help removing andt.sys indt2.sys and other spyware

[loise300]

Hi, i'm kind of new to this so i'm hoping you guys can help me out here. i went on my task manager yesterday and found andt.sys and indt2.sys running in my processes, i googled them and found they were trojans, i ended them and then searched for them and deleted them from the system32 folder, i understand theyre likely to come back even though i deleted them, and just like clock work today when i checked my processes, there they were running again. i've worked through the 5 step process of yours before posting this, i ran the panda activescan and that found several spyware, which i have noticed include virtumonde, so i shall post both my DSS log and the pandascan. i will be extremely grateful of any help i receive, thanks in advance.

Panda:


Incident Status Location

Adware:adware/cws.searchmeup Not disinfected c:\program files\internet explorer\svchost.exe
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dave\Cookies\dave@247realmedia[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dave\Cookies\dave@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dave\Cookies\dave@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Dave\Cookies\dave@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Dave\Cookies\dave@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Dave\Cookies\dave@adtech[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dave\Cookies\dave@advertising[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dave\Cookies\dave@advertising[2].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Dave\Cookies\dave@adviva[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Dave\Cookies\dave@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dave\Cookies\dave@atdmt[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dave\Cookies\dave@atdmt[3].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dave\Cookies\dave@atwola[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dave\Cookies\dave@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Dave\Cookies\dave@burstnet[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dave\Cookies\dave@com[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dave\Cookies\dave@doubleclick[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dave\Cookies\dave@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dave\Cookies\dave@fastclick[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dave\Cookies\dave@media.adrevolver[3].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dave\Cookies\dave@media.adrevolver[5].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Dave\Cookies\dave@mediaplex[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dave\Cookies\dave@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dave\Cookies\dave@statcounter[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Dave\Cookies\dave@tradedoubler[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dave\Cookies\dave@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Dave\Cookies\dave@www.burstbeacon[2].txt
Spyware:Cookie/Intelli-tracker Not disinfected C:\Documents and Settings\Dave\Cookies\dave@www.intelli-tracker[1].txt
Virus:Generic Malware Disinfected C:\Documents and Settings\Dave\My Documents\Downloads\ParetoLogic Anti-Spyware v5[1].xx XoftSpy v4.xx XoftSpySE v4.xx RegCure v1.xx PrivacyControls v1.xx All in one patch\Paretologic 5 in 1 crack\ParetoLogic_Slayer_v1.3.exe
Virus:Generic Malware Disinfected C:\Documents and Settings\Dave\My Documents\Downloads\ParetoLogic Anti-Spyware v5[1].xx XoftSpy v4.xx XoftSpySE v4.xx RegCure v1.xx PrivacyControls v1.xx All in one patch.zip[Paretologic 5 in 1 crack/ParetoLogic_Slayer_v1.3.exe]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Louise\Cookies\louise@adtech[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Louise\Cookies\louise@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Louise\Cookies\louise@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Louise\Cookies\louise@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Louise\Cookies\louise@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Louise\Cookies\louise@burstnet[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Louise\Cookies\louise@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Louise\Cookies\louise@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Louise\Cookies\louise@mediaplex[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Louise\Cookies\louise@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Louise\Cookies\louise@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Louise\Cookies\louise@statse.webtrendslive[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Louise\Cookies\louise@tradedoubler[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Louise\Cookies\louise@tribalfusion[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Louise\Cookies\louise@tribalfusion[3].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Louise\Cookies\louise@www.burstbeacon[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Louise\Cookies\louise@zedo[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@adtech[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@advertising[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@advertising[2].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@adviva[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@atdmt[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@atdmt[3].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@bluestreak[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@bs.serving-sys[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@bs.serving-sys[3].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@burstnet[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@doubleclick[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@questionmarket[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@serving-sys[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@serving-sys[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@statse.webtrendslive[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@tradedoubler[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@tradedoubler[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@tribalfusion[1].txt
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\Fonts\a.zip[Setup.exe]
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\Fonts\Setup.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\gkkobqfs.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\pwdurtwt.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\qlxmgtsc.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\qpkqfmxh.dll
DSS:

Deckard's System Scanner v20071014.68
Run by Dave on 2008-03-21 16:58:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
28: 2008-03-21 16:58:40 UTC - RP901 - Deckard's System Scanner Restore Point
27: 2008-03-21 12:39:31 UTC - RP900 - System Checkpoint
26: 2008-03-20 12:27:15 UTC - RP899 - Installed Java(TM) 6 Update 5
25: 2008-03-20 12:02:21 UTC - RP898 - System Checkpoint
24: 2008-03-19 10:33:33 UTC - RP897 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-02-24 20:24:22 UTC - RP874 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 192 MiB (512 MiB recommended).


