Natwak

$10 through Paypal for whoever is the FIXER of the problem

SHARED COMP BY THE WAY.
Spybot says no Malware, I know thats a lie =/ So Basically I NEED HELP

All Processes, Cant work out how to delete read the 5 steps and was still confused.

// 3101 products on list:
007 Spy Software
00SyncNet
123Keylogger
180Solutions.Iyus-M
180Solutions.MediaGatewayX
180Solutions.SearchAssistant
180Solutions.SearchAssistant
180Solutions.SearchAssistant
180Solutions.SearchAssistant.Boomerang
1und1_Haxdoor
1und1Bill.Fake
2020Search
2020Search
22ndStreetComputers.PS3_fraud
29a7
2Search
2Spy!
3BSoftware.RegistryRepair
3D Canvas
3wPlayer
602Pro PC SUITE (602Photo v2001)
602Pro PC SUITE (602Tab v2001)
602Pro PC SUITE (602Text v2001)
7FaSSt
7FaSSt
7-Zip
91Cast
A.I.S.
AB System Spy
ABC-Keylogger
ABetterInternet
ABetterInternet.Aurora
ABetterInternet.DHCP
ABetterInternet.imGiant
ABetterInternet.iSearch
ABI Coder
AbraShvabra.Lolita
Absolutee.Launcher
Absolutee.PornoHome
Acceler8or Project
Accoona
AccountMaker
ACD FotoCanvas 3.0
ACD FotoSlate 3.0
ACDSee
ACDSee 5.0
ACDSee 6.0
AceHTML 5
AceMoney
AcidAlliance
Aconti
Action Liveshow Showtime
Actions Monitor
Activity Logger
Activity Monitor
ActivityKeylogger
ActMon-Pro
Actual Keylogger
ActualNames.AdvSearch
ActualSpy
ACXInstall
AdArmor
Ad-Behavior
Adblaster.Info
AdBreak
Adbureau
Adclicker
AdCom
AdDestroyer
Addictive Technologies
AdGoblin
AdiDas
Adi-Das
Adir.Wget
AdMedia
Admess
Admilli Service
AdMoke
AdMoke.a
AdMonitor
Adobe Acrobat eBook Reader
Adobe Acrobat Reader 4
Adobe Acrobat Reader 5
Adobe Acrobat Reader 6
Adobe ImageReady 7.0
Adobe Photoshop 7.0
Adobe Save For Web 3.0
AdobeR.PassGenerator
ADOS
Adpowerzone
Ad-Protect
AdRevolver
AdRoar.Cpr
AdRoarPlugin
AdRotator
AdsAlert
AdsContex.URLChanger
Adserver
Adshooter.Drs
AdSponsor
AdSpy.TTC
ADS-Remover
AdsStore
AdStatus Service
Adtomi BHO
Adtomi.YahooStocks
AdtomiAdware
Adult Box
AdultChat
AdultLinks.QaBar
AdultLinks.QcBar
AdultStore
Advanced Grapher
Advanced Maillist Verify
AdvancedIEBar
AdvancedKeylogger
AdvertBar
Advertising.com
Adviva
AdWare Pro
Adware.IEPageHelper
Adware.Syslibie
Adware.Webext
Adware.ZioCom.B
AdwareAlert
ADWareBazooka
AdwareDeluxe
AdwareFinder
Adware-Patrol
AdwarePunisher
Adware-Remover
AdwareSheriff
AdwareSpy
AdwareX Eliminator
AE Covert Operation Monitor
Aest
AffiliateFuel
After Shot
AFX Rootkit
Aged Photo
Agent.ad
Agent.SpamBot
Agent-BR2
AgentSpyware
Agobot
Agobot.Backdoor
Ahead Nero Burning Rom
Ahead Nero Cover Designer
Ahead Nero ImageDrive
Ahead Nero SoundTrax
Ahead Nero Wave Editor
Ahead NeroMIX
Ahead NeroVision Express 1.0
AIMaster
Aimbot.MSN
AKCom
Alcohol 120%
Alcohol 120% Keygen
AlertSpy
Alexa
Alexa Related
Alisys Software
Allaire Homesite 4
AllCyberSearch
All-In-One Telcom
AllInOneKeylogger
Alltrade
Allwebsearcher
Altnet
AmericanMedicalOnline
Amiboide
Amircivil
Amitis
AnaFTP
Anal-Oral.WinMain
Animation Shop 2
Animation Shop 3
AnotherBot
AnotherBOT
AntiDupeSix
Antigen
Antilam
AntiSpyWare2007
AntiSpywareBOT
AntispywareSoldier
AntiverminsPro
AntiVirGear
Anti-Virus-Pro
Anyforce.Bot
AOLTrojan
Aornum
Apophis Software
Apphunter
AppsTraka
AppWizz
Apropo.Xenwan32
Apropos.ax
Apropos.ContextPlus
AproposMedia
AproposMedia
AproposMedia
Aqueduct Profiler
Arachnophilia 4.0
ArcSoft Panorama Maker 3.x
ArcSoft Photo Base 3.0
Ardamax
Ardamax
Ardamax
Ardamax.GWKeygen
Ardamax.Rose
Area
Armageddon
Asassin
AsianRaw
Ask.MyGlobalSearch
A-Spy 2.11
AstaKiller
AtHoc
ATL
ATLEvents.ATLEvents
ATLEvents.ATLEvents
Attune
AUpdater
Aureate
Auscomp eNavigator Suite 2000
Autodialer
AV Devil
AV Devil 2
Av.Sinkin
Avenue A, Inc.
AV-Gold
AV-Killer
Awmcash.biz
Axfibula
AxFreeAccess
AX-Icons 4.x
Axis
AYOSpy
AzeSearch
AzoogleAds
Babylon Translator 2.2
Babylon Translator 4.x
BabylonX Cracker
Baciami
BackAge
Backdoor.Amasso
Backdoor.Win32.MsnLog
Backdoor.Win32.SDBot
Backdoor.Win32.SdBot.gen
BackOrifice.B
BackOrifice2k
Badrat
Baigoo.a
BancBan
Bancos
Bandook
BankAsh
Banker.abj
Banker.AGA
Banker.AHY
Banker.anv
Banker.ceu
Banker.CN
Banker.Delf
Banker.FakeMSNMessanger
Banker.FAT
Banker.phb
Banker.PorSMTP
Banker.PorSVC
Banker.R
Banker.Winload
Banker-AJD
Banload
Banload.BHI
Banload.bjh
Banload.bsr
Banload.bui
Banload.ScrTaskList
Banload.sr
Banload.Terra.Scr
Banload.WLS
BannerRotator
BAT.KillAV
Batty
BD Internet Billing
BDE Projector
BDE Projector
BDHelper
Bearshare
Beast
BeastDo.Pztrain
Beasty
BeateUhse
Belamor live
Benjamin
Bestdialer
BestHomepage
Bestsearch.Scvhost
Bestsearch.Scvhost
BestToolBars
BFast
BHO.IESpy
BHO-Seed
Bifrose.gen
Bifrose.LA
Bifrose.LA
Bifrost
BigNaturalBoobs
BillByCall
Bills.Inc
BioNet
BlackCore
BlackWidow 4.0
BlackWidow 4.0 Webfile Loader
BladeRunner
BlazeFind.AUpdate
BlazeFind.Bridge
BlazeFind.Browserhelper2
BlazeFind.Browserhelper3
BlazeFind.Browserhelper5
BlazeFind.SearchBarCash
BlazeFind.SearchEnhancer.ISTbar
Blazefind.SearchRelevancy
Blind Downloader
BlindWrite Suite (BlindRead)
BlindWrite Suite (BlindWrite)
Bloodhound.Pack
Bloodhound.WMF
Blue Eye Bot 2.0
Bluemountain
Blue-Series
BlueStreak
Bluettooth
Bono
BonziBuddy
BookedSpace
BookmarkExpress
Bopup Secure Messenger
Boran.g
BossEveryware
BPS Spyware Remover
BPS Spyware Remover
Brainbuster brainbot
BraveSentry
BreakSpyware
BridgeTrack
BroadcastPC
BrowserAid
BrowserAid.CashToolbar
BrowserAid.FeaturesResults
BrowserAid.INetP
BrowserAid.LetsSearch
BrowserAid.QuickLaunch
BrowserAid.RunDll
BrowserToolbar
Browsezilla
BTV
BTV Industries
BugsPrey
BuilderX
Bulla
Busky.Gen
ByteVerify
C2 Media Ltd
C2.lop
C2.lop
C2.lop
C2.lop.AproposMedia
C2.lop.BuildSend
C2.lop.BuildSend
Cabrotor
Cache
Cactus.D
Caishow
CallingHome.biz
CallingHome.biz
CallingHome.biz
cam2pc
cam2pc
Canon ZoomBrowser EX
Card4Fun
Carima Enterprises
Carima Enterprises
Carima Enterprises
CarpeDiem Vars
CarpeDiem Vars
Cartao
CasaleMedia
CAS-Client
CashBar
CashDeluxe
Cashsaver
Casino
Casinopalazzo
Casinopalazzo
CasinoPopupStuff
CasinoRoyal.PT
Cassava
CastGen
Catal
Cbit-Solutions
Cbit-Solutions.PlayGames
CC2Bank
CDilla
CDilla
CDownCom
CD-R Diagnostic
CEDPStealer
Celebrita
Central24
CentrPort
Cesmo
CgiPro32
ChameleonSearch
ChaseCreditApplications.com
Chat-2003
Chatpoint
Chin
CiD.IEPop
Cimuz
Cimuz
CIOLE.Media.Extension
Citofarera
ClearSearch.Net
ClearSearch.Net
CleverIEHooker.Jeired
Click.Agent.np
Click.AgentHI
ClickAgents
ClickAlchemy
Clickbank
ClickConsulting
Clicker.BWJob
Clicker.Small.Jf
ClickFinders
Clickme-Uyelik.net
ClickTheButton
ClickTillUWin
ClickToSearch
ClickYesToEnter
ClickYesToEnterLtd.
ClientMan
ClimaxBucks.InternetOptimizer
Clipgenie.DownloadWare
ClipRex.DVDCodec
CliprexDVDPro
CloneCD
CloneDVD
ClonySoft.VistaOneClickActivator
Cloud 9 Inc
CL-PRS
ClubPrive
ClunkBiz
CMFibula
CN.wAQdN
CNetAdd
CnsMin
CnsMin
CnsMin.EasyService
CnsMin.mm
CnsMin.ZsMod
Codename Alwin
CodeWeb
CoffeeCup GIF Animator
Colorado.ClipboardAdmin
Comet Cursors
Comet Cursors
Comfix
Comload
Comload
Comload
Command Service
Command Service
CommanderNet
Commission Junction
Common Dialogs
Commonname
CommonName
CompressIt
ComputerMonitorKeylogger
ComputerMonitorKeylogger
Comsoft
Conducent TimeSink
Config-Wizard
ConHook
ConHook-N
Connect MFC Application
ConnectMePlus
Consul-Info B.V
Contenido
Contra-Virus
ControlRandom
Cookie
Cool Page
CoolSearcher.Info
CoolWWWSearch
CoolWWWSearch
CoolWWWSearch
CoolWWWSearch.008k
CoolWWWSearch.Aboutblank
CoolWWWSearch.Addclass
CoolWWWSearch.Aff.Iedll
CoolWWWSearch.Aff.Madfinder
CoolWWWSearch.Aff.Winshow
CoolWWWSearch.Alfasearch
CoolWWWSearch.AllCyberSearch
CoolWWWSearch.am
CoolWWWSearch.BadZoneMap
CoolWWWSearch.BlowSearch
CoolWWWSearch.Bootconf
CoolWWWSearch.Botnet
CoolWWWSearch.CameUp
CoolWWWSearch.Compstuic
CoolWWWSearch.Control
CoolWWWSearch.Crypt
CoolWWWSearch.Ctfmon32
CoolWWWSearch.Datanotary
CoolWWWSearch.Dnsrelay
CoolWWWSearch.Dreplace
CoolWWWSearch.Feat2DLL
CoolWWWSearch.Feat2Installer
CoolWWWSearch.Gonnasearch
CoolWWWSearch.GonnaSearch
CoolWWWSearch.Googlems
CoolWWWSearch.HomeSearch
CoolWWWSearch.HTMLEdit
CoolWWWSearch.ICOO Loader
CoolWWWSearch.IE-Extension
CoolWWWSearch.IEFeatInst
CoolWWWSearch.IEFeatSL
CoolWWWSearch.IELinks
CoolWWWSearch.Leftovers
CoolWWWSearch.Loadbat
CoolWWWSearch.Msconfd
CoolWWWSearch.Msconfig
CoolWWWSearch.mshp
CoolWWWSearch.Msinfo
CoolWWWSearch.Msoffice
CoolWWWSearch.Msspi
CoolWWWSearch.Mupdate
CoolWWWSearch.Oemsyspnp
CoolWWWSearch.OleHelp
CoolWWWSearch.Oslogo
CoolWWWSearch.PinAccessCode
CoolWWWSearch.PopupBlocker
CoolWWWSearch.Qttasks
CoolWWWSearch.SearchAssistant
CoolWWWSearch.SearchHook
CoolWWWSearch.SearchKlick
CoolWWWSearch.SearchToolbar
CoolWWWSearch.Service
CoolWWWSearch.SlawSearch
CoolWWWSearch.SmallM
CoolWWWSearch.Smartfinder
CoolWWWSearch.SmartSearch
CoolWWWSearch.SmartSearch-Gal
CoolWWWSearch.Svchost32
CoolWWWSearch.Svcinit
CoolWWWSearch.SVCPack
CoolWWWSearch.Svhost
CoolWWWSearch.Tapicfg
CoolWWWSearch.TheRealSearch
CoolWWWSearch.Toolband
CoolWWWSearch.ToonComics
CoolWWWSearch.Vrape
CoolWWWSearch.WCADW
CoolWWWSearch.WinProc32
CoolWWWSearch.WinRes
CoolWWWSearch.WinSearch
CoolWWWSearch.WinSecurityCenter
CoolWWWSearch.Xmlmimefilter
CoolWWWSearch.XPlugin
CoolWWWSearch.Xxxvideo
CoolWWWSearch.Yexe
CoolWWWSearch.Zonealarm
Cool-XXX
Copiloto
Corel Paint Shop Pro XI
CoreMetrics
COSMI
Coulomb Ltd.Content Access Plugin
CouponAndOffers
CouponBar
CPXinteractive
