vundo pop up

mk2cosworth

Like many before I am plaqued with pop ups, My pc is running slow and indeed crashing any help would be much apreciated. here is my hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 18:30:20, on 25/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\vmpro\toolbar.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\STOPzilla!\SZOptions.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\murdo\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reie] "C:\WINDOWS\system32\MCROSO~1.NET\msconfig.exe" -vt yazb
O4 - HKCU\..\Run: [Afel] "C:\Program Files\?ymantec\?pool32.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Startup: VinylMaster Pro Toolbar.lnk = ?
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201081352296
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF5592DE-8E44-4887-AC67-2D51733BB04E}: NameServer = 195.92.195.94 195.92.195.95
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Veka

Hi mk2cosworth.

A new version of HijackThis is available.

• Please download HJTInstall to your Desktop
• Doubleclick HJTInstall.exe to install it
• By default it will install to C:\Program Files\Trend Micro\HijackThis
• Click on Install
• It will create a HijackThis icon on the desktop
• Once installed, it will launch Hijackthis
• Close the tool, we don't use it yet

Note: Remove the old version located in your Desktop

Please open the HijackThis Folder (C:\Program Files\Trend Micro\HijackThis)
Find the file HijackThis.exe, Right Click on the file and Select Rename. Rename Hijackthis.exe to mk2cosworth.exe

Now Double click mk2cosworth.exe, and make a new log and post it to me.

Waiting your reply.

mk2cosworth

Thank you for your ply here is my new log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:06:16, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\vmpro\toolbar.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reie] "C:\WINDOWS\system32\MCROSO~1.NET\msconfig.exe" -vt yazb
O4 - HKCU\..\Run: [Afel] "C:\Program Files\?ymantec\?pool32.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VinylMaster Pro Toolbar.lnk = ?
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201081352296
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF5592DE-8E44-4887-AC67-2D51733BB04E}: NameServer = 195.92.195.94 195.92.195.95
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 6989 bytes

Veka

Thank you. I still need you to rename HijackThis and post a fresh log (Very important!)

To do that follow this instruction:

• Click My Computer, double click the C Drive
• Double click the folder Program Files
• Double click the folder Trend Micro
• Double click the folder HijackThis
• Locate the file HijackThis.exe
• Right click the icon and select Rename
• Rename it to mk2cosworth.exe
• Exit all other windows and open mk2cosworth.exe
• Run a fresh log and post it back here

Waiting your reply.

mk2cosworth

Thank you think I have renamed now. New log as follows

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:53:08, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\vmpro\toolbar.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\mk2cosorth.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {1BF607B0-EA41-4442-9BEB-60E1EF8CB875} - C:\WINDOWS\system32\vtuts.dll
O2 - BHO: (no name) - {25BE2418-6C95-418F-BE03-0D9B9354A167} - C:\WINDOWS\system32\urqppom.dll
O2 - BHO: (no name) - {730044CF-08C8-4274-BAB3-8DE5066EAA4F} - (no file)
O2 - BHO: (no name) - {74D2F8A8-5FA3-41E8-AA28-C36BFAAA3072} - (no file)
O2 - BHO: (no name) - {76864F06-4E8E-43E7-8BDF-2973467EA3EB} - (no file)
O2 - BHO: {8933b37a-23e9-f3a8-fc74-b147c60e66c9} - {9c66e06c-741b-47cf-8a3f-9e32a73b3398} - C:\WINDOWS\system32\hnqlpgmb.dll
O2 - BHO: (no name) - {A8E303AE-8B11-47C7-94A1-E3F078ABA167} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {C21574E2-94EA-4BBF-9454-04233328EF69} - (no file)
O2 - BHO: (no name) - {CCAEA342-447E-4166-BDD4-62C0F824E293} - (no file)
O2 - BHO: (no name) - {DDBF540D-B72E-4D73-BC9F-C153E611538C} - (no file)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reie] "C:\WINDOWS\system32\MCROSO~1.NET\msconfig.exe" -vt yazb
O4 - HKCU\..\Run: [Afel] "C:\Program Files\?ymantec\?pool32.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VinylMaster Pro Toolbar.lnk = ?
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201081352296
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF5592DE-8E44-4887-AC67-2D51733BB04E}: NameServer = 195.92.195.95 195.92.195.94
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: urqppom - C:\WINDOWS\SYSTEM32\urqppom.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 8621 bytes

Veka

Very good. Now please download ComboFix from Here or Here to your Desktop.

Note: It is important that it is saved directly to your Desktop

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled.

• Close any open browsers.
• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

mk2cosworth

thank you here are the results of combo fix and latest hijack log

ComboFix 08-02-25.3 - murdo 2008-02-26 14:32:04.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.73 [GMT 0:00]
Running from: C:\Documents and Settings\murdo\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\eahjbgsr.dll
C:\WINDOWS\system32\eftvleru.ini
C:\WINDOWS\system32\hnqlpgmb.dll
C:\WINDOWS\system32\iwygxfko.dll
C:\WINDOWS\system32\jbbtntex.dll
C:\WINDOWS\system32\kohqnnnr.ini
C:\WINDOWS\system32\kptcjuwn.dll
C:\WINDOWS\system32\nbfxbuot.ini
C:\WINDOWS\system32\nsltbgjf.ini
C:\WINDOWS\system32\nutqbaio.ini
C:\WINDOWS\system32\nwujctpk.ini
C:\WINDOWS\system32\oiabqtun.dll
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.ini2
C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.ini2
C:\WINDOWS\system32\rjqjsefu.dll
C:\WINDOWS\system32\rsgbjhae.ini
C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\tpykfhpk.ini
C:\WINDOWS\system32\urqppom.dll
C:\WINDOWS\system32\vtuts.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.
2008-02-26 13:27 . 2008-02-26 13:27 <DIR> d

