcyyxy.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\opnllmn.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Steve\My Documents\Nero 7 Keygen from Paradox\Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\Nero 7.0.1.2 Ultra Edition with Keygen - English.zip/Nero 7 Keygen from Paradox/Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\Nero 7.0.1.2 Ultra Edition with Keygen - English\Nero 7 Keygen from Paradox\Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).
C:\wyjgsa.exe -> Downloader.Tiny.he : Cleaned with backup (quarantined).
C:\Program Files\Incomplete\Preview-T-1128052-(Fairlight) windows x62 cd keys windows _uncensored_ [SVCD]\Setup.exe -> Dropper.Mudrop.du : Cleaned with backup (quarantined).
C:\VundoFix Backups\dxwmfamc.exe.bad -> Hijacker.Small.mw : Cleaned with backup (quarantined).
C:\VundoFix Backups\j6251438.dll.bad -> Hijacker.Small.mw : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/rpcc.exe -> Proxy.Dlena.ad : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.361:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Steve\Cookies\steve@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.48:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.733:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Steve\Cookies\steve@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.55:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.56:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.23:C:\Documents and Settings\MCX3\Application Data\Mozilla\Firefox\Profiles\ctzjug5z.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.100:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.27:C:\Documents and Settings\MCX3\Application Data\Mozilla\Firefox\Profiles\ctzjug5z.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.855:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.98:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.99:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.138:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Com : Cleaned.
:mozilla.139:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Com : Cleaned.
:mozilla.147:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.148:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.149:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.150:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Steve\Cookies\steve@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.26:C:\Documents and Settings\MCX3\Application Data\Mozilla\Firefox\Profiles\ctzjug5z.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\Documents and Settings\MCX3\Application Data\Mozilla\Firefox\Profiles\ctzjug5z.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.181:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.182:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.183:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.184:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.50:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.51:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.52:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.732:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.66:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.67:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.68:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.28:C:\Documents and Settings\MCX3\Application Data\Mozilla\Firefox\Profiles\ctzjug5z.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.269:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.270:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.874:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.875:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.876:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.877:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.878:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.879:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.288:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.289:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.818:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.557:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.416:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.892:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.442:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.443:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.446:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.447:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.24:C:\Documents and Settings\MCX3\Application Data\Mozilla\Firefox\Profiles\ctzjug5z.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.25:C:\Documents and Settings\MCX3\Application Data\Mozilla\Firefox\Profiles\ctzjug5z.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.449:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.450:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.481:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Real : Cleaned.
:mozilla.32:C:\Documents and Settings\MCX3\Application Data\Mozilla\Firefox\Profiles\ctzjug5z.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.33:C:\Documents and Settings\MCX3\Application Data\Mozilla\Firefox\Profiles\ctzjug5z.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.34:C:\Documents and Settings\MCX3\Application Data\Mozilla\Firefox\Profiles\ctzjug5z.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.482:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.483:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.484:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.485:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.486:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.487:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.495:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.496:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.497:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.498:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.499:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.500:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.734:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.196:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.197:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.517:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.518:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.519:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.520:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.521:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.95:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Steve\Cookies\steve@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Steve\Cookies\steve@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.819:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.820:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.29:C:\Documents and Settings\MCX3\Application Data\Mozilla\Firefox\Profiles\ctzjug5z.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.30:C:\Documents and Settings\MCX3\Application Data\Mozilla\Firefox\Profiles\ctzjug5z.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.53:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.548:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.549:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.54:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.550:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.551:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.569:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.570:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.571:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.572:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.573:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.594:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.599:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.35:C:\Documents and Settings\MCX3\Application Data\Mozilla\Firefox\Profiles\ctzjug5z.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.602:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.603:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.633:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Vortexmediagroup : Cleaned.
:mozilla.10:C:\Documents and Settings\MCX3\Application Data\Mozilla\Firefox\Profiles\ctzjug5z.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.25:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.826:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Steve\Cookies\steve@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.672:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.722:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.723:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.724:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.725:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.726:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.727:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.728:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.729:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\1h5dsadq.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\VundoFix Backups\cprsaqfc.exe.bad -> Trojan.Agent.anr : Cleaned with backup (quarantined).
C:\VundoFix Backups\fcgfvfqr.exe.bad -> Trojan.Agent.anr : Cleaned with backup (quarantined).
C:\VundoFix Backups\skxfaoex.exe.bad -> Trojan.Agent.anr : Cleaned with backup (quarantined).
C:\VundoFix Backups\vouqclvs.exe.bad -> Trojan.Agent.anr : Cleaned with backup (quarantined).
C:\VundoFix Backups\wsvhdmav.exe.bad -> Trojan.Agent.anr : Cleaned with backup (quarantined).
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\N7DZR9WW\xc60[1].exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winbjt32.dll -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winxtx32.dll -> Trojan.Dialer.qn : Cleaned with backup (quarantined).