Crackspider
Cram Toolbar
CramToolbar
CrawlwsToolbar
CrazyGirls
Crazywinnings.Inc
Crazywinnings.Inc
Creative MediaSource
Creative PlayCenter 2
Creative Technologies
Creative WaveStudio
Creazione
Crowt-A
Crypt.PCMM
Crypt.RegScan
Crypt.Spambot.qk
Crypt.XPACK
Cryptic
CtyBank.Sound
Cubasis InWired
CurePCSolution
CuteFTP 5.0
CuteHTML
Cyber Informer v.11.0
Cyber Snoop Desktop
CyberBill
CyberDefender
CyberSearch
CyberSpy
Cydoor
Cygnus HEX Editor
Cytron
Da Hang Ji Ye
Dadobra
DailyToolbar
DarkIRC.A
Darkonia
DarpMeter
DaRu.Revolto
Data789
Dataline
Datingbox.nl
DatingSearch
Daugeru
dBpowerAMP
DCON
DDE Control
DealHelper
DeardRocher
Deep Dive
DeepDive
DeepDive
DeepScan.Zet
DeepThroatOrgasm
DeKnop Button Manager
Delf.AG
Delf.DDOS.fi
Delf.LH
Delf.Sysmd
Delfin Project
DelfinMedia.ViewerAdware
DeltaClick
DelWin
DerBiz
Deskbar
Deskbar
Desktop Detective 2000
Desktop Snooper
Desktop Spy
DesktopSearch
DeskwareSearchAddon
Deskwizz
DevNet-Software-Group
DiabloKeys
Dial Rapid
Dialer Maker
Dialer.GlobalAccess
Dialer.GlobalAccess
Dialer_XX
DialerPlatform
DialerPlatform
Dialerweb.Ruboskizo
Dialui-A
DialXLite
DiaRemover
DigiKeygen
Digital-Hack
DigitalNames
DILoader32
DIMIN Image Viewer
Dini
DioCleaner
Direct Dialer
Direct TV Icon
DirectTrack
DittoSideBar
Divago.Surfairy
DivoCodec
DivX Player
DKAndSuns Fake Security Toolbar
DLoader.CQTU
Dloader.WL1934
Dloader-Agent.WN
Dloader-BK
Dloader-MG
DLuca
Dluca.CWAD
Dluca-M
Dmcast.Toolbar
DocTor
Doctor-Adware
Doctor-Adware-Pro
Doctor-Adware-Pro
DoctorSpyware
Doly
Domestic Germany
DotComToolbar
DotcomToolbar.LinkSummary
DoubleClick
Download Accelerator Plus
Download Express
Downloader.ACF
Downloader.Adload.aa
Downloader.Delf
Downloader.Dstart
Downloader.Small.Dgk
Downloader.Tsupdate.L
DownloadMax
DownloadWare
DownloadWare.SED
DownLord
DplogNet.SvcHost
Dr.PMon
DR.Small.n
DrAntispy
DriveCleaner 2006
DriveCleaner 2006
Dropper
Dropper.Mondo
Dropper.ragger
DropSpam
DropSpam
DSplit
DSSAgent
DuDuAccelerator
Dumaru
Dumaru
Dummy
Duolaimi
DuplicateFileKiller
DutchWeb24
DVD Shrink
DVD Shrink 3.1
DyFuCA
DyFuCA.InternetOptimizer
DyFuCA.SafeSurf
Dynamic Desktop Media
DynDNS-Updater
E.C.S. International.Downloader
E2Give
eAcceleration
Easi Mp3
Easy CD Creator
EasyInstall
EasyKeylogger
Easy-Spyware-Killer
EazyDial
EbayBill.F
eBayToolbar.v1
eCommerce
EditPad Lite
EES-Gateway
EffectiveBandToolbar
EGDAccess
EGDAccess
EGen
E-Gold
eGroup
eGroup.InstantAccess
Eicar-AV-Test
Electronic.Group.Porn
Element
Elite Keylogger
Elitec
Elitum.EliteBar
Elitum.Elitebar.Pokapoka
Email Spy Pro
Email-Stealer-MAPI32
EmployeeMonitoring
EMSAT
E-MusicA
EnConfidence
EnergyFactor
EnergyPlugin
Engage, Inc.
EngergyFactor0190
Enliven
EnterCasino
EOPS-Connector
Eraser
Erazor
Erdial
ErKup
Erodata
Eros
Eros Paradise
Erostars
ErrorDoctor
ErrorGuard
ErrorKiller
ErrorSafe
ErrorSafe
eStart
eSupport.FFBiosExt
ETD-Security-Scanner
Ettray
eUniverse
eUniverse.IncrediFind
eUniverse.PowerSearch
eUniverse.SearchBar
eUniverse.UpdMgr
EuroKlik
E-Ventures N.V.
E-Ventures N.V.FWNToolbar
E-Ventures N.V.PCSkinsBrowser
EverAd
EverestPoker
Evil Pop Ups
EvilEye
EvilEye
Evil-VNC
Evirgola
EvolutionHTTP
eXact Advertising.BargainsBuddy
eXact Advertising.BargainsBuddy
eXact Advertising.eXactSearchbar
Excite
EXDialer
Exolon
Expedioware
ExpertAntivirus
Exploit.Anifile
ExPup
EyeSpyNow
EzCyberSearch
ezCyberSearch.SureBar
EZ-Searching
EZ-Snoop.Server
eZula HotText
Fairdialer
Fake.AVG-Beta
Fake.AviraBill
Fake.Gmer
Fake.IKEA-Bill
Fake.NetworkClient
Fake.Oleext
Fake.Sys-Browser
Fake.Wget
Fake.Windows_API_Library
Fake.WinsDriver
Fake.Winupdates.WSCSVC_kill
Fake.xpRecovery
Fakealert
Fakealert.BraveSentry
FakeBill
FakeEbayBill
FakeLogin.Gen
FakeMSFirewallUpdate
FakeMSN8Beta
FakeScreener.CBrowserHelper
fakeWGA
FamilyCyberAlert
FamilyKeyloggerProDemo
FAR Manager
Farmmext
FastAdvert
FastClick
Fast-Dialer
FastFind.SubSearch
FastFinder BHO
FastSeeker
FatPickle
FCB
FCHelp
FCI
FCI.FCDialer
Fearless Key Spy
Feneas
Ferret
FileFaker
FileFreedom
FileZilla
FindSpy.A
Firegraphic
FirePass.E
Firewall Nuke
Firewall_Anti
FixerAntispy
Fizzlebar
Flash.Auto.CN
FlashDollars.AntiVirusProtection
FlashDollars.RegistryRepair
FlashDollars.SpywareRemover
FlashDollars.SpywareRemover
FlashGet
FlashTrack
Flashtrack Flashenhancer
Flycast
Flyswat
Focalink
Forbot
ForcedControl
FotoAlbum
FotoCanvas Lite
Fotonija Alkonas
FotosScreenSaver
Fraud.ProtectionBar
Fraud.ProtectionBar
Fraud.XPAntivirus
Free History Cleaner
FreeCurb
FreeHQMovies
FreeKeylogger
Free-Key-Logger
FreeKeylogger.CN.a
FreeScratchAndWin
FreeScratchCards
Freeze
Fresh Girls
Fresh Girls
Freshbind
FreshDownload
Frichi
FriendGreetings
FServices
FTP Center 1.1
FTP Center 1.3
FunnySounds
FunWeb
FunWebProducts
Futuris Imager
Gabest Media Player Classic
GAIN.DashBar
GAIN.DashBar
GAIN.Gator
Gaobot
Gekolab
German Porn Hijack
GermanPornHijack
GetPostLog
GetRight
GEZBill.Fake
Ghostlogger
GIGAsearch
GigaTech SuperBar
GJeans30
Global Dialer
Global Internet Billing
Global Netcom
Global Patrol
GlobalWebSearch
GoAstro.rtk
GoCyberSearch
Godmessage
GoHip
GoInDirect
Goldeneye
GoldenEye
Goldengr.WMF
GoldenKeylogger
GoldenPalace.Casino
GoldenRivieraCasinoLoader
GoldSpy
Goldun
Goldun.IESwap
Goldwave
Goodbye-Spy
Google Toolbar
GraceCasino
GrandVirtualCasinoLoader
Gratisware
GrokLoader
Grokster.Install
Grokster.Mayan
Grokster.Topsearch
GSpot
GTDownloader
GuardianMonitor
Gunbound
Guptachar
Gwtbob
GXB LTD
Hachimitsu-Lemon
Hack99
Hackarmy
Hack'a'Tack
HackDefender
Hacked.Gmer
Hacker.ag
Haczyk.Ulubione
Hammer Binder Update
Hammlo
Handy Pin Hacker
HandyKeylogger
HangUpTeam.TechnicRat
HappyToFind.Toolbar
Harvester 2003
Hastalavista
Haxdoor.DVB03a
Haxdoor.gx
Haxdoor.J
Haxdoor.Ki
Haxdoor-H
Haxdoor-H
HB.RichMedia
HB.RichMedia
HBCL
Hellz Little Spy
Herman Agent
Hex Editor
HG ICQ Notify
Hi Speed I.S.C
HighSpeed Connector
Hippy Notify
HitBox
HitBoxCentral
HitsLink
HitVirus
Holistyc
HomelandNet.DL
Hookdump
HotAndSexy
Hotbar
HotKeysHook
Hotmail Hack
Hotplug
HotsearchBar
HOTXXX
HP Image Editor
HPT.RSV
HTMLedit
Httper
HTTrack Website Copier
Humble
Huntbar
Huntbar.Stoolbar
Huntbar.Web Search
Hupigon
Hupigon
Hupigon.BitLord
Hupigon13
Huysuzseks
Hyperion HyperSnap-DX 5.x
Hyperlinker
Hyperlinker
Hyperlinker
IAGold
IA-Gold
IAmBigBrother
IberoDialer
IBIS Toolbar
IBS
ICommerce Solutions.DSManager
IconDropper
ICQ_Trojan
ICQPager-C
ICQ-SpyMonitor
ICS.WMF
IdealWorldOnline.SpyGone
IDialer
IE Plugin
IE Plugin
IEFeatinstaller
IEfeat-J
IEfeat-K
IEHelper.e
ieHook.SmtpTrojan
IEMonit.Adult
IEPlugin.Search
IEReport
Iesar
IESP2.SpyZM
IGetNet
IGetNet.ClearSearch
IGetNet.WinStart
Iitelkom GmbH
I-Lookup
I-Lookup.abeb
I-Lookup.GWS
I-Lookup.SpiderSearch
I-Lookup.Windec
Image Analyzer
IMG.WMF
imgThumb
IMNames
Impact Microangelo 5.x
Impact Microangelo 98
IMS Web Dwarf
IMSC.Chat-and-Flirt
IMSurfSentinel
Inet Delivery
InetLoader
INetSpeak
Infomeca
Informer
Infosestimas
InfoSpace.Dogpile
Infotel Servizi s.r.l.
Inno Setup
Innovagest2000.1stAntiVirus
Innovagest2000.AlfaCleaner
Innovagest2000.SpyDeface
Innovagest2000.XSRemover
Insane 3d Flash Animator 3.x
Inside Keylogger
Instafin
InstaFink
Instant Access
InstantMessenging-PasswordStealer
Intellitracker
InterFun
Interlaced
InterLyn PrePromote4
Internet Explorer
InternetWasher
InterSysInc
Intexp.D
IntraSpy
Investigator
Invisible Keylogger Stealth
Iopus
IPBill
iPend
IPFW
iPhox
IPinsight
IPScan
IPXKCR
Irc.Agobot
IRC.Sdbot
IRC.Zapchast
IRCBot
IRCBot
IRCBot.gen
IRCBot.Player
IRC-Bot.troyan
IRCBot-TK
IRC-Worm 1.4
iSearch
i-search.us
ISearchTech
ISearchTech.CSearch
ISearchTech.Emusic
ISearchTech.Glophone
ISearchTech.ISTactiveX
ISearchTech.ISTbar
ISearchTech.ISTbar
ISearchTech.ISTbar
ISearchTech.ISTDownloader
ISearchTech.ISTGammainstaller
ISearchTech.ISTrecover
ISearchTech.ISTsvc
ISearchTech.ISTsvc_Updater
ISearchTech.Javainstaller
ISearchTech.Netscape Plugin
ISearchTech.PowerScan
ISearchTech.Qidion
ISearchTech.SexyVideo Screensaver
ISearchTech.Sidefind
ISearchTech.SideFind
ISearchTech.Slotch
ISearchTech.YSB
ISearchToolbar
Isobuster
ISP Dialer
Isponer
ISpyNow
iSpyNow 3
IStartHere
Italian Frameless
IVolti
IwantSearch
IwantSearch
I-Won
IZArc
Java Runtime Engine
jetAudio
Jethomepage
JimmyHelp BHO
JimmySurf BHO
Jupilites
Kalmarte
Kalmarte
KaosKaiser.PSPVKS_II
KaoTan-A
Kazaa.Irc.DarkIrc11.LiteStalky
Kazaa.Irc.DarkIrc11.LiteStalky
Kazaa.Irc.DarkIrc11.LiteStalky
Kazaa.Irc.SpyBot.RoyLomag
Kazaa.Irc.SpyBot12.RoyLomag
Kazaa.Irc.Spybot13.World
Kazaa.Irc.Spybot13.WorldNL
KBui32.SMTP
KD MakeThumbs
KDS Keyspy
KeenValue.eUniverse.MyFreeCursors
KeenValue.PerfectNav
Kelvir
Kernell
KEXplorer
Keyboard Guardian
Keyboard Spectator
Keycorder
KeyExplorer
Keygen.elk
KeyGenGuru
KeyloggerExpress
Keylogger-Pro
KeyLog-TweakPan
KeySpy
Keystroke Reporter
KeywordHijacker
Khaos
KillAndCleanScanner
KillaStealth.A
KillAV
KillAV.HostsMgr
Killer
KillFiles
KillSec
KillSpy
KingHomeLogger
Klez
KLogger
Klorin
K-MP3
Kolweb.B
Kolweb-N
Krepper-G
Krepper-G
KStealth
Kuaiso.a
Kuasio.Ka
Lagos
Latinus
Laypros
LD.WMF
LDPinch.csrss
LdPinch.JVR
LeechGet
Leena
Left.Mask
LetsCool.Wallpaper
Libera
Libero Media
Lineage.DN
Lineage-BA
LinkMaker
LinkReplacer
LinkSynergy
Liquid Inc
Litmus
LiveSVC.Wintrim
Lizardbar
LoadFonts
LoadHTML.BHOPopup
LocalKeyloggerPro
LocatorBar
Locksky
Locksky.NAG
LocusSoftware.BestsellerAntivirus