---

C:\ConvertTemp
2008-02-26 12:45 . 2008-02-26 12:45 <DIR> d

---

C:\Program Files\STOPzilla!
2008-02-26 09:58 . 2008-02-26 09:58 <DIR> d

---

C:\Documents and Settings\murdo\Application Data\Samsung
2008-02-26 09:51 . 2006-05-03 22:53 174,592 --a

---

C:\WINDOWS\system32\framedyn.dll
2008-02-26 09:49 . 2008-02-26 09:50 <DIR> d

---

C:\WINDOWS\system32\Samsung_USB_Drivers
2008-02-26 09:49 . 2008-02-26 09:49 <DIR> d

---

C:\Program Files\Samsung
2008-02-26 09:49 . 2005-08-30 17:59 94,000 --a

---

C:\WINDOWS\system32\drivers\ss_mdm.sys
2008-02-26 09:49 . 2005-08-30 17:57 58,320 --a

---

C:\WINDOWS\system32\drivers\ss_bus.sys
2008-02-26 09:49 . 2005-08-30 17:58 8,304 --a

---

C:\WINDOWS\system32\drivers\ss_mdfl.sys
2008-02-26 09:49 . 2005-08-30 17:58 6,144 --a

---

C:\WINDOWS\system32\drivers\ss_cmnt.sys
2008-02-26 09:49 . 2005-08-30 17:58 6,144 --a

---

C:\WINDOWS\system32\drivers\ss_cm.sys
2008-02-26 09:49 . 2005-08-30 17:57 5,808 --a

---

C:\WINDOWS\system32\drivers\ss_whnt.sys
2008-02-26 09:49 . 2005-08-30 17:57 5,808 --a

---

C:\WINDOWS\system32\drivers\ss_wh.sys
2008-02-26 09:49 . 2006-07-24 16:05 5,632 --a

---

C:\WINDOWS\system32\drivers\StarOpen.sys
2008-02-26 09:49 . 2005-08-28 20:51 766 --a

---

C:\WINDOWS\system32\Uninstall.ico
2008-02-26 09:28 . 2008-02-26 09:28 <DIR> d

---

C:\Program Files\Avanquest update
2008-02-26 09:28 . 2008-02-26 09:28 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-02-26 09:27 . 2008-02-26 09:27 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-02-26 09:27 . 2007-06-25 09:43 108,456 --a

---

C:\WINDOWS\system32\drivers\s117mdm.sys
2008-02-26 09:27 . 2007-06-25 09:43 14,888 --a

---

C:\WINDOWS\system32\drivers\s117mdfl.sys
2008-02-26 09:25 . 2007-06-25 09:43 22,952 -ra

---

C:\WINDOWS\system32\drivers\s117nd5.sys
2008-02-26 09:24 . 2007-06-25 09:43 100,264 -ra

---

C:\WINDOWS\system32\drivers\s117mgmt.sys
2008-02-26 09:24 . 2007-06-25 09:43 98,856 -ra

---

C:\WINDOWS\system32\drivers\s117unic.sys
2008-02-26 09:24 . 2007-06-25 09:43 10,792 -ra

---

C:\WINDOWS\system32\drivers\s117cr.sys
2008-02-26 09:23 . 2007-06-25 09:43 98,344 -ra

---

C:\WINDOWS\system32\drivers\s117obex.sys
2008-02-26 09:23 . 2007-06-25 09:43 12,200 --a

---

C:\WINDOWS\system32\drivers\s117cmnt.sys
2008-02-26 09:23 . 2007-06-25 09:43 12,200 --a

---

C:\WINDOWS\system32\drivers\s117cm.sys
2008-02-26 08:50 . 2008-02-26 08:50 <DIR> d

---

C:\Documents and Settings\murdo\Application Data\Teleca
2008-02-26 08:46 . 2008-02-26 09:27 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-26 08:45 . 2008-02-26 09:27 <DIR> d

---

C:\Program Files\Sony Ericsson
2008-02-26 07:56 . 2008-02-26 07:56 <DIR> d

---

C:\Program Files\Trend Micro
2008-02-22 10:50 . 2008-02-26 08:11 14 --a

---

C:\Documents and Settings\murdo\getfile.dat
2008-02-22 10:14 . 2008-02-22 10:14 <DIR> d

---

C:\Program Files\Softwin
2008-02-22 10:12 . 2008-02-22 10:14 <DIR> d

---

C:\Program Files\Common Files\Softwin
2008-02-22 09:52 . 2008-02-26 14:42 1,017,888 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-22 09:52 . 2008-02-26 14:40 12,956 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-22 09:50 . 2008-02-22 09:50 <DIR> d

---

C:\Program Files\ZoneAlarmSB
2008-02-22 09:33 . 2008-02-22 09:33 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-22 09:33 . 2008-02-22 09:50 4,212 ---h

---

C:\WINDOWS\system32\zllictbl.dat
2008-02-22 09:32 . 2007-11-14 16:05 1,086,952 --a