::Report end

Drop-Bear

ComboFix 07-06-13.3 - C:\Documents and Settings\Steve\Desktop\ComboFix.exe
"Steve" - 2007-06-14 9:27:41 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\onulfrau.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))


2007-06-14 09:26 49,152 --a

---

C:\WINDOWS\nircmd.exe
2007-06-14 08:50 10,872 --a

---

C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-14 05:00 <DIR> d

---

C:\db8fd66873ef9c542e8def25
2007-06-14 03:03 <DIR> d

---

C:\WINDOWS\LastGood.Tmp
2007-06-14 01:50 3,364 --a

---

C:\WINDOWS\system32\tmp.reg
2007-06-14 00:14 <DIR> d

---

C:\WINDOWS\CSC
2007-06-14 00:06 <DIR> d

---

C:\VundoFix Backups
2007-06-13 23:26 <DIR> d

---

C:\Program Files\Common Files\Corel
2007-06-13 02:34 <DIR> d

---

C:\Program Files\Microsoft Games
2007-06-13 00:04 <DIR> d

---

C:\DOCUME~1\Steve\APPLIC~1\uTorrent
2007-06-12 15:39 4,980,736 --a

---

C:\DOCUME~1\Steve\ntuser.dat
2007-06-12 15:39 1,085,440 --a

---

C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-06-12 03:05 <DIR> d--hs---- C:\found.000
2007-06-12 02:54 <DIR> d

---

C:\Program Files\ATI Technologies
2007-06-12 02:38 <DIR> d

---

C:\WINDOWS\LastGood(2)
2007-06-12 01:44 <DIR> d

---

C:\WINDOWS\LastGood(3)
2007-06-11 23:44 <DIR> d

---

C:\Program Files\NGOATIOD173(2)
2007-06-11 17:02 <DIR> d

---

C:\WINDOWS\system32\NtmsData
2007-06-10 01:48 315,392 --a

---

C:\WINDOWS\HideWin.exe
2007-06-09 23:46 <DIR> d

---

C:\Program Files\GiPo@Utilities
2007-06-09 23:46 <DIR> d

---

C:\Program Files\Common Files\Gibinsoft Shared
2007-06-09 21:39 <DIR> d

---

C:\WINDOWS\pss
2007-06-09 15:12 <DIR> d--h

---

C:\WINDOWS\PIF
2007-06-09 14:31 <DIR> d

---

C:\New Folder
2007-06-08 00:24 <DIR> d

---

C:\Program Files\AnalogX
2007-06-07 17:34 55,316 --a

---

C:\WINDOWS\system32\wwutntcy.dll
2007-06-07 06:01 1,040,384 --a

---

C:\WINDOWS\system32\libeay32.dll
2007-06-07 06:00 196,608 --a

---

C:\WINDOWS\system32\ssleay32.dll
2007-06-07 00:21 44,032 --a

---

C:\WINDOWS\unwash.exe
2007-06-07 00:19 55,808 --a

---

C:\WINDOWS\unSpySweeper.exe
2007-06-07 00:17 <DIR> d

---

C:\Program Files\Lavasoft
2007-06-06 19:45 <DIR> d

---

C:\Program Files\DVD Shrink
2007-06-06 19:45 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-06-06 19:02 <DIR> d