LocusSoftware.PCPrivacyTool
LocusSoftware.SecurePCCleaner
Log
Logo-Attack
LogoManager
Lohocla.A
Lolita4All
Look2Me
Look2Me.BM2
Look2Me.Topconverting
LookThru
Lop
Lop.IE_ads
LordOfTibia
LoudMarketing.WinFavorites
LowZones.df
LSA
LttLogger
Luxar
LView Pro Image Processor 2002
L-Xplorer88
Lycos.SideSearch
LZIO.Small
Macromedia Director MX
Macromedia Dreamweaver MX
Macromedia Firework
Macromedia Flash MX
Macromedia FreeHand MX
Macrosoft
MacroVirus
MadoogaliAd
MafiaPics
Magic Mail Monitor
MagicAntiSpy
MagicControl.Agent
MagicControl.Av
MagicControl.WinMgts
MagicKey
Mailbot
MailSkinner.rtk
MainPean
MakeCall
MalwareAlarm
MalwareBOT
MalwareBurn
MalwareWipe
Maran.J
Marcador
MarketDart
MarketScore
MarketScore
MarketScore OS
Marketscore.RelevantKnowledge
Mass Downloader
Masterbar
MasterConnector
Matchcraft
Matrix
Matrix Technology Network.Search Engine
MaxFiles
MaxSearch
MaxSpeed
MBKW-Bar
MDMSpy
MDSA Sentinel
Medbot
Media Access
Media Tickets
MediaLoads
MediaMotor
MediaMotor.IEMonitor
MediaPlex
MediaTickets
MediaUpdate
MediaUpdateStats
Medload
MeetingNote
Megasearch
MegaSecurity
Meliksah
Merriam-Webster toolbar
Message Mates
MessengerSkinner.rtk
MetaStop
MExplorer
MGI Photo Suite 8.x
Micro Planet Registry Studio
MicroBillingSystem
Microjoiner
Microsoft.Windows.ActiveDesktop
Microsoft.Windows.AppFirewallBypass
Microsoft.Windows.DisableCMD
Microsoft.Windows.disableSystemRestore
Microsoft.Windows.Explorer
Microsoft.Windows.FileExe
Microsoft.Windows.RedirectedHosts
Microsoft.Windows.RedirectedHosts
Microsoft.Windows.Security.FirewallOpenPorts
Microsoft.Windows.Security.FirewallOpenPorts
Microsoft.Windows.Security.InternetExplorer
Microsoft.Windows.System
Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify
Microsoft.WindowsSecurityCenter.AntiVirusOverride
Microsoft.WindowsSecurityCenter.FirewallBypass
Microsoft.WindowsSecurityCenter.FirewallDisabled
Microsoft.WindowsSecurityCenter.FirewallDisableNotify
Microsoft.WindowsSecurityCenter.FirewallOverride
Microsoft.WindowsSecurityCenter.RegistryTools
Microsoft.WindowsSecurityCenter.SP2Update
Microsoft.WindowsSecurityCenter.TaskManager
Microsoft.WindowsSecurityCenter.TaskManager
Microsoft.WindowsSecurityCenter.UpdateDisableNotify
Microsoft.WindowsSecurityCenter_disabled
MiniBug
MiniBug
MiniMo
Mirar
MITBand(CrytalsMedia)
MixMeister 3.x
MM Team
Modex
MoeMoney
MoM
Moncher
MoneyGainer
MoneyTree
Morphine
Morphine.HDR
Mosaic1
Mosuck
MoSucker
MovieLand
Mozilla
MPGCom
MrAntispy
MS AutoRoute 11.0
MS Backup
MS ClipArt Gallery 9.0
MS Direct3D
MS DirectDraw
MS DirectInput
MS Expression Web Designer 12.0
MS Fax
MS Frontpage
MS Guard
MS HTML Help Image Editor
MS HTML Help Workshop
MS Imaging
MS Management Console
MS Media Player
MS Office 10.0
MS Office 10.0 (Access)
MS Office 10.0 (Cliparts)
MS Office 10.0 (Document Imaging)
MS Office 10.0 (Document Scanning)
MS Office 10.0 (Excel)
MS Office 10.0 (FrontPage)
MS Office 10.0 (Office Startup Assistant)
MS Office 10.0 (Outlook Finder)
MS Office 10.0 (Outlook)
MS Office 10.0 (PowerPoint)
MS Office 10.0 (Schedule+)
MS Office 10.0 (Script Editor)
MS Office 10.0 (Word)
MS Office 11.0
MS Office 11.0 (Access)
MS Office 11.0 (Cliparts)
MS Office 11.0 (Document Imaging)
MS Office 11.0 (Excel)
MS Office 11.0 (FrontPage)
MS Office 11.0 (InfoPath)
MS Office 11.0 (Office Startup Assistant)
MS Office 11.0 (Outlook)
MS Office 11.0 (Picture Manager)
MS Office 11.0 (PowerPoint)
MS Office 11.0 (Publisher)
MS Office 11.0 (Schedule+)
MS Office 11.0 (Script Editor)
MS Office 11.0 (Word)
MS Office 12.0
MS Office 12.0 (Access)
MS Office 12.0 (Excel)
MS Office 12.0 (PowerPoint)
MS Office 12.0 (Publisher)
MS Office 12.0 (Word)
MS Office 8.0 (Access)
MS Office 8.0 (Excel)
MS Office 8.0 (Word)
MS Office 9.0
MS Office 9.0 (Access)
MS Office 9.0 (Binder)
MS Office 9.0 (Excel)
MS Office 9.0 (Finder)
MS Office 9.0 (FrontPage)
MS Office 9.0 (Outlook)
MS Office 9.0 (PowerPoint)
MS Office 9.0 (Publisher)
MS Office 9.0 (Script Editor)
MS Office 9.0 (Start Assistant)
MS Office 9.0 (Word)
MS Paint
MS Photo Editor
MS Picture It! 9.0
MS Picture It! 9.0 (MSN Photo module)
MS Properties
MS Regedit
MS Remote Access
MS Search Assistant
MS Snapshot Viewer
MS Visual Basic 6 - API Viewer
MS Visual Basic 6.0
MS Visual Basic for Applications
MS Visual Data Manager 6.0
MS Visual Studio 6.0
MS WebPost wizard
MS Windows Backup 5.0
MS Wordpad
MS7531
MS-Connect
MSInfoSys
MSinstall
MSN Messenger Polygamy
MSN_trojan
MSNRaptor
MSNservice
MSN-Spy
MTC.MakeMeSearch.com
MTC.Saristar
MT-Dials
MuKill
MultiBinder1.2
Munga_Bunga
Munga_Bunga
MusicMatch JukeBox
Muul.SiteHistory
muvee autoProducer Cobalt
MWSnap
MyCPMAds
MyNetProtector
MyPageFinder
MySoft
MySpaceBar
MySpyProtector
MyToolBar
MyTotalSearchBar
MyWay.MyBar
MyWay.MySearch
MyWay.MyWebSearch
MyWebOperator
MyWebSearch
MZS.Module32
MZS.Spoolserver32
N6MO
Nat
Naupoint
NavBHO
NavExcel Websearch
NavFailure
NCast
NeedEdware
Neospace-Internet-Security
NeoToolbar
Net900
NetBUIE
Netbus
NetBus
NetCom GmbH
Netguarder Web Cleaner
Nethacker
NetRatings.Premeter
Netscape Messenger
Netscape Navigator
Net-server
NetShadow
NetShagg
NetSky.Q
NetSky.R
Netsky.Z
NetSpy
Netster
Netsys
NetTechnology.Inc
NetTechnology.Inc
NetUser32
Netvision
Network Essentials
Network Essentials.Hopper
Network Essentials.ScBar
Network Essentials.Search-Exe
Network Essentials.Search-Exe
Network Essentials.Search-Exe
Network Essentials.SmartpopOops
Network Essentials.SmartPops
Network Essentials.SmartPops
Network Essentials.WindowEnhancer
Network Monitor
NetzAny
Netzwelt_Plus
New Media
Newdial
Newdial.ital
NewDotNet
Newspopupper
NewsUpdate
NewtonKnows
NewWeb
NGC PC & Internet Monitor
NiceSpy
NicTechNetworks.Zestyfind
Nikon View
Nikon View Editor 3.0
NNC.MGRS
NoAdware
Nod32Crack
Nokia Phone Hack
Norinco
NotifyPhoneBook
Nous-Tech.SecurityCenter
Nous-Tech.UCleaner
Nous-Tech.UCleaner
Nous-Tech.UDefender
Nous-Tech.UDefender
Nous-Tech.UFixer
Nous-Tech.Ultimate-Fake-Security-Center
Nous-Tech.Ultimate-Fake-Security-Center
NOVEMBO
NowBox
NPOX90
nPrank
NSIS Media Extension
Nuclear Gravity
Nuclear Hitman
NuclearBot
Nuclearwinter
NudesAnal
Nugache.A@mm
NumbSoft
Nurech
Nurech.A
Nurech.BG
Nurech.D
Nurech.TServer
NV-Dialer
NWS-Search
Oasys Columbus
OffshoreClicks
Omega II
Omniture
One2Bill
OnePop
Onflow
OnlinePcFix.SpyFerret
OnlyVirgins.Reg32
OnWebMedia
OpaServ
Opera
Opnis.Nak
Optra
OrganicCrap.Irc
Orvell-Monitoring 2007
OSI.inc.Webbot
OTX-Media
Ourxin.A
Outbreak
Outlook Express BackUp Wizard
Outwar
Ozexexc
P2P.Duload
Pacimedia
Pacimedia.BHO
Padodo-P
Paint Shop Photo Album
Paint Shop Pro 5
Paint Shop Pro 6
Paint Shop Pro 7
Paint Shop Pro 8
Palsol
PAL-Spyware-Remover
PalTalk
Panasonic SD Viewer 1.x
Panasonic SD Viewer Preview 1.x
Papinha
PaqTool
PaqTool
ParallelTasking
PartyPoker
PartySluts
PassiveTerror
PassThisOn
Password Devil
Payload
PC Activity Monitor
PC Weasel
PCFun
PC-Health-Plan
PCMM.Rbot
PCS
PCSpyKeylogger
PCSpyKeylogger
PC-Spy-Monitor 2007
pdfFactory 2.x
PDF-Rechnung
PDialerWeb
Peflog.RP
Peflog.RP
PeopleOnPage
PeopleOnPage.ContextPlus
PeopleOnPage.Envolo
Peper
Perfect Keylogger
Perfect Keylogger
Perfect Keylogger
Performance Optimizer
Perlink
Pestbot
PestCapture
Pestdoor
PestTrap
PestTrap
PestTrap
PestWiper
Phantom2
PhoA Photo Album
Phoenix
PhonCom
Phonerdial
Phynix
Pigeon.1604
Pimasoft.Spy Sniper
Pinfi.Parite
Pinloader
Pinnacle PCTV Vision
Pinnacle Studio 8
Pipas.A
Piratos
PlanColumbia
PlayPartyPocker
Plog 1.1
PlugInAccessPorn
Poebot.FakeWindowsLogon
Poikosoft Easy CD-DA Extractor 5.x
Poison.Ivy
Poly-HTMLFilter
Popmonster
Popup Ad Filter
PopUp Notes
Popupper
Popuppers Advertising
Porn Hijacker
PornPasswordGenerator
PornTracker
Pornwatch
PornWebTV
Possible extension hijack
Possible hijacker
PowerArchiver
PowerBullet
Powered Keylogger
PowerSearch
PowerStrip
PPCHook
PPremiumInternacional
PremiumConnectLoad
PremiumHTML
PremiumSearch
PrimeSoft.SafeSearch
PrinceAli
Priscopo
Prisparky
Privatecams.ws
PrivateNet
PrizeSurfer.RSync
Pro Group
ProAgent 1.21
Probot
Process Guard Killer 2
ProcKill-BX
ProjectCom
Prolivation
PromulGate
Prorat
Prorat-D
ProWeb
Proxy.Ranky
Proxy-Gric
PSCastor
PSGuard
PSGuard.msmsgs
PSLister
PSW.AlLight
PSW.Dob.b
PSW.Lineage
PSW.Lineage.TW
PSW.LMir.ou
PSW.WOW
Psyme
Pup
PurityScan
PurityScan
PurityScan.ej
PurityScan.Q
PurityScan.WRandom
PWS.LDPinch
PWS.LDPinchIE
PWS.PDPinch
PWS.Qqgame
PWS.Small.bs
PWS.WOW
PWS-Banker.C
PWSteal
PwSteal.BStroj
PWSteal.FTPCenter
QDown
QDown
QHosts
Qksrv
Qmniquad.Desktop Surveillance
qqHacker.IE-Bar
QQ-Pass
QQRob
Quick Zip
QuickBrowser
QuickKeylogger
QuickNavigate
QuickPage.SwitchDialer
QuizDialer
Rabio.SearchEnhancer
Radar 1.0
Radiate
RadLight Media Player
Rana
RapidBlaster
RapidBlaster.LiveGirls
RarVelon
RasDialer
RatedXXX
Razespyware
Raznew-A
R-Bot
R-Bot
Rbot.Eetu
RBot.IRC
Rbot-VN
Real Jukebox 1.0
RealDialer
RealDownloadExpress
RealMoney
RealOne Player 2 (aka RealPlayer 6.0)
Realplay.Keylogger
RealPopup
Realsearch.Forte
RealSpyMonitor
Redbind
Redlabel
RedLight
RED-Server
RedSheriff
RedSwoosh
RedV
RegAlyzer
RegAlyzer
RegFreeze
RegiFast
RegistryOptimizer
Registy Cleaner 32
RegSweep
Related-Search-Defender
RemedyAntiSpy
Remote Removal Tool
Remover.Trojan
Repair Registry Pro
Retrieve
Revage
RevealerKeylogger
Revenue.net