---

C:\WINDOWS\system32\zpeng24.dll
2008-02-22 09:32 . 2007-11-14 16:05 75,248 --a

---

C:\WINDOWS\zllsputility.exe
2008-02-22 09:31 . 2008-02-22 09:33 <DIR> d

---

C:\WINDOWS\system32\ZoneLabs
2008-02-22 09:31 . 2008-02-26 14:19 <DIR> d

---

C:\WINDOWS\Internet Logs
2008-02-22 09:31 . 2008-02-22 09:31 <DIR> d

---

C:\Program Files\Zone Labs
2008-02-22 09:31 . 2008-02-26 14:41 353,366 --a

---

C:\WINDOWS\system32\vsconfig.xml
2008-02-22 09:25 . 2008-02-22 09:25 <DIR> d

---

C:\Program Files\SpywareBlaster
2008-02-22 08:55 . 2008-02-22 08:55 24,576 --a

---

C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-22 08:37 . 2008-02-25 17:25 <DIR> d

---

C:\VundoFix Backups
2008-02-22 08:33 . 2008-02-22 08:33 106 --a

---

C:\delete.bat
2008-02-21 08:44 . 2008-02-21 08:44 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-21 08:43 . 2008-02-21 08:43 <DIR> d

---

C:\WINDOWS\system32\Kaspersky Lab
2008-02-20 16:48 . 2008-02-20 16:48 <DIR> d

---

C:\Program Files\Malware Removal Tool
2008-02-19 08:51 . 2008-02-26 13:30 69 --a

---

C:\WINDOWS\NeroDigital.ini
2008-02-19 08:46 . 2008-02-19 08:46 <DIR> d

---

C:\Documents and Settings\murdo\Application Data\Nero
2008-02-19 08:28 . 2008-02-19 08:28 <DIR> d

---

C:\Program Files\Nero
2008-02-19 08:28 . 2008-02-19 08:35 <DIR> d

---

C:\Program Files\Common Files\Nero
2008-02-19 08:28 . 2008-02-19 08:29 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Nero
2008-02-18 08:47 . 2008-02-19 09:44 <DIR> d

---

C:\Program Files\IrfanView
2008-02-18 08:44 . 2008-02-18 08:44 <DIR> d

---

C:\Program Files\WMV9_VCM
2008-02-15 09:40 . 2008-02-15 09:40 <DIR> d

---

C:\Program Files\Azureus
2008-02-06 13:00 . 2004-08-03 23:10 38,016 --a

---

C:\WINDOWS\system32\drivers\bthmodem.sys
2008-02-06 13:00 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-02-06 13:00 . 2004-08-03 23:10 25,600 --a

---

C:\WINDOWS\system32\drivers\hidbth.sys
2008-02-06 13:00 . 2004-08-03 23:10 25,600 --a--c--- C:\WINDOWS\system32\dllcache\hidbth.sys
2008-02-01 14:36 . 2008-02-01 14:36 229,376 -ra

---

C:\WINDOWS\system32\SZBase5.dll
2008-01-31 12:16 . 2008-01-31 12:16 34,944 -ra

---

C:\WINDOWS\system32\drivers\SZKG.sys
2008-01-30 17:53 . 2008-01-30 17:53 126,976 -ra

---

C:\WINDOWS\system32\IS3HTUI5.dll
2008-01-30 17:52 . 2008-01-30 17:52 372,736 -ra

---

C:\WINDOWS\system32\IS3UI5.dll
2008-01-30 17:52 . 2008-01-30 17:52 364,544 -ra

---

C:\WINDOWS\system32\IS3DBA5.dll
2008-01-30 17:52 . 2008-01-30 17:52 61,440 -ra

---

C:\WINDOWS\system32\IS3Hks5.dll
2008-01-30 17:51 . 2008-01-30 17:51 192,512 -ra

---

C:\WINDOWS\system32\IS3Win325.dll
2008-01-30 17:51 . 2008-01-30 17:51 23,040 -ra

---

C:\WINDOWS\system32\IS3XDat5.dll
2008-01-30 17:50 . 2008-01-30 17:50 94,208 -ra

---

C:\WINDOWS\system32\IS3Inet5.dll
2008-01-30 17:50 . 2008-01-30 17:50 90,112 -ra

---

C:\WINDOWS\system32\IS3Svc5.dll
2008-01-30 17:47 . 2008-01-30 17:47 704,512 -ra

---

C:\WINDOWS\system32\IS3Base5.dll
2008-01-30 17:47 . 2008-01-30 17:47 207 --a

---

C:\WINDOWS\SpeedCalc.INI
2008-01-30 17:27 . 2008-01-30 17:27 <DIR> d

---

C:\Quaife
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 14:41

---

d

---

w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-26 14:09

---

d

---

w C:\Documents and Settings\All Users\Application Data\SITEguard
2008-02-26 09:49

---

d--h--w C:\Program Files\InstallShield Installation Information
2008-02-25 15:25 1,346,560 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-25 13:31