---

C:\DOCUME~1\Steve\APPLIC~1\ImgBurn
2007-06-06 17:39 <DIR> d

---

C:\Program Files\Driver Cleaner Pro
2007-06-05 16:44 <DIR> d

---

C:\DOCUME~1\Steve\APPLIC~1\Ahead
2007-06-05 16:42 <DIR> d

---

C:\Program Files\Nero
2007-06-05 16:42 <DIR> d

---

C:\Program Files\Common Files\Ahead
2007-06-05 06:15 <DIR> d

---

C:\Program Files\Incomplete
2007-06-04 16:24 <DIR> d

---

C:\ATI
2007-06-04 04:17 42,472 --a

---

C:\DOCUME~1\Steve\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-06-04 01:50 <DIR> d

---

C:\Program Files\LimeWire Acceleration Patch
2007-06-02 18:13 <DIR> d

---

C:\DOCUME~1\Steve\APPLIC~1\SecondLife
2007-05-31 17:14 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-30 22:12 <DIR> d

---

C:\Program Files\Microsoft ActiveSync
2007-05-30 22:11 <DIR> d

---

C:\WINDOWS\ShellNew
2007-05-28 18:51 68,888 --a

---

C:\WINDOWS\system32\xinput1_3.dll
2007-05-28 18:51 <DIR> d

---

C:\Program Files\Microsoft Xbox 360 Accessories
2007-05-26 17:34 89,360 --a

---

C:\WINDOWS\system32\VB5DB.DLL
2007-05-26 17:34 69,632 --a

---

C:\WINDOWS\system32\xmltok.dll
2007-05-26 17:34 36,864 --a

---

C:\WINDOWS\system32\xmlparse.dll
2007-05-26 17:34 26,096 --a

---

C:\WINDOWS\system32\xmlinst.exe
2007-05-26 17:30 <DIR> d

---

C:\Program Files\Ubisoft
2007-05-24 16:54 <DIR> d

---

C:\DOCUME~1\Steve\mahjongg3d
2007-05-23 16:54 1,048,576 --ah

---

C:\DOCUME~1\MCX3\ntuser.dat
2007-05-23 16:54 <DIR> d

---

C:\DOCUME~1\MCX3\APPLIC~1\Creative
2007-05-22 19:18 306,688 --a

---

C:\WINDOWS\IsUninst.exe
2007-05-22 19:07 65,536 --a

---

C:\WINDOWS\system32\MFC71DEU.DLL
2007-05-22 19:07 61,440 --a

---

C:\WINDOWS\system32\MFC71ITA.DLL
2007-05-22 19:07 61,440 --a

---

C:\WINDOWS\system32\MFC71ESP.DLL
2007-05-22 19:07 57,344 --a

---

C:\WINDOWS\system32\MFC71ENU.DLL
2007-05-22 19:07 49,152 --a

---

C:\WINDOWS\system32\MFC71KOR.DLL
2007-05-22 19:07 49,152 --a

---

C:\WINDOWS\system32\MFC71JPN.DLL
2007-05-22 19:07 45,056 --a

---

C:\WINDOWS\system32\MFC71CHT.DLL
2007-05-22 19:07 40,960 --a

---

C:\WINDOWS\system32\MFC71CHS.DLL
2007-05-22 19:07 <DIR> d

---

C:\Program Files\Common Files\Logitech
2007-05-22 19:06 <DIR> d

---

C:\Program Files\Logitech
2007-05-20 13:58 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
2007-05-18 11:39 7,610,368 --a