Rightclick.Pcast
RingRing
Roar
RocketSearch
Roings
Ronoper
RooGoo
Rootkit.Dayoff.Process
Rootkit.hearse
Rossvoll.wsa
Rotarran
Rotue
RouterLayer.TDL
Roxio WinOnCD
RSE721
RSE-Karaoke
RSLocal
RS-Local-A
RSTDatentechnik.PrivatF
Rukap.DN
RVP
Rvss.A
RX-Editor
S.P-Bot.B
SafeguardProtect.Veevo
SafeNet
SaferSurfing
Safe-Sales.biz.WMF
SafetyBar
SafetyDefender
Sallity.Badcro
Sallity.Badcro
Salus
SARS
SaveKeys
SC KeyLog Pro
Scan Spyware
ScanAndRepairUtilities2006
ScanSpyware
SCC.Viewer.Technology
SCData
Scheo.com
SC-KeyLog
SCKeylogger
SCKeylogger
SCom Dialers
Scorpion.SVCHost
Screen Logger
SDBot.SideBySide
SDBot.WMF Exploit
SDBot-BZ
Sdbot-CP
Sdbot-HB
SDWin32.Websearch24
Search.AnyOfUs
Search2Find
Search2Find
Search4All
SearchAccurate
SearchALot
SearchAndBrowse
SearchAndClick
SearchBy
SearchCentrix
SearchClickAds
Search-Daily
Searchdom.Wininit
SearchDotCom
SearchEnhancer
SearchEssistantBar
SearchEx
Search-Explorer
SearchFast
SearchForge
SearchForit
SearchForIt
Search-For-You
Searchingall
SearchIt
SearchLocate/SideBar
SearchMiracle
SearchNet
SearchNineX
SearchOMatic
SearchSpy
SearchSquire
Search-System
SearchToolbarCorp.ToolbarVision
SearchV.WinShow
SearchWWW.IEToolbar
SearchXL
SecCenter
SecondPower
SecondPower
SecondThought.STCLoader
Secret-Crush
SecureServicePack.BadBHO
Security IGuards
Security IGuards
SeekSeek
Seksdialer
SennaSpyTools
Sentry
Sera
Serial Thief
Serif PhotoPlus 5.5
Service68
ServicesTrojan
ServU.Boo.ce
ServU.H
SexArena
SexBeastsDoItOnline
SexList
SexList
Sexo Interactivo
SexOcean
SexTracker
SexTV
Sexy
SexyCam
SexyGo
Sexy-Vicky
SFondi
Sfonditalia
Sgrunt
ShareDocs
ShopAtHome
ShopAtHome
ShopAtHome
ShopNav
Shorty-BHO
Showbar
ShowBehind
ShowMyBar
SideStep
Silent Guard
Silent Watch
SilentCaller.pw
SilentSpy
Silk Rope 2000
Simpatic.Otherchance
Simplenter
Sinit-C
SintCorporation
Slimshield
Slogger
Small X
Small.AID
Small.cxl
Small-Add
Small-FO
Small-PB
SmartFTP
Smart-Hack Security Group
SmartKeystrokeRecorder
SmartMorph
SmartSecurity
SmartShopper
SmileyWorld
Smitfraud-C.
Smitfraud-C.
Smitfraud-C.
Smitfraud-C.AntiFirewall
Smitfraud-C.CoreService
Smitfraud-C.Deskbar
Smitfraud-C.EbayBill
Smitfraud-C.FakeAlert
Smitfraud-C.FakeProxyUpdate
Smitfraud-C.Keylogger
Smitfraud-C.KooWo
Smitfraud-C.KooWo
Smitfraud-C.MailBot
Smitfraud-C.MSVPS
Smitfraud-C.SpamThru
Smitfraud-C.Toolbar
SMSBomber
SMSDialer
SnapFiles-SoftForYouLogger
SndMix
SnIco Edit 1.x
Sobig
Sobit.C
Softomate.DeskbarAlert
SoftPerfect Network Scanner
Sogou
Some-Standards.com
Sonique
Sox.Autoupdater
Spabot
Spambot.bxz
SpamRelayer.DiskServ
Special Offers Network
SpeedDelivery
SpeedPhrase
Spex
Spionfrei
Spionfrei
SplashSpot
SpruceUp
Spy.Vb.Qg
SpyAgent
SpyAgent
SpyAnalyst
SpyAnywhere
SpyArsenal.AIM Logger
SpyArsenal.Family Keylogger
SpyArsenal.Family Keylogger
SpyArsenal.Homelogger
SpyArsenal.ICQ Logger
SpyArsenal.IRC Logger
SpyArsenal.Personal Desktop Spy
SpyArsenal.Print Monitor Pro
SpyArsenal.Watcher
SpyArsenal.Yahoo Logger
SpyAxe
SpyBan
SpyBanker
SpyBanker
SpyBlast
SpyBlocs
SpyBlocs
SpyCapture
SpyContra
SpyContra
SpyCQ
SpyCrush
SpyCut
SpyDawn
SpyDefence
SpyDefender
SpyDestroy-Pro
SpyFalcon
SpyFalcon.FakeAlert
SpyFighter
SpyGuard
SpyHeal
SpyHunter
SpyHunter popups
SpyiBlock
SpyiBlock
SpyLocked
SpyLocked.FakeAlert
SpyMarshal
SpyMyPC-Pro
SpyOfficer
SpyOnThis
SpyPC
SpyQuake2
SpySheriff
SpySheriff
SpySheriff.Ticker
SpyShield
SpyShredder
SpySoap
SpySpotter
Spytector
SpyTrooper
SpyVampire
Spyware Cleaner
Spyware Disinfector
Spywareblock
SpywareBomber
SpywareBOT
SpywareDetector
SpywareGuardPlus
SpywareKnight
SpywareNo
SpywareNo
SpywareNuker
SpywareQuake
SpywareQuake.FakeAlert
SpywareScraper
Spyware-Secure
SpywareSheriff
SpywareSheriff.FakeAlert
SpywareSheriff.FakeAlert
SpywareSoftStop
SpywareSoftStop
SpywareStop
SpywareStormer
SpywareStrike
SpywareWizard
SpywareXP
Srv.RegScan.quk
S-SY
ST Impactus
StarLux
StarnetItalia
StartPage.IG.
StartPage.NK
Startpage-AP
StartPage-EH
StartPage-N
StartSurfing
Starware
StarWare
Statblaster.All files7
Statblaster.Fixit
Statblaster.Installer
Statblaster.MemoryWatcher.b
Statblaster.tracker7
StatCounter
Stealth Keylogger
Stealth Web Page Recorder
StealthWebsiteLogger
Stickypops.com
STR.WMF
Stration
Stration.C
Stration.ICQ
Stud.A
Stukach
SubSearch
SubSeven
Subseven215
Suelz
Suggestor
Sumom.A
SunInfoConnect
SunStarCasino.Kasinos
Super prive
Superlogy.com
Supernova
Supernova
SuperSexPass
SuperSpider
Supsav.Smss32
SurfAccuracy
SurfEnhance
SurferBar
Surfing Spy
SurfPlus
SurfSideKick
SurfSpy
Sutki.SvcHost
SuzukiTech.AffiliateCheater
SVerner.Search
SWAgent
SwimSuitNetwork
SwissPornHijack
Switp
Swizzor
Swizzor
SyperCrypt.Overwriter
Sys009
Syscopy.Mailserver
Sysms
SysOfferMgr
SysProtect
SysRegistry.RegistryCleaner
System1060
SystemDoctor2006
SystemStable
SystemVxD
SysTime
Sysweb Telecom
TagASaurus
Talex.FTP.RegScan
Tango
Tango
Tango
Tango
TangoDialer
TargetMarketingAgency
TargetNet
Targetsaver
TargetSearch
Tasker
TC Dialer
TCP Port Redirector
Team Orion
TeamTaylor.Screensaver
Tech-Productions
Teenshowering
Teenslook
TeenXXX
Tekno4
Teknum Updater
Tele Team Work Aps
Tele Team Work Aps
Teleflate
TelekomBill.Fake
Teleport Pro
Tencent
Tequila Bandita 1.2
Tequila Bandita 1.3
Terminexor
Teslaplus.com
Teslaplus.com
TextBridge 98
TextPad 4
The Sentry Server
Theef
Theef-B
TheGuardian
TheMeui
Theta-Server
ThinkingMediaLP
Tibiabot.crk
Tibiabot.pk
TIBS
Tibs.ao
TIBS.CoolSearcherNet.MSystem
Tibs.id
Tibs.vq
Tims-Keylogger
Tintel
Tiny
TinyBar.A
TinyBar.C
TinyBar.Generic
Tisemabana
TitanShield
TLIEFlash
TM.BestOffers
TM.BTGrab
TM.ZServ
TNS-Search
ToolbarCC
Toolster.MSCheck
Topconverting
TOPicks
TopMoxie
TopSearcher
TopSearcher
Torpig
Torpig.gb
Total Uninstall
TotalVelocity zSearch
TotalVelocity.MemoryMeter
TotalVelocity.SpeedBlaster
TotemShared Updater
Tradedoubler
Trek Blue Error Nuker
TreloScript.HackTools
Trickle.Gator
TripleSexoes
Troj.Fakealert
Troj.PrintSpool
Troj.RPCS
Troj.SVC
Trojan.Dloader-NC
Trojan.Proxy.Agent
Trojan-AdMin
TrojanDownloader.Small.fo
TrojanDownloader-Agent
Trojan-Guarder
True Sword
TrustCleaner
TSCash
TS-Server
TTW
TurboDownload
TV Media
Tvdpay.Hupigon.CJ
TwainTech
TwistedHumor
TX4.BrowserAd
Typereg32.IE-Bar
UCmore
UCSearch.ArmBender
Udis
UHA
Ulead Export Web Album
Ulead Export Web Slide Show
Ulead Gif Animator 5.05
Ulead PhotoImpact
Ulead PhotoImpact 5.0
Ulead PhotoImpact 8.0
Ulead VideoStudio 5.0
UnderageHost
Unisearch
Univers.Dialer
Universal Boards.Plugin
Universal Notifier
UniversalDial
UnoSearch
UnSpyPc
UpToFind.RelatedSearch
URL_Spy
URLSearchHook.Atlpz
UseKill
UserSoftDotExe
UtileProtection
UVU-Channel
UyelikVideoDialer
VacPro
VacPro
Vallen JPegger
ValueAd
ValueClick
vanBasco's Karaoke Player
Vanbot
Vanbot
Vario.AntiVirus
Vario.AntiVirus
Vario.RougeAntiSpy
Vaster
Vcodec
Vcodec
Vcodec.5StarVideos
Vcodec.eMedia
Vcodec.Intcodec
Vcodec.Intcodec
Video2Photo
VideoCodec
VideoX
Virii Argentina
Virtual Bouncer
Virtual Dub
Virtual Girl
Virtual Grub
VirtualMaid
Virtumonde
Virtumonde
Virtumonde.generic
Virtumonde.rtk
Virtumonde.rtk
VirtuMonde.WindowsUpd
Virtumonde.WinPop
VirusBlast
VirusBurst
VirusBurst
VirusLocker
VirusProtectPro
VirusProtectPro
VirusRanger
VirusRescue
VisiCom.SearchCentric
VistaActivation.Trojan
VisualShock.Keyloger
Vitas RegSnap 3.x
VividGalut
VIX-Tools
VLoading
VMS-Server
VNC
Vorpal
VS-Dial
Vundo.Bankfraud
VX2.a
VX2.ABetterInternet
VX2.b.BDS
VX2.c
VX2.d.TPS108
VX2.e.Favoriteman
VX2.e.Favoriteman.NewFav
VX2.e.Favoriteman.SpyAssault
VX2.f
VX2.f.InfWin
VX2.f.MSView
VX2.g.SiteHlpr
VX2.h.ABetterInternet
VX2.LocalNRD
VX2.NetPal
VX2.x
W3adv
Wabgcom
War3z
WareOut
Warezov
WarezP2P
WarezP2P.cck
Warsow
Wazam
WB.Hider
Weatherstudio.Toolbar
Web CPR-TopMoxie
Web3000
WebAssist.MyFreeInternetUpdate
WebBuyingAssistant
WebBuyingAssistant
WebDesk
WebDialer
WebDraw
WebEntrance
WebExplorer
WebFerret
webHancer
WebInstall
WebInstall
WebLookup
Web-Nexus
WebPlus 1.0
WebQuick
WebReaper
WebRebates.TopRebates
WebResponseAttachments
WebSearch.J
WebSpyShield
WebSX
WebTrends live
Webus.D
WebZIP
WebZIP 6
WhazIt
WhenU.ClockSync
WhenU.DAEMONTools.SearchBar
WhenU.Search
WhenU.Search.BrowserToolBar
WhenU.Search.Desktoptoolbar
WhenU.WeatherCast
WHV-Dialer
WideStep
Wild Media
Wild Media
WildTangent
Win23.PE
Win32.ActiveKeyLogger
Win32.Adload.ep
Win32.Adload.fu
Win32.Adload.gw
Win32.AdvertMen
Win32.Agent.aaf
Win32.Agent.aah
Win32.Agent.aaw
Win32.Agent.ac
Win32.Agent.acf
Win32.Agent.acr
Win32.Agent.acy
Win32.Agent.Acz
Win32.Agent.ady
Win32.Agent.aeu
Win32.Agent.AEW
Win32.Agent.afgm
Win32.Agent.afy
Win32.Agent.ag
Win32.Agent.aga
Win32.Agent.AGF
Win32.Agent.ahd
Win32.Agent.ahk
Win32.Agent.air
Win32.Agent.aix
Win32.Agent.amr
Win32.Agent.API_XP
Win32.Agent.APN
Win32.Agent.aqf
Win32.Agent.ar
Win32.Agent.arc
Win32.Agent.arr
Win32.Agent.At
Win32.Agent.AVK
Win32.Agent.avq
Win32.Agent.AVS
Win32.Agent.AWM
Win32.Agent.azk
Win32.Agent.b
Win32.Agent.baf
Win32.Agent.bbb
Win32.Agent.bca
Win32.Agent.bcn
Win32.Agent.bgy
Win32.Agent.bid
Win32.Agent.BN
Win32.Agent.bnx
Win32.Agent.brf
Win32.Agent.brf
Win32.Agent.brk
Win32.Agent.brk.rtk
Win32.Agent.brs
Win32.Agent.byh
Win32.Agent.byh
Win32.Agent.ci
Win32.Agent.cnp
Win32.Agent.dsp
Win32.Agent.ECD
Win32.Agent.h
Win32.Agent.hjo
Win32.Agent.hl
Win32.Agent.I
Win32.Agent.ig
Win32.Agent.io
Win32.Agent.jb