---

d

---

w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-19 09:42

---

d

---

w C:\Program Files\Microsoft.NET
2008-02-19 09:38

---

d

---

w C:\Program Files\Microsoft Small Business
2008-02-19 09:27

---

d

---

w C:\Program Files\Common Files\Adobe
2008-02-18 19:04

---

d

---

w C:\Documents and Settings\murdo\Application Data\Azureus
2008-02-18 18:54

---

d

---

w C:\Program Files\Common Files\Ahead
2008-02-13 03:01

---

d

---

w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-05 14:08

---

d

---

w C:\Program Files\Dot1XCfg
2008-01-25 03:03

---

d

---

w C:\Program Files\Microsoft SQL Server
2008-01-25 03:00

---

d

---

w C:\Program Files\MSXML 6.0
2008-01-18 16:38

---

d

---

w C:\Program Files\Belkin Office Keyboard
2008-01-18 16:31

---

d

---

w C:\Program Files\MagicRotation
2008-01-18 16:29

---

d

---

w C:\Program Files\Common Files\iS3
2008-01-17 15:11

---

d

---

w C:\Program Files\Enigma Software Group
2008-01-17 14:14

---

d

---

w C:\Program Files\Google
2008-01-17 13:57

---

d

---

w C:\Documents and Settings\murdo\Application Data\.BitTornado
2008-01-17 13:29

---

d

---

w C:\Program Files\Microsoft Works
2008-01-17 12:49

---

d

---

w C:\Program Files\OpenOffice.org 2.0
2008-01-17 12:20

---

d

---

w C:\Documents and Settings\murdo\Application Data\InstallShield
2008-01-17 11:55

---

d

---

w C:\Documents and Settings\murdo\Application Data\OpenOffice.org2
2008-01-17 10:04

---

d

---

w C:\Documents and Settings\murdo\Application Data\Ahead
2008-01-17 09:47

---

d

---

w C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-17 09:23

---

d

---

w C:\Program Files\HBXL
2008-01-16 19:34

---

d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-01-16 19:16

---

d

---

w C:\Program Files\Common Files\LightScribe
2008-01-16 19:11

---

d

---

w C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-16 19:03 62,592 ----a-w C:\WINDOWS\system32\drivers\moufiltr.sys
2008-01-16 17:48

---

d

---

w C:\Program Files\Common Files\InstallShield
2008-01-16 17:45

---

d

---

w C:\Program Files\C-Media
2008-01-16 17:16

---

d

---

w C:\Program Files\SpeedTouch
2008-01-16 17:15

---

d

---

w C:\Program Files\Wanadoo
2008-01-16 17:15

---

d

---

w C:\Program Files\Thomson
2008-01-16 17:12

---

d

---

w C:\Program Files\SEC
2008-01-16 16:59

---

d

---

w C:\Program Files\microsoft frontpage
2007-12-13 19:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-04 09:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2005-11-21 03:25 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2005-07-29 16:24 472 --sha-r C:\WINDOWS\bWU\vqo.vbs
.

<pre>
----a-w           385,024 2008-01-18 16:37:14  C:\Program Files\Belkin Office Keyboard\kbdap32a .exe
----a-w           958,464 2008-01-18 09:16:38  C:\Program Files\Belkin Office Keyboard\moffice .exe
----a-w           847,872 2008-01-17 15:17:45  C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
----a-w         1,836,544 2008-01-18 09:16:46  C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
----a-w            68,856 2008-01-18 09:19:43  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w         1,089,536 2008-01-18 09:16:39  C:\Program Files\MagicRotation\MagicPvt .exe
----a-w         1,694,208 2008-01-18 19:08:40  C:\Program Files\Messenger\msmsgs .exe
----a-w           118,784 2008-01-18 09:16:43  C:\Program Files\SpeedTouch\Dr SpeedTouch\drst .exe
----a-w           866,816 2008-01-18 16:37:12  C:\Program Files\Thomson\SpeedTouch USB\Dragdiag .exe
----a-w            15,360 2008-01-19 10:20:06  C:\WINDOWS\system32\ctfmon .exe
----a-w           155,648 2008-01-18 09:16:37  C:\WINDOWS\system32\NeroCheck .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-22 09:50 262144 --a

---

C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8B68564D-53FD-4293-B80C-993A9F3988EE}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{98828DED-A591-462F-83BA-D2F62A68B8B8}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-02-22 09:50 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56 15360]
"Reie"="C:\WINDOWS\system32\MCROSO~1.NET\msconfig.exe" [ ]
"Afel"="C:\Program Files\?ymantec\?pool32.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-08-02 15:55 348160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2005-11-21 03:25 1581056 C:\WINDOWS\mixer.exe]
"MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe" [2005-06-20 12:10 421888]
"BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 12:19 8192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:56 15360]
C:\Documents and Settings\murdo\Start Menu\Programs\Startup\
VinylMaster Pro Toolbar.lnk - C:\Documents and Settings\murdo\Application Data\Microsoft\Installer\{BA9030CF-606B-42F6-ACD5-BB95219EED68}\toolbar.exe [2008-01-17 12:53:46 496128]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Color Calibration.lnk - C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe [2008-01-16 17:49:03 36864]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-17 14:12:39 124400]
MagicTune3.5.lnk - C:\Program Files\SEC\MagicTune3.5_Client\MagicTuneTray.exe [2008-01-16 17:49:06 45056]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2008-01-16 17:12:01 155715]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Azureus\\Azureus.exe"=
R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-01-31 12:16]
R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys [2005-04-22 19:35]
R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2008-01-16 19:03]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 14:42:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