---

C:\WINDOWS\system32\atioglx2.dll
2007-05-18 11:30 972,072 --a

---

C:\WINDOWS\system32\ativva6x.dat
2007-05-18 11:30 3,107,788 --a

---

C:\WINDOWS\system32\ativvaxx.dat
2007-05-18 11:30 3,107,788 --a

---

C:\WINDOWS\system32\ativva5x.dat
2007-05-18 11:14 46,592 --a

---

C:\WINDOWS\system32\atiok3x2.dll
2007-05-17 07:57 <DIR> d

---

C:\DOCUME~1\Steve\APPLIC~1\AVSMedia
2007-05-17 07:55 974,848 --a

---

C:\WINDOWS\system32\mfc70.dll
2007-05-17 07:55 487,424 --a

---

C:\WINDOWS\system32\msvcp70.dll
2007-05-17 07:55 261,632 --a

---

C:\WINDOWS\system32\mcdvd_32.dll
2007-05-17 07:55 24,576 --a

---

C:\WINDOWS\system32\msxml3a.dll
2007-05-17 07:55 1,700,352 --a

---

C:\WINDOWS\system32\gdiplus.dll
2007-05-17 07:55 <DIR> d

---

C:\Program Files\Common Files\AVSMedia
2007-05-17 07:55 <DIR> d

---

C:\Program Files\AVSMedia
2007-05-17 00:02 <DIR> d

---

C:\Program Files\Common Files\Download Manager
2007-05-15 08:16 <DIR> d

---

C:\Program Files\Audacity


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-13 23:23:36

---

d

---

w C:\Program Files\LimeWire
2007-06-13 07:33:03 586 ----a-w C:\WINDOWS\system32\qwavecache.dat
2007-06-13 01:37:24

---

d

---

w C:\DOCUME~1\Steve\APPLIC~1\Corel
2007-06-12 05:54:29

---

d

---

w C:\DOCUME~1\Steve\APPLIC~1\LimeWire
2007-06-11 16:54:52

---

d--h--w C:\Program Files\InstallShield Installation Information
2007-06-09 13:00:04

---

d

---

w C:\Program Files\Acer Zone
2007-06-07 14:44:26 4,076 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-06 03:13:49

---

d

---

w C:\Program Files\Google
2007-06-05 16:12:01

---

d

---

w C:\Program Files\Yahoo!
2007-06-05 16:11:31

---

d

---

w C:\Program Files\CyberLink
2007-06-05 16:06:51

---

d

---

w C:\Program Files\Common Files\NewTech Infosystems
2007-06-05 16:06:33

---

d

---

w C:\Program Files\NewTech Infosystems
2007-05-26 07:38:12 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-21 07:01:57

---

d

---

w C:\Program Files\Windows Media Connect 2
2007-05-18 01:58:58 339,968 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-05-18 01:58:04 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-05-18 01:57:53 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-05-18 01:57:34 2,164,736 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-05-18 01:51:01 139,264 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-05-18 01:50:52 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-05-18 01:50:46 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-05-18 01:50:34 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-05-18 01:50:34 118,784 ----a-w C:\WINDOWS\system32\ati2evxx(3).dll
2007-05-18 01:49:14 479,232 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-05-18 01:48:26 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-05-18 01:41:03 2,922,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-05-18 01:30:58 1,512,960 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-05-18 01:19:50 5,431,296 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-05-18 01:17:27 262,144 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-05-18 01:16:04 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-05-18 01:10:21 368,640 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-05-17 11:05:00 520,192

---

w C:\WINDOWS\system32\ati2sgag.exe
2007-05-08 12:28:38 88 --sh--r C:\WINDOWS\system32\6ABB69A29B.sys
2007-05-08 12:19:56