Win32.Agent.jb
Win32.Agent.mn
Win32.Agent.msgr
Win32.Agent.mu
Win32.Agent.pb
Win32.Agent.pj
Win32.Agent.pz
Win32.Agent.qt
Win32.Agent.rk
Win32.Agent.se
Win32.Agent.uj
Win32.Agent.VB.aoh
Win32.Agent.xi
Win32.Agent.xv
Win32.Agent.y
Win32.Agent.yr
Win32.Agent.Zz
Win32.Agent-gen.cws
Win32.Ager.D
Win32.Atmamds
Win32.Autoit
Win32.Avkiller
Win32.BabyDel
Win32.Bagle.A
Win32.Bagle.AV
Win32.Bagle.B
Win32.Bagle.C
Win32.Bagle.E
Win32.Bagle.F
Win32.Bagle.G
Win32.Bagle.H
Win32.Bagle.hl
Win32.Bagle.I
Win32.Bagle.J
Win32.Bagle.N
Win32.Bagle.WS
Win32.Bagle.Z
Win32.Banbra.fu
Win32.Banbra.gi
Win32.Bancos.aam
Win32.Bancos.zm
Win32.Bancos.zm
Win32.Bancos.zm
Win32.Banker
Win32.Banker.aipy.rtk
Win32.Banker.anv
Win32.Banker.fn
Win32.Banload
Win32.Banload.bfo
Win32.BHO.ag
Win32.BHO.df
Win32.BHO.gen
Win32.Bifrose.aci
Win32.Bifrose.kt
Win32.Bifrose.LA
Win32.Bobic.n
Win32.Bomka.r
Win32.Brabot.g
Win32.Busky.AZ
Win32.Bzub.e
Win32.CDN
Win32.Clicker
Win32.ConHook.ah
Win32.ConHook.ah
Win32.Dadobra.kd
Win32.Dadobra.ke
Win32.Dadobra.ky
Win32.Darker.Worm
Win32.Delf
Win32.Delf.acc
Win32.Delf.acj
Win32.Delf.acv
Win32.Delf.ado
Win32.Delf.aeo
Win32.Delf.afv
Win32.Delf.ago
Win32.Delf.ais
Win32.Delf.amb
Win32.Delf.amh
Win32.Delf.aml
Win32.Delf.apv
Win32.Delf.awi
Win32.Delf.ayr
Win32.Delf.C
Win32.Delf.cc
Win32.Delf.ck
Win32.Delf.dtm
Win32.Delf.eq
Win32.Delf.JKH
Win32.Delf.KD
Win32.Delf.nz
Win32.Delf.QP
Win32.Delf.uc
Win32.Delf.vw
Win32.Delf.ww
Win32.Delf.zq
Win32.Delf.zw
Win32.Dialer.jw
Win32.Dldr
Win32.Dluca.CC
Win32.DNSChanger
Win32.Downloader.Small.dib
Win32.Downloader.Wzip32
Win32.EST.avg
Win32.Ezula.cc
Win32.FakeClient
Win32.Feebs
Win32.FlashyBot
Win32.Gadu
Win32.HacDef
Win32.HLLW.Xolox
Win32.Horst.o
Win32.Hupigon.Bx
Win32.Hupigon.C
Win32.Hupigon.edt
Win32.Hupigon.FB
Win32.Hupigon.I
Win32.Hupigon.mc
Win32.Hupigon.pv
Win32.Hupigon.qcj
Win32.Hwbot
Win32.IceSword
Win32.Igloo
Win32.Inject.bw
Win32.IRCBot.tk
Win32.IRCBot.yh
Win32.Iroffer.af
Win32.Iroffer.b
Win32.Joel
Win32.Joiner.d
Win32.Kapucen.b
Win32.Kardphisher
Win32.KeyLogger.fl
Win32.Keymake
Win32.KillAV
Win32.KillAV.hd
Win32.Kipnot
Win32.Kpager
Win32.Krepper
Win32.Kwbot
Win32.Kwod.a
Win32.Lager.aq
Win32.LdPinch.bia
Win32.Limar
Win32.LinkBot
Win32.LinkOptimizer
Win32.Lmir.atp
Win32.LoadAdv.h
Win32.LowZones
Win32.LowZones.DG
Win32.Magania.rs
Win32.Maran.db
Win32.Mediket.cz
Win32.Microjoin
Win32.MicroJoiner
Win32.MMD
Win32.Moodown.B
Win32.MSHell
Win32.Murlo.du
Win32.Murlo.ff.rtk
Win32.Murlo.ff.rtk
Win32.Net Daemon
Win32.Nilage.abh
Win32.NLC
Win32.Nurvel.a
Win32.Obfuscated.en
Win32.Obfuscated.gs
Win32.OnLineGames
Win32.OnLineGames.bkz
Win32.OnLineGames.dz
Win32.OnLineGames.na
Win32.OnLineGames.NCU
Win32.OpaServ.E
Win32.Optix.b
Win32.Optix.C
Win32.OptixPager.se
Win32.Pakes
Win32.PdPinch.ce
Win32.Peed
Win32.Poison.k
Win32.Poison.k
Win32.Poison.l
Win32.PoisonIvy.j
Win32.ProAgent.21
Win32.PSW.Game
Win32.Qoologic
Win32.QQHelper.j
Win32.QQRob.eo
Win32.RAdmin
Win32.RAdmin.Zenworks
Win32.Ranky.gn
Win32.Rbot
Win32.Rbot.aeu
Win32.Rbot.bms
Win32.Rbot.gen
Win32.Rbot.gen
Win32.Renos
Win32.Renos
Win32.Renos.dk
Win32.SdBot.aad
Win32.SdBot.aad
Win32.SdBot.aea
Win32.SdBot.aij
Win32.SdBot.alz
Win32.SdBot.auv
Win32.SdBot.azc
Win32.SdBot.bfl
Win32.SdBot.bkx
Win32.SdBot.crt
Win32.SdBot.FirewallControls
Win32.SdBot.ye
Win32.SdBot.yx
Win32.ServU
Win32.Silent.ce
Win32.Small.act
Win32.Small.afk
Win32.Small.ah
Win32.Small.ama
Win32.Small.amd
Win32.Small.aoi
Win32.Small.AOQ
Win32.Small.aqy
Win32.Small.asf
Win32.Small.ay
Win32.Small.azl
Win32.Small.BKF
Win32.Small.bwx
Win32.Small.cfo
Win32.Small.cgc
Win32.Small.cjy
Win32.Small.cnd
Win32.Small.cyh
Win32.Small.cyn
Win32.Small.czl
Win32.Small.ddx
Win32.Small.doh
Win32.Small.doi
Win32.Small.dp
Win32.Small.dqt
Win32.Small.Dqz
Win32.Small.dsf
Win32.Small.dsg
Win32.Small.edd
Win32.Small.ege
Win32.Small.em
Win32.Small.fb
Win32.Small.hi
Win32.Small.is
Win32.Small.jm
Win32.Small.js
Win32.Small.kj
Win32.Small.kj
Win32.Small.kj
Win32.Small.kw
Win32.Small.lr
Win32.Small.ls
Win32.Small.ml
Win32.Small.na
Win32.Small.Of
Win32.Small.r
Win32.Small.rc
Win32.Small.v
Win32.Small-2854
Win32.Sober
Win32.Sober.A
Win32.Sober.Bka
Win32.SpyBuddy.c
Win32.Starter
Win32.StartPage.ama
Win32.StartPage.arf
Win32.Steph-A
Win32.Svhost32
Win32.Swizzor.DD
Win32.Tactslay
Win32.Theug-A
Win32.Tiny.AC
Win32.TrafficSol.c
Win32.VanBot.ax
Win32.VB
Win32.VB.ahq
Win32.VB.atz
Win32.VB.aua
Win32.VB.aya
Win32.VB.dm
Win32.vb.gj
Win32.VB.ke
Win32.VB.lh
Win32.VB.Nu
Win32.VB.oz
Win32.VB.po
Win32.VB.un
Win32.VB.vg
Win32.VB.xj
Win32.VB.zf
Win32.VBStat
Win32.Viking.Boom
Win32.Viking.j
Win32.Viking.le
Win32.Viking.V
Win32.Virtualizer
Win32.Virtualizer
Win32.Virtumonde.ha
Win32.Vixup.b
Win32.VLAuto
Win32.Vldial
Win32.Warezov.fb
Win32.Winspg.a
Win32.Wow.pq
Win32.Wsgame
Win32.ZenoSearch
Win32.Zhelatin.ah
Win32.Zhelatin.k
Win32.ZMist
WinAd
WinAntiVirusPro2006
WinBasic32
WinBot.IRC
WinCity
WinClean
Wincontrol
Wind Updates
Windows
Windows AdTools
Windows AdTools.Solutions
Windows Explorer
Windows Keylogger 5.0
Windows Media SDK
Windows Network
Windows Setup
Windows Spy
Windows.OpenWith
WindowsIE
Windowssearch
WinDVD Creator 2.0
WinEssential.Jraun.Kanhaiya
WinFixer
WinFixer2005
WinGet
WinGuardian
Winhound
WinIogon.Keylogger
Winpup
Winpup
WinRAR
WinRecon
WinREG.LowZones
Winsecure
Winser
Winsession Logger
WinSmurf
Winsoftware.Common
Winsoftware.WinAntiSpyware2005
Winsoftware.WinAntiSpyware2006
Winsoftware.WinAntiVirus2005pro
Winsoftware.WinAntiVirusPro2006
Winsoftware.WinAntiVirusPro2007
Winsoftware.WinFixer2006
WinsoX
Win-Spy
WinSpy.SpySoftWareX
Wintrim
Winvestigator
Winvxd
WinXPServicePackCrack
WinZip
Winzix
Wishbone
WMF Exploit
WMF Exploit.NewYear2006
Wonderplus
WonWebLauncherControl
Wootbot.gen
WorldAntiSpy
WorldContent
Worldsecurityonline.FakeAlert
WorldToStartBV.AdTech2005
WORM_RBOT.BI
Wotch
Wow Access
WPA_Reset5
WSearch
Wsys
WurldMedia
WWPack32Dialer
Xabot
Xara Webstyle 3.x
X-Con-Spyware-Destroyer
X-Diver
Xenter.Dial
Xer0x
Xgenius
XMPlay
XnView
Xoology Coda
Xorpix.a
Xpehbam
XP-Logon-Password Logger
XPreload
XRVDialer
xshanghai.com
X-Spyware
XtraKeys WinKey Logger
Xupiter
Xupiter.BrowserWise
Xupiter.OrbitExplorer
Xupiter.Sqwire
Xupiter.Sqwire
Xuron55
XXSWare Inc.
XXX_Adult
XXXDial
XXXDownloader
XXXDownloader
XXXTeenPornPack
XXXToolbar.com
Yahoo
Yahoo.YiSouBar
Yazzle
Yazzle
YazzleSnowball_Wars
YazzleSudoku
YellowPages
YopsBot
YourSoft-AntiVS
YourSoft-AntiVT
Zango
Zango
Zango.AntiSpamBar
Zango.Seekmo
Zango.WeatherDPA
Zango.WindUpdates
Zango.WindUpdates
ZapSpot
Z-Demon
Zedo
Zelda
ZenoSearch
ZenoSearch.Q
Zinblog
ZipClix
ZipGenius 1.4
ZipGenius 5
Zippy
ZKeyLog
Zlob.AdultAccess
Zlob.AdultAccess
Zlob.AudioCat
Zlob.BigDown
Zlob.BrainCodec
Zlob.BrainCodec
Zlob.Cap.DX
Zlob.Command Service
Zlob.DigiPassword
Zlob.DigiPassword
Zlob.DirectVideo
Zlob.DirectVideo
Zlob.DNSChanger
Zlob.DNSChanger
Zlob.DNSChanger.Rtk
Zlob.Downloader
Zlob.Downloader
Zlob.Downloader.eot
Zlob.Downloader.ixt
Zlob.Downloader.ned
Zlob.Downloader.odn
Zlob.Downloader.oid
Zlob.Downloader.omd
Zlob.Downloader.sdt
Zlob.Downloader.vcd
Zlob.Downloader.vdt
Zlob.DVBX11_Bat
Zlob.EliteCodec
Zlob.EliteCodec
Zlob.Foro
Zlob.FreeVideo.DVDCodec
Zlob.FreeVideo.DVDCodec
Zlob.GoldCodec
Zlob.GoldCodec
Zlob.HomepageMonitor
Zlob.HostsKill
Zlob.HQCodec
Zlob.HQCodec
Zlob.HQvideo
Zlob.HQvideo
Zlob.iCodec
Zlob.iCodecPack
Zlob.iCodecPack
Zlob.IERedir
Zlob.ImageActiveXAccess
Zlob.ImageActiveXAccess
Zlob.ImageActiveXObject
Zlob.ImageActiveXObject
Zlob.ImageAXObject
Zlob.ImageAXObject
Zlob.iMediaCodec
Zlob.iMediaCodec
Zlob.Inverse
Zlob.IVideoCodec
Zlob.IVideoCodec
Zlob.JPEG-Encoder
Zlob.JPEG-Encoder
Zlob.KeyCodec
Zlob.KeyCodec
Zlob.KeyGenerator
Zlob.KeyGenerator
Zlob.Mediacodec
Zlob.Mediacodec
Zlob.MMediaCodec
Zlob.MMediaCodec
Zlob.MN
Zlob.MovieBox
Zlob.MovieBox
Zlob.MovieCommander
Zlob.MovieCommander
Zlob.MPVideoCodec
Zlob.MPVideoCodec
Zlob.MSSearch
Zlob.MyPassGenerator
Zlob.MyPassGenerator
Zlob.NewMediaCodec
Zlob.NewMediaCodec
Zlob.PerfectCodec
Zlob.PerfectCodec
Zlob.PornMagPass
Zlob.PornMagPass
Zlob.PornPassManager
Zlob.PornPassManager
Zlob.PowerCodec
Zlob.PowerCodec
Zlob.PPlayer
Zlob.PrivateVideo
Zlob.PrivateVideo
Zlob.QualityCodec
Zlob.QualityCodec
Zlob.SecurityTools
Zlob.SilverCodec
Zlob.SilverCodec
Zlob.SiteEntry
Zlob.SiteEntry
Zlob.SiteTicket
Zlob.SiteTicket
Zlob.SoftCodec
Zlob.SoftCodec
Zlob.strCodec
Zlob.strCodec
Zlob.SuperCodec
Zlob.SuperCodec
Zlob.TrueCodec
Zlob.TrueCodec
Zlob.VAXCodec
Zlob.VAXCodec
Zlob.Vcodec
Zlob.Vcodec
Zlob.VidCodec
Zlob.VidCodec
Zlob.VideoAccess
Zlob.VideoAccess
Zlob.VideoAccessActiveXObject
Zlob.VideoAccessActiveXObject
Zlob.VideoActiveXAccess
Zlob.VideoActiveXAccess
Zlob.VideoActiveXObject
Zlob.VideoActiveXObject
Zlob.VideoAXObject
Zlob.VideoAXObject
Zlob.VideoBox
Zlob.VideoBox
Zlob.VideoCodec2007
Zlob.VideoCodec2007
Zlob.VideoCompressionCodec
Zlob.VideoCompressionCodec
Zlob.VideoKeyCodec
Zlob.VideoKeyCodec
Zlob.VideoPlugin
Zlob.VideoPlugin
Zlob.Wave
Zlob.WinMediaCodec
Zlob.WinMediaCodec
Zlob.XpassGenerator
Zlob.XpassGenerator
Zlob.XPasswordManager
Zlob.XPasswordManager
Zlob.XXXAccess
Zlob.XXXPlugin
Zlob.ZCodec
Zlob.ZCodec
Zlob.ZipCodec
Zlob.ZipCodec
Zlock.uc
Zlock.uc
Zonemap.Domains
Zoo
Zoom Player
ZQest.K8L
ZQest.K8L
Z-Quest
Zwax
ZycnosSpace