---

Other Running Processes

---

.
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\vmpro\toolbar.exe
C:\WINDOWS\system32\ntvdm.exe
.
**************************************************************************
.
Completion time: 2008-02-26 14:44:33 - machine was rebooted [murdo]
ComboFix-quarantined-files.txt 2008-02-26 14:44:29
.
2008-02-20 03:01:12 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:44, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\vmpro\toolbar.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\mk2cosorth.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reie] "C:\WINDOWS\system32\MCROSO~1.NET\msconfig.exe" -vt yazb
O4 - HKCU\..\Run: [Afel] "C:\Program Files\?ymantec\?pool32.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VinylMaster Pro Toolbar.lnk = ?
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201081352296
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF5592DE-8E44-4887-AC67-2D51733BB04E}: NameServer = 195.92.195.95 195.92.195.94
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 7922 bytes

Veka

Step 1:

Please open this file in Notepad and [SIZE=-1]copy & paste its contents to me in a reply[/SIZE]

C:\delete.bat

Step 2:

• Go to VirusTotal
• Copy and paste the following file path into the Search Box in the middle of the page:
  
  C:\vmpro\toolbar.exe
  
  
• Now, click on the Send File button
• Save a copy of the Anti-Virus results. Post the results in your next reply.

Step 3:

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

RenV::
C:\Program Files\Belkin Office Keyboard\kbdap32a .exe
C:\Program Files\Belkin Office Keyboard\moffice .exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\MagicRotation\MagicPvt .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst .exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\NeroCheck .exe

Folder::
C:\Program Files\Dot1XCfg
C:\WINDOWS\bWU

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reie"=-
"Afel"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

mk2cosworth

I could not carry out step 1 as unsure how to open file you asked for

Here are the results of steps 2 and 3

ComboFix 08-02-25.3 - murdo 2008-02-28 8:29:24.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.139 [GMT 0:00]
Running from: C:\Documents and Settings\murdo\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\murdo\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Dot1XCfg
C:\WINDOWS\bWU
C:\WINDOWS\bWU\vqo.vbs
.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.
2008-02-27 03:00 . 2008-02-27 03:00 <DIR> d

---

C:\Program Files\MSXML 4.0
2008-02-26 17:28 . 2008-02-26 17:50 <DIR> d

---

C:\Program Files\Ahead
2008-02-26 17:11 . 2008-02-26 17:11 0 --a

---

C:\WINDOWS\Irremote.ini
2008-02-26 12:45 . 2008-02-26 12:45 <DIR> d

---

C:\Program Files\STOPzilla!
2008-02-26 09:58 . 2008-02-26 09:58 <DIR> d

---

C:\Documents and Settings\murdo\Application Data\Samsung
2008-02-26 09:51 . 2006-05-03 22:53 174,592 --a

---

C:\WINDOWS\system32\framedyn.dll
2008-02-26 09:49 . 2008-02-26 09:50 <DIR> d

---

C:\WINDOWS\system32\Samsung_USB_Drivers
2008-02-26 09:49 . 2008-02-26 09:49 <DIR> d

---

C:\Program Files\Samsung
2008-02-26 09:49 . 2006-07-24 16:05 5,632 --a

---

C:\WINDOWS\system32\drivers\StarOpen.sys
2008-02-26 09:49 . 2005-08-28 20:51 766 --a

---

C:\WINDOWS\system32\Uninstall.ico
2008-02-26 09:27 . 2007-06-25 09:43 108,456 --a

---

C:\WINDOWS\system32\drivers\s117mdm.sys
2008-02-26 09:27 . 2007-06-25 09:43 14,888 --a

---

C:\WINDOWS\system32\drivers\s117mdfl.sys
2008-02-26 09:25 . 2007-06-25 09:43 22,952 -ra

---

C:\WINDOWS\system32\drivers\s117nd5.sys
2008-02-26 09:24 . 2007-06-25 09:43 100,264 -ra

---

C:\WINDOWS\system32\drivers\s117mgmt.sys
2008-02-26 09:24 . 2007-06-25 09:43 98,856 -ra

---

C:\WINDOWS\system32\drivers\s117unic.sys
2008-02-26 09:24 . 2007-06-25 09:43 10,792 -ra

---

C:\WINDOWS\system32\drivers\s117cr.sys
2008-02-26 09:23 . 2007-06-25 09:43 98,344 -ra

---

C:\WINDOWS\system32\drivers\s117obex.sys
2008-02-26 09:23 . 2007-06-25 09:43 12,200 --a

---

C:\WINDOWS\system32\drivers\s117cmnt.sys
2008-02-26 09:23 . 2007-06-25 09:43 12,200 --a

---

C:\WINDOWS\system32\drivers\s117cm.sys
2008-02-26 08:50 . 2008-02-26 08:50 <DIR> d

---

C:\Documents and Settings\murdo\Application Data\Teleca
2008-02-26 08:46 . 2008-02-26 17:08 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-26 07:56 . 2008-02-26 07:56 <DIR> d

---

C:\Program Files\Trend Micro
2008-02-22 10:50 . 2008-02-26 16:11 14 --a

---

C:\Documents and Settings\murdo\getfile.dat
2008-02-22 10:14 . 2008-02-22 10:14 <DIR> d

---

C:\Program Files\Softwin
2008-02-22 10:12 . 2008-02-26 17:03 <DIR> d

---

C:\Program Files\Common Files\Softwin
2008-02-22 09:52 . 2008-02-28 08:33 1,409,056 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-22 09:52 . 2008-02-28 08:32 17,564 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-22 09:50 . 2008-02-22 09:50 <DIR> d

---

C:\Program Files\ZoneAlarmSB
2008-02-22 09:33 . 2008-02-22 09:33 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-22 09:33 . 2008-02-22 09:50 4,212 ---h