---

d

---

w C:\Program Files\Corel keygen
2007-05-08 08:21:01

---

d

---

w C:\Program Files\Corel
2007-05-08 04:21:37

---

d

---

w C:\Program Files\Common Files\Adobe Systems Shared
2007-05-08 03:35:31

---

d

---

w C:\Program Files\Adobe Photoshop
2007-05-04 12:38:11

---

d

---

w C:\DOCUME~1\Steve\APPLIC~1\CyberLink
2007-05-04 12:30:42

---

d

---

w C:\DOCUME~1\Steve\APPLIC~1\Otto
2007-05-04 04:59:04

---

d

---

w C:\Program Files\MSXML 4.0
2007-05-04 02:52:33

---

d

---

w C:\DOCUME~1\Steve\APPLIC~1\Google
2007-05-03 06:51:43

---

d

---

w C:\DOCUME~1\Steve\APPLIC~1\MSNInstaller
2007-05-03 05:41:38

---

d

---

w C:\Program Files\siemens speadstream
2007-05-03 03:05:51

---

d

---

w C:\DOCUME~1\Steve\APPLIC~1\Media Player Classic
2007-05-03 03:05:15

---

d

---

w C:\Program Files\K-Lite Codec Pack
2007-05-03 02:49:27

---

d

---

w C:\DOCUME~1\Steve\APPLIC~1\Apple Computer
2007-05-02 09:58:49 188 ----a-w C:\WINDOWS\system32\eDataSecurity.dat
2007-05-02 08:11:24

---

d

---

w C:\Program Files\Orban
2007-05-02 07:26:33

---

d

---

w C:\Program Files\OpenPlsInWMP
2007-05-02 05:54:04 1,156 ----a-w C:\WINDOWS\mozver.dat
2007-05-02 03:31:32

---

d

---

w C:\Program Files\MSN Messenger
2007-05-02 03:16:23

---

d

---

w C:\DOCUME~1\Steve\APPLIC~1\Leadertech
2007-05-02 03:07:16

---

d

---

w C:\DOCUME~1\Steve\APPLIC~1\AdobeAUM
2007-05-02 03:07:15

---

d

---

w C:\DOCUME~1\Steve\APPLIC~1\AdobeUM
2007-05-02 02:11:08 0 ----a-w C:\WINDOWS\nsreg.dat
2007-05-02 01:48:40

---

d

---

w C:\Program Files\Alwil Software
2007-05-02 01:34:57

---

d

---

w C:\Program Files\Common Files\Symantec Shared
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-22 21:15:25 7,144 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-23 20:23:23 77,824 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 09:00 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 C:\WINDOWS\SkyTel.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-07 00:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 07:03]
"CTHelper"="CTHELPER.EXE" [2005-12-08 11:06 C:\WINDOWS\CTHELPER.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-05-01 01:42]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-02-12 17:21]
"RegistryMechanic"="" []
"SMSERIAL"="sm56hlpr.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-05-30 22:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 22:29]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
NtmlSvc

*Newly Created Service* - AVGASCLN

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-14 09:30:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-14 9:31:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-14 09:31

--- E O F ---

Drop-Bear

Acer WLAN 11g USB Dongle
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
AnalogX MaxMem
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
avast! Antivirus
AVG Anti-Spyware 7.5
comsummer-1024x768
Corel Paint Shop Pro Photo XI
DH Driver Cleaner Professional Edition
DVD Shrink 3.2
Far Cry
GiPo@MoveOnBoot 1.9.5
Hauppauge MCE2005 Software Encoder
High Definition Audio Driver Package - KB888111
Hijackthis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB898444)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) Quick Resume Technology Drivers
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 3.01 Full
LimeWire PRO 4.12.11
Media Center Extender
Media Center Extender
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Web Components
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Xbox 360 Accessories 1.1
Mozilla Firefox (2.0.0.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Demo
neroxml
ninemsn Internet Software
OCA Client history tool install
Open PLS in Windows Media Player 2.2.0
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
Otto
Realtek High Definition Audio Driver
Registry Mechanic 5.0
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Sonic Encoders
Spybot - Search & Destroy 1.4
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update Rollup 2 for Windows XP Media Center Edition 2005
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766

Drop-Bear

Logfile of HijackThis v1.99.1
Scan saved at 9:42:15 AM, on 14/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Steve\Desktop\hijackthis_199\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.au.acer.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

Drop-Bear

I got rid of the "JS2E Runtime Enviroment", but the "consumer 1024x768" tells me it's on a cd rom or other removable disk, I've got a feeling that could be from my sons car pics off his memory stick.