HIJACKTHIS log!


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:46:03 PM, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CronoSoft\Quick Hide Windows\qhw.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\admin22\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis_v2.zip\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CANON DR2080C SVC] rundll32.exe DR2KSVC.dll,EntryPointUserMessage
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Quick Hide Windows] C:\Program Files\CronoSoft\Quick Hide Windows\qhw.exe -s
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

--
End of file - 8049 bytes


Thanks all, something is also using about 5 meg + Of my connection PER SECOND SO REALLY NEED HELP!

Thanks, =)

If I left anything out tell me and i'll get back to you

Msn : LotsofmanxATHotmail.com

Or i'll see here

CHEERS!

Natwak

BUMP

Its not using HEAPS OF MEG per SECOND NEED HELP!!

MoralTerror

Hi Natwak and welcome to TSF

Sorry for the delay in getting to you, the forum has been really busy lately and all our helpers are volunteers. The forum however does need donations to keep operating so if you wish you can send the $10 you offered to that.

http://www.techsupportforum.com/donate.php

Also we do not provide support via email or private message. Please subscribe to this thread (Thread tools > subscribe) to receive notification of any replies.

-------------------------

Where did you get that list from?

-------------------------

I notice that you have more than one anti-virus programs on your machine (McAfee & Avast). That's not a good idea!!

This messes up the machine pretty badly. Alike firewalls, anti-virus programs have conflicts co-existing with each other & may produce undesirable results. Please uninstall ALL leaving only one of them.

ALL the antivirus programs must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:

re-install the program -> reboot -> uninstall

## Do NOT proceed with the rest of the fix until you have resolved the dual antivirus programs ##

-------------------------

HijackThis V2 is no longer BETA. Please uninstall/delete HijackThis then download the latest version from >here<. Double-click on HJTInstall.exe to install, It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Once installed exit from HijackThis without scanning.

-------------------------

1. Download combofix to your desktop

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-------------------------

Download Deckard's System Scanner to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, 2 text files will open - main.txt and extra.txt
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt back in this thread (do not attach it).
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

-------------------------
Required Logs

C:\combofix.txt
main.txt
extra.txt (attached)

Natwak

List was from Spybot SD..
My problem is , When accessing my computer my internet connection is used ALOT so Is there a way I can do it without going on the net.. At the moment im on my brothers computer =)

Any advice/Links on what Anti-Virus to get?

Nathan

Any advice as to why my internet connection would be being used, like huge amounts .. 5-90 MegaBytes a second or so.