---

C:\WINDOWS\system32\zllictbl.dat
2008-02-22 09:32 . 2007-11-14 16:05 1,086,952 --a

---

C:\WINDOWS\system32\zpeng24.dll
2008-02-22 09:32 . 2007-11-14 16:05 75,248 --a

---

C:\WINDOWS\zllsputility.exe
2008-02-22 09:31 . 2008-02-22 09:33 <DIR> d

---

C:\WINDOWS\system32\ZoneLabs
2008-02-22 09:31 . 2008-02-28 08:23 <DIR> d

---

C:\WINDOWS\Internet Logs
2008-02-22 09:31 . 2008-02-22 09:31 <DIR> d

---

C:\Program Files\Zone Labs
2008-02-22 09:31 . 2008-02-28 08:33 353,366 --a

---

C:\WINDOWS\system32\vsconfig.xml
2008-02-22 08:55 . 2008-02-22 08:55 24,576 --a

---

C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-22 08:37 . 2008-02-25 17:25 <DIR> d

---

C:\VundoFix Backups
2008-02-22 08:33 . 2008-02-22 08:33 106 --a

---

C:\delete.bat
2008-02-21 08:44 . 2008-02-21 08:44 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-21 08:43 . 2008-02-21 08:43 <DIR> d

---

C:\WINDOWS\system32\Kaspersky Lab
2008-02-19 08:51 . 2008-02-27 09:13 69 --a

---

C:\WINDOWS\NeroDigital.ini
2008-02-19 08:46 . 2008-02-19 08:46 <DIR> d

---

C:\Documents and Settings\murdo\Application Data\Nero
2008-02-19 08:28 . 2008-02-19 08:28 <DIR> d

---

C:\Program Files\Nero
2008-02-19 08:28 . 2008-02-26 17:59 <DIR> d

---

C:\Program Files\Common Files\Nero
2008-02-19 08:28 . 2008-02-26 17:57 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Nero
2008-02-18 08:44 . 2008-02-18 08:44 <DIR> d

---

C:\Program Files\WMV9_VCM
2008-02-15 09:40 . 2008-02-15 09:40 <DIR> d

---

C:\Program Files\Azureus
2008-02-06 13:00 . 2004-08-03 23:10 38,016 --a

---

C:\WINDOWS\system32\drivers\bthmodem.sys
2008-02-06 13:00 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-02-06 13:00 . 2004-08-03 23:10 25,600 --a

---

C:\WINDOWS\system32\drivers\hidbth.sys
2008-02-06 13:00 . 2004-08-03 23:10 25,600 --a--c--- C:\WINDOWS\system32\dllcache\hidbth.sys
2008-02-01 14:36 . 2008-02-01 14:36 229,376 -ra

---

C:\WINDOWS\system32\SZBase5.dll
2008-01-31 12:16 . 2008-01-31 12:16 34,944 -ra

---

C:\WINDOWS\system32\drivers\SZKG.sys
2008-01-30 17:53 . 2008-01-30 17:53 126,976 -ra

---

C:\WINDOWS\system32\IS3HTUI5.dll
2008-01-30 17:52 . 2008-01-30 17:52 372,736 -ra

---

C:\WINDOWS\system32\IS3UI5.dll
2008-01-30 17:52 . 2008-01-30 17:52 364,544 -ra

---

C:\WINDOWS\system32\IS3DBA5.dll
2008-01-30 17:52 . 2008-01-30 17:52 61,440 -ra

---

C:\WINDOWS\system32\IS3Hks5.dll
2008-01-30 17:51 . 2008-01-30 17:51 192,512 -ra

---

C:\WINDOWS\system32\IS3Win325.dll
2008-01-30 17:51 . 2008-01-30 17:51 23,040 -ra

---

C:\WINDOWS\system32\IS3XDat5.dll
2008-01-30 17:50 . 2008-01-30 17:50 94,208 -ra

---

C:\WINDOWS\system32\IS3Inet5.dll
2008-01-30 17:50 . 2008-01-30 17:50 90,112 -ra

---

C:\WINDOWS\system32\IS3Svc5.dll
2008-01-30 17:47 . 2008-01-30 17:47 704,512 -ra

---

C:\WINDOWS\system32\IS3Base5.dll
2008-01-30 17:47 . 2008-01-30 17:47 207 --a

---

C:\WINDOWS\SpeedCalc.INI
2008-01-30 17:27 . 2008-01-30 17:27 <DIR> d

---

C:\Quaife
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 08:33

---

d

---

w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-28 08:29

---

d

---

w C:\Program Files\MagicRotation
2008-02-28 08:29

---

d

---

w C:\Program Files\Belkin Office Keyboard
2008-02-28 06:39

---

d

---

w C:\Documents and Settings\All Users\Application Data\SITEguard
2008-02-27 15:50

---

d

---

w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-26 17:08

---

d--h--w C:\Program Files\InstallShield Installation Information
2008-02-25 15:25 1,346,560 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-19 09:42