Trogan

Hi Drop Bear,

C:\Documents and Settings\Steve\My Documents\Nero 7 Keygen from Paradox\Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\Nero 7.0.1.2 Ultra Edition with Keygen - English.zip/Nero 7 Keygen from Paradox/Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).
C:\Program Files\LimeWire\Nero 7.0.1.2 Ultra Edition with Keygen - English\Nero 7 Keygen from Paradox\Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).

Those look like cracks for Nero. We do not help those who have cracks on their PC, because 1) it is illegal and 2) cracks are always infected with nasty infections, like above. I'll make an exception in this case, however.

I got rid of the "JS2E Runtime Enviroment", but the "consumer 1024x768" tells me it's on a cd rom or other removable disk, I've got a feeling that could be from my sons car pics off his memory stick.

OK, that is fine.

I don't see any indication of a Firewall in your HijackThis log. This may be because:

(1.) You are using Windows Firewall or a hardware Firewall.
(2.) You are using a Firewall of an unknown vendor.
(3.) You are using a Firewall, but it is disabled for unknown reasons
(4.) You don't use any firewall at all.

In the case you don't have a Firewall, please download one from the list below - They are Free!

Comodo
Zone Alarm
Sunbelt Kerio PF
Outpost Firewall

Apart from that, the logs are clean.

How is the computer?

Drop-Bear

Trogan wrote:

Hi Drop Bear,


Those look like cracks for Nero. We do not help those who have cracks on their PC, because 1) it is illegal and 2) cracks are always infected with nasty infections, like above. I'll make an exception in this case, however.

Understood. Thankyou for the exception and I really do appreciate your time. No more cracks, I promise.

I don't see any indication of a Firewall in your HijackThis log. This may be because:

(1.) You are using Windows Firewall or a hardware Firewall.
(2.) You are using a Firewall of an unknown vendor.
(3.) You are using a Firewall, but it is disabled for unknown reasons
(4.) You don't use any firewall at all.

I have windows firewall but for whatever reason during this whole business it wouldn't turn on....

In the case you don't have a Firewall, please download one from the list below - They are Free!

Comodo
Zone Alarm
Sunbelt Kerio PF
Outpost Firewall

Apart from that, the logs are clean.

How is the computer?

Cheers for the links, these are more than likely better than Windows firewall so I will grab one.

Computer is excellent, seriously mate, thankyou for your time, and all your patience, and especially your help.

A lesser bloke would have left me for dead, thanks again.

Trogan

You're welcome!

I recommend the Comodo Firewall. Disable Windows Firewall, if you download a software one.

I'll close this thread now. Stick around the forums!

=====

Here are some tips for a clean and scure computer.

For XP users.
It's a good idea to Flush your System Restore points after ridding yourself of malware. You can clean this by doing the following:

• Click Start | Help and Support | Undo changes to your computer with System Restore.
• Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
• Close the Help and Support Center box.
• Click Start | Run and type Cleanmgr
• Select (C: ) then click OK.
• Click the More Options tab.
• Click Clean Up in the System Restore Section.

This will remove all previous restore points except the newly created one.

Make your Internet Explorer more secure

1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click on the Security tab
3. Click the Internet icon so it becomes highlighted.
4. Click on Default Level and click OK
5. Click on the Custom Level button.
   • Change the Download signed ActiveX controls to Prompt
   • Change the Download unsigned ActiveX controls to Disable
   • Change the Initialise and script ActiveX controls not marked as safe to Disable
   • Change the Installation of desktop items to Prompt
   • Change the Launching programs and files in an IFRAME to Prompt
   • Change the Navigate sub-frames across different domains to Prompt
   • Internet Explorer 7 users: Check all other items and make sure that they meet the (recommended) setting when applies.
   • When all these settings have been made, click on the OK button.
   • If it prompts you as to whether or not you want to save the
   settings, press the Yes button.
6. Next press the Apply button and then the OK to exit the Internet Properties page.

Keep your Sun Java up to date

The most current version of Sun Java is: Java Runtime Environment Version 6.0
http://java.sun.com/javase/downloads/index.jsp

• Scroll down to where it says Java Runtime Environment (JRE) 6.
• Click the Download button to the right.
• Check the box that says: Accept License Agreement.
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

And in the future, remember to remove older versions of Java when you update to a newer version to avoid exploitation of older versions left on your system.