Natwak

eckard's System Scanner v20071014.68
Run by user on 2007-11-25 16:55:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:11 PM, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CronoSoft\Quick Hide Windows\qhw.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Spyware Doctor\SDLoader.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\admin22\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CANON DR2080C SVC] rundll32.exe DR2KSVC.dll,EntryPointUserMessage
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Quick Hide Windows] C:\Program Files\CronoSoft\Quick Hide Windows\qhw.exe -s
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 7396 bytes

-- Files created between 2007-10-25 and 2007-11-25 -----------------------------

2007-11-25 16:52:36 0 d-------- C:\Program Files\Trend Micro
2007-11-25 16:43:10 0 dr-h----- C:\Documents and Settings\admin22\Recent
2007-11-23 1932 0 d-------- C:\Program Files\Spyware Doctor
2007-11-23 1932 0 d-------- C:\Documents and Settings\admin22\Application Data\PC Tools
2007-11-22 20:33:41 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2007-11-22 20:33:28 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-22 20:33:28 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-22 20:33:28 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-11-22 20:33:28 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-22 20:33:28 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-21 17:30:06 0 d-------- C:\Program Files\CCleaner
2007-11-21 17:27:51 0 d-------- C:\WINDOWS\pss
2007-11-21 01:52:39 0 d-------- C:\ie-spyad_zo
2007-11-21 01:39:27 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-20 18:56:00 0 d-------- C:\WINDOWS\.mpr_file_store_32
2007-11-18 14:17:51 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-18 13:48:37 0 d-------- C:\Documents and Settings\Administrator\Cookies
2007-11-18 13:48:37 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-18 13:48:37 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-18 13:48:36 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-18 13:48:36 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-18 13:48:36 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-15 19:29:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-11-15 19:28:34 0 d-------- C:\Program Files\Apple Software Update
2007-11-15 19:28:33 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-11-15 08:22:00 0 d-------- C:\Program Files\Alwil Software
2007-11-14 22:18:43 0 d-------- C:\quarantine
2007-11-14 21:34:48 0 d-------- C:\WINDOWS\BDOSCAN8
2007-11-14 20:08:05 0 d-------- C:\Program Files\Lavasoft
2007-11-14 20:08:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2007-11-14 20:07:35 6291456 --a------ C:\Documents and Settings\admin22\ntuser.dat
2007-11-14 2034 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 19:56:17 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-04 14:21:04 0 d-------- C:\Program Files\MSN Messenger
2007-11-04 08:09:08 0 d-------- C:\Documents and Settings\admin22\Application Data\teamspeak2
2007-11-04 08:08:37 0 d-------- C:\Program Files\Teamspeak2_RC2
2007-10-31 18:11:28 0 d-------- C:\Documents and Settings\admin22\Application Data\Uniblue
2007-10-31 18:11:20 0 d-------- C:\Program Files\Uniblue
2007-10-28 19:31:43 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype


-- Find3M Report ---------------------------------------------------------------

2007-11-25 16:52:27 0 d-------- C:\Program Files\Common Files
2007-11-25 16:43:53 0 d-------- C:\Program Files\Steam
2007-11-22 20:33:32 0 d-------- C:\Program Files\iMesh Applications
2007-11-22 20:31:51 0 d-------- C:\Program Files\SwiftSwitch
2007-11-15 19:29:53 0 d-------- C:\Program Files\QuickTime
2007-11-11 01:22:08 0 d-------- C:\Program Files\Covey Inc
2007-11-10 20:52:03 0 d-------- C:\Program Files\HyCam2
2007-11-03 15:09:53 0 d-------- C:\Program Files\Movie Maker
2007-10-25 19:03:48 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-24 19:31:01 0 d-------- C:\Program Files\CronoSoft
2007-10-24 19:23:47 0 d-------- C:\Program Files\Hide Window Hotkey
2007-10-24 19:19:23 0 d-------- C:\Program Files\Mgboss
2007-10-23 21:04:22 0 d-------- C:\Program Files\Windows Live Toolbar
2007-10-21 22:43:29 0 d-------- C:\Documents and Settings\admin22\Application Data\Macromedia
2007-10-14 10:51:35 0 d-------- C:\Program Files\Java
2007-10-08 23:02:33 0 d-------- C:\Documents and Settings\admin22\Application Data\Notepad++
2007-10-08 22:19:59 0 d-------- C:\Program Files\Notepad++
2007-10-01 21:49:12 0 d-------- C:\Documents and Settings\admin22\Application Data\Azureus


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 09:50 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09/03/2007 12:09 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [23/10/2006 01:48 AM]
"CANON DR2080C SVC"="DR2KSVC.dll" [28/07/2006 08:38 PM C:\WINDOWS\system32\DR2KSVC.dll]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [27/02/2003 03:12 AM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [27/02/2003 03:40 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/06/2004 07:50 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 02:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [19/10/2007 08:16 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 08:06 PM]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [02/11/2007 05:24 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 11:56 AM]
"Steam"="C:\Program Files\Steam\Steam.exe" [15/11/2007 06:32 PM]
"Quick Hide Windows"="C:\Program Files\CronoSoft\Quick Hide Windows\qhw.exe" [13/02/2007 07:37 PM]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [06/11/2007 06:31 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [3/08/2007 12:10:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 02/10/2007 05:51 PM 75064 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"




-- End of Deckard's System Scanner: finished at 2007-11-25 16:55:36 ------------








ComboFix 07-11-19.3 - user 2007-11-25 17:00:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.573 [GMT 11:00]
Running from: C:\Documents and Settings\admin22\Desktop\ComboFix(2).exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
.

2007-11-25 16:52 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-25 16:50 <DIR> d-------- C:\Deckard
2007-11-23 19:06 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-23 19:06 <DIR> d-------- C:\Documents and Settings\admin22\Application Data\PC Tools
2007-11-22 20:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2007-11-21 17:30 <DIR> d-------- C:\Program Files\CCleaner
2007-11-21 01:52 <DIR> d-------- C:\ie-spyad_zo
2007-11-21 01:39 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-20 18:56 <DIR> d-------- C:\WINDOWS\.mpr_file_store_32
2007-11-18 14:17 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-15 19:37 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-15 19:29 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-11-15 19:28 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-15 19:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-11-15 08:22 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-14 22:18 <DIR> d-------- C:\quarantine
2007-11-14 21:34 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-11-14 20:08 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-14 20:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2007-11-14 20:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 19:56 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-04 14:21 <DIR> d-------- C:\Program Files\MSN Messenger
2007-11-04 08:09 <DIR> d-------- C:\Documents and Settings\admin22\Application Data\teamspeak2
2007-11-04 08:08 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-10-31 18:11 <DIR> d-------- C:\Program Files\Uniblue
2007-10-31 18:11 <DIR> d-------- C:\Documents and Settings\admin22\Application Data\Uniblue
2007-10-28 19:31 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 05:43 --------- d-----w C:\Program Files\Steam
2007-11-22 09:33 --------- d-----w C:\Program Files\iMesh Applications
2007-11-22 09:31 --------- d-----w C:\Program Files\SwiftSwitch
2007-11-15 08:29 --------- d-----w C:\Program Files\QuickTime
2007-11-10 14:22 --------- d-----w C:\Program Files\Covey Inc
2007-11-10 09:52 --------- d-----w C:\Program Files\HyCam2
2007-11-05 17:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2007-10-25 08:03 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-24 08:31 --------- d-----w C:\Program Files\CronoSoft
2007-10-24 08:23 --------- d-----w C:\Program Files\Hide Window Hotkey
2007-10-24 08:19 --------- d-----w C:\Program Files\Mgboss
2007-10-23 10:04 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-10-17 13:16 79,688 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-17 13:16 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
2007-10-17 13:15 62,280 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-17 13:14 41,288 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-13 23:51 --------- d-----w C:\Program Files\Java
2007-10-09 11:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Live Toolbar
2007-10-08 12:02 --------- d-----w C:\Documents and Settings\admin22\Application Data\Notepad++
2007-10-08 11:19 --------- d-----w C:\Program Files\Notepad++
2007-10-02 06:52 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-10-02 06:52 21,496 ----a-w C:\WINDOWS\system32\LMIport.dll
2007-10-02 06:51 75,064 ----a-w C:\WINDOWS\system32\LMIinit.dll
2007-10-02 06:51 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2007-10-02 06:51 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2007-10-01 10:49 --------- d-----w C:\Documents and Settings\admin22\Application Data\Azureus
2007-09-07 08:42 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-09-07 08:42 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-09-06 09:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 09:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-03-13 23:05 290 ----a-w C:\Program Files\IAnywareErrors.log
2006-07-12 23:55 30,880 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2005-06-21 05:01 132 -c-ha-w C:\Program Files\AppUpdate.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:56]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-11-15 18:32]
"Quick Hide Windows"="C:\Program Files\CronoSoft\Quick Hide Windows\qhw.exe" [2007-02-13 19:37]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-06 18:31]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 21:50]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 01:48]
"CANON DR2080C SVC"="DR2KSVC.dll" [2006-07-28 20:38 C:\WINDOWS\system32\DR2KSVC.dll]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2003-02-27 03:12]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2003-02-27 03:40]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 19:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 20:06]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-03-15 09:27:47]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 12:10:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-10-02 17:51 75064 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311tn5.sys
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-21 02:38:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 17:04:08
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-25 17:05:36
.
--- E O F ---

Attached Files

extra.txt (13.4 KB, 2 views)

MoralTerror

Hi Natwak

P2P - I see you have P2P software <Azureus> installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

-------------------------------

Avast Antivirus appears to be disabled, please re-enable it now.

You still have traces of McAfee running on the system. To remove these please run the appropriate tools for your version.

McAfee VirusScan Only
Download VSCleanupTool

Double click on VSCleanupTool.exe to run it. It should begin removal of McAfee within one minute. During removal several icons will appear on your desktop, this is normal. When prompted to reboot press Y.


All '05, '06, and '07 McAfee products
Download the McAfee Removal Tool.

Double click on MCPR.exe to launch it, then Click Run. A window should appear and disappear, this is normal. A new window should popup and begin the uninstall. When prompted to reboot your computer type Y.

-------------------------------

From Control Panel > Add/Remove Programs uninstall the following programs (if they still exist)

J2SE Runtime Environment 5.0 Update 12
Java(TM) 6 Update 2


Leave Java(TM) 6 Update 3 as this is the latest version
-------------------------------

Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any)

R3 - URLSearchHook: (no name) - {4062A336-32AB-177E-A2AB-1043C012F6CD} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)


Remember to close all other windows and click Fix Checked

-------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

-------------------------------

Run a new scan with dss.exe using the following procedure:

Click Start>Select 'Run' - then copy/paste the following text into the run box & click OK

"%userprofile%\desktop\dss.exe" /config

Click on "Check All"

Click Scan!

When finished, it shall produce main.txt and extra.txt for you. Post those here in your next reply.

-------------------------------
Required Logs

kaspersky results
main.txt
extra.txt (attached)


Please also provide an update on system behaviour

MoralTerror

Sorry Nathan I missed that post. If this causes problems then you could download any required tools from your brothers computer and transfer them to yours using CD, USB key or other media.

We will provide links and advice once we have made sure there is no malware onboard

I'm not really seeing any malware that would cause that. Some of your legit programs however will use the connection to check for updates and download any that are needed. EG Steam, AntiVirus and AntiSpyware programs, Windows Automatic updates etc. The p2p programs will also use the connection to either complete a download or seed your files back into the p2p community.

We will know more once we see the results of the kaspersky scan listed in my previous post.

While connected to the net do the following:

Click Start > Run and type

cmd.exe


In the command prompt window type

netstat -b


This may take a few moments to populate and will list all the executables which have created a connection or listening port. These exe files will be displayed in square brackets [] Please include a list of these in your next post.

Natwak

Kaspersky online scanner? Needs internet connection, Using heaps running then net, like 90MB PLUS. Is there any chance Rogue Software could do this to my machine? -.- I'll do all the parts except KasperSky..


Nathan =)

Natwak

-.- And also.. does windows updates use a 1G or more, in a FEW MINUTES.

Do you have any idea of ANYTHING that could do that

MoralTerror

Like I said I'm not seeing any malware that would do that. Did you run the netstat command (see previous post) to see what programs are using the connection?

Download gmer from http://www.gmer.net & unzip it to desktop

Launch gmer.exe by double-clicking it. Select the rootkit tab & make sure the 'Show All' button is unticked.