---

d

---

w C:\Program Files\Microsoft.NET
2008-02-19 09:38

---

d

---

w C:\Program Files\Microsoft Small Business
2008-02-19 09:27

---

d

---

w C:\Program Files\Common Files\Adobe
2008-02-18 19:04

---

d

---

w C:\Documents and Settings\murdo\Application Data\Azureus
2008-02-18 18:54

---

d

---

w C:\Program Files\Common Files\Ahead
2008-02-13 03:01

---

d

---

w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-25 03:03

---

d

---

w C:\Program Files\Microsoft SQL Server
2008-01-25 03:00

---

d

---

w C:\Program Files\MSXML 6.0
2008-01-18 16:29

---

d

---

w C:\Program Files\Common Files\iS3
2008-01-18 09:16 155,648 ----a-w C:\WINDOWS\system32\NeroCheck.exe
2008-01-17 14:14

---

d

---

w C:\Program Files\Google
2008-01-17 13:57

---

d

---

w C:\Documents and Settings\murdo\Application Data\.BitTornado
2008-01-17 13:29

---

d

---

w C:\Program Files\Microsoft Works
2008-01-17 12:49

---

d

---

w C:\Program Files\OpenOffice.org 2.0
2008-01-17 12:20

---

d

---

w C:\Documents and Settings\murdo\Application Data\InstallShield
2008-01-17 11:55

---

d

---

w C:\Documents and Settings\murdo\Application Data\OpenOffice.org2
2008-01-17 10:04

---

d

---

w C:\Documents and Settings\murdo\Application Data\Ahead
2008-01-17 09:47

---

d

---

w C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-17 09:23

---

d

---

w C:\Program Files\HBXL
2008-01-16 19:34

---

d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-01-16 19:16

---

d

---

w C:\Program Files\Common Files\LightScribe
2008-01-16 19:11

---

d

---

w C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-16 19:03 62,592 ----a-w C:\WINDOWS\system32\drivers\moufiltr.sys
2008-01-16 17:48

---

d

---

w C:\Program Files\Common Files\InstallShield
2008-01-16 17:45

---

d

---

w C:\Program Files\C-Media
2008-01-16 17:16

---

d

---

w C:\Program Files\SpeedTouch
2008-01-16 17:15

---

d

---

w C:\Program Files\Wanadoo
2008-01-16 17:15

---

d

---

w C:\Program Files\Thomson
2008-01-16 17:12

---

d

---

w C:\Program Files\SEC
2008-01-16 16:59

---

d

---

w C:\Program Files\microsoft frontpage
2007-12-20 23:11 81,920 ----a-w C:\WINDOWS\system32\IEDFix.exe
2007-12-13 19:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 09:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-12-03 18:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2005-11-21 03:25 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

<pre>
----a-w           847,872 2008-01-17 15:17:45  C:\RECYCLER\S-1-5-21-1614895754-1979792683-839522115-1003\Dc14\SpyHunter\SpyHunter3 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-22 09:50 262144 --a

---

C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8B68564D-53FD-4293-B80C-993A9F3988EE}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{98828DED-A591-462F-83BA-D2F62A68B8B8}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-02-22 09:50 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-18 09:19 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2005-11-21 03:25 1581056 C:\WINDOWS\mixer.exe]
"MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [2008-01-18 09:16 1089536]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2008-01-18 09:16 155648]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:56 15360]
C:\Documents and Settings\murdo\Start Menu\Programs\Startup\
VinylMaster Pro Toolbar.lnk - C:\Documents and Settings\murdo\Application Data\Microsoft\Installer\{BA9030CF-606B-42F6-ACD5-BB95219EED68}\toolbar.exe [2008-01-17 12:53:46 496128]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Color Calibration.lnk - C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe [2008-01-16 17:49:03 36864]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-17 14:12:39 124400]
MagicTune3.5.lnk - C:\Program Files\SEC\MagicTune3.5_Client\MagicTuneTray.exe [2008-01-16 17:49:06 45056]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2008-01-16 17:12:01 155715]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Azureus\\Azureus.exe"=
R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-01-31 12:16]
R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys [2005-04-22 19:35]
R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2008-01-16 19:03]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 08:33:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

---

Other Running Processes

---

.
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\vmpro\toolbar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\ntvdm.exe
.
**************************************************************************
.
Completion time: 2008-02-28 8:35:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-28 08:35:49
ComboFix2.txt 2008-02-26 14:44:34
.
2008-02-27 03:00:43 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:37:17, on 28/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\vmpro\toolbar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\mk2cosorth.exe.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VinylMaster Pro Toolbar.lnk = ?
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201081352296
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7119 bytes

Veka

Could you please post the results of the Virustotal scan.


What happened to BitDefender, as I don't see it runnning.

Please re-install BitDefender or choose one free AntiVirus program below.

AntiVir
AVG Free Edition
avast! 4 Home Edition

Install and reboot your computer.


Step 1:

Click Start and then Run. Type (or copy & paste) and click OK

notepad C:\delete.bat

Post the results back here.

Step 2:

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

mk2cosworth

thank you here are the results

virus total scan
| Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

File toolbar.exe received on 02.27.2008 22:25:00 (CET)
Current status: finished
Result: 0/32 (0.00%)

Compact
[URL="javascript:window.print()"]Print results[/URL]