Free programs that may help you in keeping the PC clean

• SpywareBlaster
  SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  You can download SpywareBlaster here
  A tutorial can be found here
• SpywareGuard
  It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method. An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware. And you can easily have an anti-virus program running alongside SpywareGuard. It also features Download Protection and Browser Hijacking Protection.
  You can download SpywareGuard here
  A tutorial can be found here
• IE-SPYAD
  IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It basically prevents any downloads, cookies, scripts from the sites listed, although you will still be able to connect to the sites.
  You can download IE-SPYAD here
  A tutorial can be found here
• Hosts File
  A Hosts file replaces your current HOSTS file with one containing well known ad, spyware sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
  A tutorial can be found here
  • MVPS Hosts File
    You can download the MVPS Hosts File here
    Furthermore the website contains useful tips and links to other resources and utilities.
  • Bluetack's Hosts File and Hosts Manager
    Essentially based on the research made by Webhelper, Andrew Clover and Eric L. Howes, it contains most if not all the known spyware sites...sites responsible for hijacks, rogue apllications etc...
    Download Bluetack's Hosts file here
    Download Bluetack's HostsManager here

Free Spyware Detection and Removal Programs

• Ad-Aware
  It scans for known spyware on your computer. These scans should be run at least once every two weeks.
  You can download Ad-Aware here
  A tutorial can be found here
• Spybot - Search & Destroy
  It scans for spyware and other malicious programs. Spybot has preventitive tools that stop programs from even installing on your computer.
  You can download Spybot - S&D here
  A tutorial can be found here

Before adding any other Spyware Detection and Removal programs always check the Rogue Anti-Spyware List for programs known to be misleading, mistaken, or just outright Foistware.
You will find the list here

WinPatrol

WinPatrol uses a heuristic approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You'll be removing dangerous new programs while others download new reference files.

• Detect & Neutralize Spyware.
• Detect & Neutralize ADware.
• Detect & Neutralize Viral infections.
• Detect & Neutralize Unwanted IE Add-Ons.
• Detect & Restore File Type Changes.
• Automatically Filter Unwanted Cookies.
• Avoid Start Page Hijacking.
• Detect changes to HOSTS & critical system files.
• Kill Multiple Tasks that replicate each other, in a single step!
• Stop programs that repeatedly add themselves to your Startup List!

Starting with WinPatrol 9.5 PLUS users also get the addition of Real-time Infiltration Detection so they'll know immediately when changes are made to critical system areas. WinPatrol Free is not demo or trial software. You're welcome to use it as long as you like.
You can download WinPatrol here
WinPatrol FAQ

SiteHound by Firetrust

Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer. (Users of Firefox - a version for you is coming soon.) SiteHound's comprehensive database gathers the knowledge from other users and respected experts from the online security community to tell you which sites are real and which are bogus.

SiteHound will alert you when you enter a site which is known to contain:

• Fraudulent claims or scams
• Offensive material
• Security vulnerabilities
• Spyware or Adware
• Spam related material
• or other content deemed to be unsafe

Specifically, SiteHound blocks these categories:

• Adult • Spyware • Spam Advertising • Phishing • Possible scam or fraud • Misleading or False Advertising
• Pharming • Rogue or Suspect Product • Adware • Malware or Virus

System Requirements:
Internet Explorer 5.5+ and Windows 95/98/NT 4/ME/2000/XP

Product Info & Download: SiteHound Toolbar

Use an AntiVirus Software

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See the link below for a listing of some online & their stand-alone antivirus programs.
Computer Safety On line - Anti-Virus
http://forum.malwareremoval.com/viewtopic.php?p=53#53

Update your Anti Virus Software

It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall

I can not stress enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below.
Computer Safety On line - Software Firewalls
http://forum.malwareremoval.com/viewtopic.php?p=56#56
A tutorial on Understanding and Using Firewalls can be found here

Happy Surfing!