Press scan & when it has finished press copy & paste the log back here

Natwak

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\admin22>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP nathan-pc:1165 localhost:1166 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:1166 localhost:1165 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:1208 localhost:1209 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:1209 localhost:1208 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:1235 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:1241 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:1251 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:1569 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:1663 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:1685 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:1702 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:1706 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:1710 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:2003 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:2013 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:2025 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:2029 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:2031 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:2033 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:2137 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:2141 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:2147 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:2161 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:2247 localhost:12080 ESTABLISHED 2284
[firefox.exe]

TCP nathan-pc:12080 localhost:2247 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:2013 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:2033 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:2147 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:2137 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:1569 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:2161 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:1241 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:2141 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:1685 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:1251 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:2031 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:1663 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:1235 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:1710 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:2029 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:1702 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:1706 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:2003 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:12080 localhost:2025 ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:1940 61.9.209.153:http ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:1942 61.9.209.153:http ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:2014 207.68.178.153:http ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:2030 61.9.209.153:http ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:2032 210.247.196.16:http ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:2034 61.9.209.150:http ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:2142 server213-171-193-104.livedns.org.uk:http ESTAB
LISHED 1976
[ashWebSv.exe]

TCP nathan-pc:2248 gmer.net:http ESTABLISHED 1976
[ashWebSv.exe]

TCP nathan-pc:2004 210.8.175.222:http CLOSE_WAIT 1976
[ashWebSv.exe]

TCP nathan-pc:2026 210.8.175.253:http CLOSE_WAIT 1976
[ashWebSv.exe]

TCP nathan-pc:2143 74.125.19.166:http CLOSE_WAIT 1976
[ashWebSv.exe]

TCP nathan-pc:2148 node9.crazyegg.com:http CLOSE_WAIT 1976
[ashWebSv.exe]

TCP nathan-pc:2162 cf-in-f99.google.com:http CLOSE_WAIT 1976
[ashWebSv.exe]

TCP nathan-pc:1999 localhost:12080 TIME_WAIT 0
TCP nathan-pc:2006 localhost:12080 TIME_WAIT 0
TCP nathan-pc:2017 localhost:12080 TIME_WAIT 0
TCP nathan-pc:2020 localhost:12080 TIME_WAIT 0
TCP nathan-pc:2059 localhost:12080 TIME_WAIT 0
TCP nathan-pc:2065 localhost:12080 TIME_WAIT 0
TCP nathan-pc:2106 localhost:12080 TIME_WAIT 0
TCP nathan-pc:2121 localhost:12080 TIME_WAIT 0
TCP nathan-pc:2153 localhost:12080 TIME_WAIT 0
TCP nathan-pc:2205 localhost:12080 TIME_WAIT 0
TCP nathan-pc:12080 localhost:2237 TIME_WAIT 0
TCP nathan-pc:12080 localhost:2136 TIME_WAIT 0
TCP nathan-pc:12080 localhost:2113 TIME_WAIT 0
TCP nathan-pc:1825 61.9.209.153:http TIME_WAIT 0
TCP nathan-pc:1937 61.9.209.153:http TIME_WAIT 0
TCP nathan-pc:1939 61.9.209.153:http TIME_WAIT 0
TCP nathan-pc:1941 61.9.209.153:http TIME_WAIT 0
TCP nathan-pc:1987 61.9.209.153:http TIME_WAIT 0
TCP nathan-pc:1989 61.9.209.153:http TIME_WAIT 0
TCP nathan-pc:2002 61.9.209.158:http TIME_WAIT 0
TCP nathan-pc:2016 207.68.178.134:http TIME_WAIT 0
TCP nathan-pc:2102 74.125.19.166:http TIME_WAIT 0
TCP nathan-pc:2869 192.168.0.1:2454 TIME_WAIT 0
TCP nathan-pc:2869 192.168.0.1:2455 TIME_WAIT 0

I know what 192.168.0.1. is (router) Confused about rest
Cheers.

Netstat -b Thing will do rest now

Natwak

Deckard's System Scanner v20071014.68
Run by user on 2007-11-27 19:30:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
80: 2007-11-27 08:30:31 UTC - RP152 - Deckard's System Scanner Restore Point
79: 2007-11-27 08:17:35 UTC - RP151 - Removed Java(TM) 6 Update 2
78: 2007-11-27 07:47:07 UTC - RP150 - System Checkpoint
77: 2007-11-26 06:43:54 UTC - RP149 - System Checkpoint
76: 2007-11-25 05:59:19 UTC - RP148 - ComboFix created restore point


-- First Restore Point --
1: 2007-09-25 00:03:28 UTC - RP73 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:02 PM, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CronoSoft\Quick Hide Windows\qhw.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\admin22\Local Settings\Temp\wz513f\gmer.exe
C:\Documents and Settings\admin22\desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CANON DR2080C SVC] rundll32.exe DR2KSVC.dll,EntryPointUserMessage
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Quick Hide Windows] C:\Program Files\CronoSoft\Quick Hide Windows\qhw.exe -s
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 7339 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R3 NETGEAR_WG311T_SERVICE (NETGEAR WG311T Wireless Adapter Service) - c:\windows\system32\drivers\wg311tn5.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S2 LMIInfo (LogMeIn Kernel Information Provider) - c:\program files\logmein\x86\rainfo.sys (file missing)
S3 catchme - c:\docume~1\admin22\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 700)
2007-11-01 15:46:30 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\system32\svchost.exe (pid 920)
2007-11-01 15:46:30 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\system32\svchost.exe (pid 1004)
2007-11-01 15:46:30 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\system32\svchost.exe (pid 1044)
2007-11-01 15:46:30 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\system32\svchost.exe (pid 1128)
2007-11-01 15:46:30 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\system32\svchost.exe (pid 1264)
2007-11-01 15:46:30 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\explorer.exe (pid 320)
2007-11-01 15:46:30 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>
2005-09-23 08:28:38 83456 --a------ C:\WINDOWS\system32\dfshim.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-04-13 04:21:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 08:28:56 107520 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 08:28:50 9216 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 08:28:58 17920 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 08:29:00 85504 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-11-04 08:08:49 34064 --a------ C:\WINDOWS\system32\lhacm.acm <Not Verified; Microsoft Corporation; Windows® NetMeeting®>

C:\WINDOWS\system32\rundll32.exe (pid 656)
2007-11-01 15:46:30 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\system32\svchost.exe (pid 1836)
2007-11-01 15:46:30 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\system32\svchost.exe (pid 3168)
2007-11-01 15:46:30 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\system32\rundll32.exe (pid 2376)
2007-11-01 15:46:30 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>


-- Scheduled Tasks -------------------------------------------------------------

2007-11-21 13:38:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-10-27 and 2007-11-27 -----------------------------

2007-11-27 19:19:50 0 dr-h----- C:\Documents and Settings\admin22\Recent
2007-11-25 16:52:36 0 d-------- C:\Program Files\Trend Micro
2007-11-23 1932 0 d-------- C:\Program Files\Spyware Doctor
2007-11-23 1932 0 d-------- C:\Documents and Settings\admin22\Application Data\PC Tools
2007-11-22 20:33:41 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2007-11-22 20:33:28 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-22 20:33:28 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-22 20:33:28 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-11-22 20:33:28 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-22 20:33:28 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-21 17:30:06 0 d-------- C:\Program Files\CCleaner
2007-11-21 17:27:51 0 d-------- C:\WINDOWS\pss
2007-11-21 01:39:27 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-20 18:56:00 0 d-------- C:\WINDOWS\.mpr_file_store_32
2007-11-18 14:17:51 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-18 13:48:37 0 d-------- C:\Documents and Settings\Administrator\Cookies
2007-11-18 13:48:37 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-18 13:48:37 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-18 13:48:36 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-18 13:48:36 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-18 13:48:36 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-15 19:29:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-11-15 19:28:34 0 d-------- C:\Program Files\Apple Software Update
2007-11-15 19:28:33 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-11-15 08:22:00 0 d-------- C:\Program Files\Alwil Software
2007-11-14 22:18:43 0 d-------- C:\quarantine
2007-11-14 21:34:48 0 d-------- C:\WINDOWS\BDOSCAN8
2007-11-14 20:08:05 0 d-------- C:\Program Files\Lavasoft
2007-11-14 20:08:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2007-11-14 20:07:35 6291456 --a------ C:\Documents and Settings\admin22\ntuser.dat
2007-11-14 2034 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 19:56:17 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-04 14:21:04 0 d-------- C:\Program Files\MSN Messenger
2007-11-04 08:09:08 0 d-------- C:\Documents and Settings\admin22\Application Data\teamspeak2
2007-11-04 08:08:37 0 d-------- C:\Program Files\Teamspeak2_RC2
2007-10-31 18:11:28 0 d-------- C:\Documents and Settings\admin22\Application Data\Uniblue
2007-10-31 18:11:20 0 d-------- C:\Program Files\Uniblue
2007-10-28 19:31:43 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype


-- Find3M Report ---------------------------------------------------------------

2007-11-27 19:19:44 0 d-------- C:\Program Files\Steam
2007-11-27 19:18:21 0 d-------- C:\Program Files\Java
2007-11-25 16:52:27 0 d-------- C:\Program Files\Common Files
2007-11-22 20:33:32 0 d-------- C:\Program Files\iMesh Applications
2007-11-22 20:31:51 0 d-------- C:\Program Files\SwiftSwitch
2007-11-15 19:29:53 0 d-------- C:\Program Files\QuickTime
2007-11-11 01:22:08 0 d-------- C:\Program Files\Covey Inc
2007-11-10 20:52:03 0 d-------- C:\Program Files\HyCam2
2007-11-03 15:09:53 0 d-------- C:\Program Files\Movie Maker
2007-10-25 19:03:48 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-24 19:31:01 0 d-------- C:\Program Files\CronoSoft
2007-10-24 19:23:47 0 d-------- C:\Program Files\Hide Window Hotkey
2007-10-23 21:04:22 0 d-------- C:\Program Files\Windows Live Toolbar
2007-10-21 22:43:29 0 d-------- C:\Documents and Settings\admin22\Application Data\Macromedia
2007-10-08 23:02:33 0 d-------- C:\Documents and Settings\admin22\Application Data\Notepad++
2007-10-08 22:19:59 0 d-------- C:\Program Files\Notepad++
2007-10-01 21:49:12 0 d-------- C:\Documents and Settings\admin22\Application Data\Azureus


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 09:50 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09/03/2007 12:09 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [23/10/2006 01:48 AM]
"CANON DR2080C SVC"="DR2KSVC.dll" [28/07/2006 08:38 PM C:\WINDOWS\system32\DR2KSVC.dll]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [27/02/2003 03:12 AM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [27/02/2003 03:40 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/06/2004 07:50 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [19/10/2007 08:16 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 08:06 PM]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [02/11/2007 05:24 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 02:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 11:56 AM]
"Steam"="C:\Program Files\Steam\Steam.exe" [15/11/2007 06:32 PM]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [06/11/2007 06:31 PM]
"Quick Hide Windows"="C:\Program Files\CronoSoft\Quick Hide Windows\qhw.exe" [13/02/2007 07:37 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [3/08/2007 12:10:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 02/10/2007 05:51 PM 75064 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7429 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-11-27 19:44:20 ------------

Attached Files

extra.txt (11.2 KB, 1 views)

Natwak

KASPERSKY HAS NOT BEEN DONE. I tried to click Free Scan and it just displays "Done" and dosent work AT ALL.

Thanks
Nathan
I will include the scan from GMER a little later when it finishes,
Cheers =)

MoralTerror

Hi Natwak

What browser were you using? Kaspersky requires Internet Explorer.

netstat command didn't show much. You had connections with Google, Telstra, Haymarket and Microsoft and only Avast and Firefox making connections. Let's wait and see what gmer will reveal

Natwak

what is Haymarket?


I have problems with my sound/audio,
also have problems with Windows Firewall and I cant see my connections

Thanks

Will Upload GMER

Natwak

gmer.log:
Invalid File


It says Gmer.log is an invalid file, help?
I save it then upload and it says its invalid..

Nathan

MoralTerror

Hi Natwak

Sorry for not being more specific. The haymarket connection is related to aapt.com.au

If the gmer log is too large to copy/paste into the thread then right-click gmer.log and rename it to gmer.txt before uploading.

Could you describe these problems more detailed please?

I'm not sure what you mean by seeing connections. Your router will monitor all your internet traffic. Any information it receives from the internet will be passed onto your network only if one of the machines on your side of the router asked for that information. Having said that Windows Firewall will only monitor incoming traffic, which would already be filtered by the router, so in theory your PC could be requesting information without your knowledge. A third party software firewall would monitor the outgoing traffic allowing you to deny/allow the requests to the internet. This tutorial will better explain Firewalls and their use. http://www.bleepingcomputer.com/tuto...utorial60.html

Here a couple of good Firewall programs. Make sure only to have 1 installed and disable Windows Firewall to avoid conflicts.

• Comodo Personal Firewall
• ZoneAlarm

Natwak

With my connection, I click Start > Control Panel > Internet Connections > CANT SEE ANYTHING AT ALL HERE.


Kaspersky STILL WONT WORK. Not sure why.

Ive included the gmer log.

Cheers
Nathan =)

Attached Files

gmer.txt (399.3 KB, 3 views)

Natwak

0.0 Alright Hope your on soon, Be back later
Nathan
=)

MoralTerror

Hi Nathan

I still don't see any malware. Everything looks normal for a high speed always on connection. Is this the type of connection you have?

For Kaspersky try closing all browsers and uninstalling Kaspersky Online Scanner from Control Panel > Add/Remove programs then try the scan again.

To restore the missing icons in the Connections folder click Start > Run and type cmd.exe From the command prompt type the following commands pressing enter after each line:

regsvr32 netshell.dll
regsvr32 netcfgx.dll
regsvr32 netman.dll


Reboot the computer to let changes take effect. Do you have icons for your connection now?