AntivirusVersionLast UpdateResultAhnLab-V32008.2.27.02008.02.27-AntiVir7.6.0.672008.02.27-Authentium4.93.82008.02.27-Avast4.7.1098.02008.02.27-AVG7.5.0.5162008.02.27-BitDefender7.22008.02.27-CAT-QuickHeal9.502008.02.26-ClamAV0.92.12008.02.27-DrWeb4.44.0.091702008.02.27-eSafe7.0.15.02008.02.26-eTrust-Vet31.3.55672008.02.27-Ewido4.02008.02.27-FileAdvisor12008.02.27-Fortinet3.14.0.02008.02.27-F-Prot4.4.2.542008.02.27-F-Secure6.70.13260.02008.02.27-IkarusT3.1.1.202008.02.27-Kaspersky7.0.0.1252008.02.27-McAfee52392008.02.27-Microsoft1.33012008.02.27-NOD32v229062008.02.27-Norman5.80.022008.02.27-Panda9.0.0.42008.02.27-Prevx1V22008.02.27-Rising20.33.22.002008.02.27-Sophos4.27.02008.02.27-Sunbelt3.0.893.02008.02.23-Symantec102008.02.27-TheHacker6.2.9.2292008.02.25-VBA323.12.6.22008.02.27-VirusBuster4.3.26:92008.02.27-Webwasher-Gateway6.6.22008.02.27-Additional informationFile size: 496128 bytesMD5: a49377ab75641672e4ea1b7f6172c127SHA1: 3dad1a43f7127b1ad8c162b1056456e756535f17PEiD: -

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.


VirusTotal © Hispasec Sistemas - Blog - Contact: gt('info'); info@virustotal.com

Notepad

@ECHO OFF
del "%programfiles%\Adverts\uninst.exe" /Q > NUL 2> NUL
rmdir "%programfiles%\Adverts" > NUL

Kasperspy

KASPERSKY ONLINE SCANNER REPORT Friday, February 29, 2008 7:27:28 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/02/2008
Kaspersky Anti-Virus database records: 585960
Scan SettingsScan using the following antivirus databaseextendedScan ArchivestrueScan Mail BasestrueScan TargetMy ComputerC:\
D:\
E:\
F:\
G:\
M:\
N:\
O:\ Scan StatisticsTotal number of scanned objects37054Number of viruses found4Number of infected objects22Number of suspicious objects0Duration of the scan process01:42:17
Infected Object NameVirus NameLast ActionC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\SITEguard\siteguard.db Object is locked skipped C:\Documents and Settings\All Users\Application Data\STOPzilla!\sgdefs.db Object is locked skipped C:\Documents and Settings\All Users\Application Data\STOPzilla!\targets.db Object is locked skipped C:\Documents and Settings\All Users\Application Data\STOPzilla!\userdata.db Object is locked skipped C:\Documents and Settings\All Users\Application Data\STOPzilla!\zilla5.log Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\murdo\Cookies\index.dat Object is locked skipped C:\Documents and Settings\murdo\Desktop\Nero-8.2.8.0_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped C:\Documents and Settings\murdo\Desktop\Nero-8.2.8.0_eng_trial.exe 7-Zip: infected - 1 skipped C:\Documents and Settings\murdo\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped C:\Documents and Settings\murdo\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped C:\Documents and Settings\murdo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\murdo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\murdo\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\murdo\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\murdo\NTUSER.DAT Object is locked skipped C:\Documents and Settings\murdo\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped C:\Program Files\Softwin\BitDefender8\Quarantine\pmnlllm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\eahjbgsr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hnqlpgmb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\iwygxfko.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\jbbtntex.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\kptcjuwn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\oiabqtun.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\rjqjsefu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\catchme2008-02-26_144148.20.zip/urqppom.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\catchme2008-02-26_144148.20.zip/vtuts.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\catchme2008-02-26_144148.20.zip ZIP: infected - 2 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{21A0BD0C-D7C0-4866-9054-F45FF3B36330}\RP71\A0022637.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bce skipped C:\System Volume Information\_restore{21A0BD0C-D7C0-4866-9054-F45FF3B36330}\RP78\A0028137.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{21A0BD0C-D7C0-4866-9054-F45FF3B36330}\RP78\A0028138.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{21A0BD0C-D7C0-4866-9054-F45FF3B36330}\RP78\A0028139.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{21A0BD0C-D7C0-4866-9054-F45FF3B36330}\RP78\A0028140.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{21A0BD0C-D7C0-4866-9054-F45FF3B36330}\RP78\A0028141.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{21A0BD0C-D7C0-4866-9054-F45FF3B36330}\RP78\A0028142.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{21A0BD0C-D7C0-4866-9054-F45FF3B36330}\RP78\A0028143.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{21A0BD0C-D7C0-4866-9054-F45FF3B36330}\RP85\A0029713.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{21A0BD0C-D7C0-4866-9054-F45FF3B36330}\RP86\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\ME-D758F05D6D2E.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\bdss.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\TEMP\tmp00004934\tmp00000000 Object is locked skipped C:\WINDOWS\TEMP\ZLT04913.TMP Object is locked skipped C:\WINDOWS\TEMP\ZLT04917.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

Veka

Post a fresh HijackThis log, please.

mk2cosworth

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:16, on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\vmpro\toolbar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\mk2cosorth.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VinylMaster Pro Toolbar.lnk = ?
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201081352296
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF5592DE-8E44-4887-AC67-2D51733BB04E}: NameServer = 195.92.195.94 195.92.195.95
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 8234 bytes

Veka

Looks good!

Please empty C:\QooBox\Quarantine folder

You can also remove this file C:\delete.bat


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

For cookies issue, see here

Next we remove all used tools.

Please download OTMoveIt2 and save it to desktop.

• Double-click OTMoveIt2.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt2 attempting to contact the internet, please allow it to do so.

• Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
  
  You can find instructions on how to enable and re-enable system restore here:
  
  Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

• Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!