-- HijackThis (run as Dave.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-21 17:05:15
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\511XDVSV\dss[1].exe
C:\Program Files\Trend Micro\HijackThis\Dave.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.multi-map.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {42738BA2-79C2-4097-B98D-920D8314D51B} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7842FE81-DDCC-F250-978B-BF44A1B614B2} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {82A50C6C-99ED-455E-BAF0-0B2CB38205D6} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - AutorunsDisabled - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O23 - Service: McAfee Application Installer Cleanup (0273771206098397) (0273771206098397mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\027377~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - C:\APPS\HIDSERVICE\HidService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - C:\WINDOWS\system32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: - http://www.travelstyletours.co.uk/im...tle/title3.jpg

--
End of file - 10408 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 musbehco - c:\docume~1\louise\locals~1\temp\musbehco.sys (file missing)
S3 ss_bus (Samsung Mobile USB Device 1.0 driver (WDM)) - c:\windows\system32\drivers\ss_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device 1.0>
S3 ss_mdfl (SAMSUNG Mobile USB Modem 1.0 Filter) - c:\windows\system32\drivers\ss_mdfl.sys <Not Verified; MCCI; SAMSUNG Mobile USB Modem 1.0 Filter>
S3 ss_mdm (SAMSUNG Mobile USB Modem 1.0 Drivers) - c:\windows\system32\drivers\ss_mdm.sys <Not Verified; MCCI; SAMSUNG Mobile USB Modem 1.0>
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20070709.002\symidsco.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\apps\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\apps\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 CyberLink Media Library Service - "c:\program files\cyberlink\shared files\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>
R2 GenericHidService (Generic Service for HID Keyboard Input Collections) - c:\apps\hidservice\hidservice.exe

S2 0273771206098397mcinstcleanup (McAfee Application Installer Cleanup (0273771206098397)) - c:\windows\temp\027377~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S2 perfmons (perfmons Service) - c:\windows\system32\perfs.exe
S2 Routing (Routing Service) - c:\windows\system32\routing.exe
S4 GEARSecurity - system32\gearsec.exe <Not Verified; GEAR Software; gearsec>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-07 15:33:32 370 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-03-07 15:33:32 436 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-03-07 15:33:31 360 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2008-03-07 15:33:31 446 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-02-15 01:23:19 348 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-10-01 00:03:20 350 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-02-21 and 2008-03-21 -----------------------------

2008-03-21 15:53:49 0 d-------- C:\Program Files\ZonedOut
2008-03-21 15:51:55 322518 --a------ C:\Program Files\ie-spyad_zo.exe
2008-03-21 15:37:33 0 d-------- C:\ie-spyad_zo
2008-03-21 15:27:45 0 d-------- C:\Program Files\SpywareBlaster
2008-03-21 11:18:34 0 d-------- C:\WINDOWS\LastGood
2008-03-21 11:03:41 45056 --a------ C:\WINDOWS\system32\Indt2.sys <Not Verified; b; >
2008-03-21 11:03:39 276992 --a------ C:\WINDOWS\system32\andt.sys
2008-03-20 22:02:15 0 d-------- C:\Documents and Settings\Dave\Application Data\Samsung
2008-03-20 12:27:24 0 d-------- C:\Program Files\Common Files\Java
2008-03-19 20:20:32 0 d-------- C:\Program Files\Blubster
2008-03-19 09:20:00 0 dr-h----- C:\Documents and Settings\Dave\Recent
2008-03-07 15:20:52 0 d-------- C:\Program Files\Autoruns
2008-03-07 14:59:22 0 d-------- C:\Program Files\Trend Micro
2008-03-06 11:47:10 0 d-------- C:\Program Files\RegCure
2008-02-24 13:15:43 0 d-------- C:\Documents and Settings\LocalService\Application Data\Identities
2008-02-24 00:34:21 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-02-23 12:21:44 32256 --a------ C:\WINDOWS\system32\routing.exe
2008-02-23 12:21:38 40 --a------ C:\WINDOWS\system32\drmgs.sys
2008-02-23 10:10:41 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-23 10:09:14 0 d-------- C:\Program Files\Spyware Doctor
2008-02-23 10:09:14 0 d-------- C:\Documents and Settings\Dave\Application Data\PC Tools
2008-02-22 23:50:10 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-02-22 23:47:43 35738 --a------ C:\WINDOWS\hosts
2008-02-22 11:53:54 0 d-------- C:\Program Files\XoftSpySE
2008-02-21 22:00:04 93760 --a------ C:\WINDOWS\system32\qpkqfmxh.dll


-- Find3M Report ---------------------------------------------------------------

2008-03-21 15:53:39 240904 --a------ C:\Program Files\ZonedOut.zip
2008-03-21 11:18:20 0 d-------- C:\Program Files\McAfee
2008-03-20 23:08:44 0 d-------- C:\Program Files\Messenger
2008-03-20 23:08:43 0 d-------- C:\Program Files\MSN Messenger
2008-03-20 12:30:32 0 d-------- C:\Program Files\Java
2008-03-20 12:27:24 0 d-------- C:\Program Files\Common Files
2008-03-19 10:02:11 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-14 19:32:55 0 d-------- C:\Documents and Settings\Dave\Application Data\SiteAdvisor
2008-03-11 11:50:05 0 d-------- C:\Documents and Settings\Dave\Application Data\Vso
2008-03-07 15:20:35 545278 --a------ C:\Program Files\Autoruns.zip
2008-03-07 10:33:01 0 d-------- C:\Documents and Settings\Dave\Application Data\uTorrent
2008-03-06 12:31:51 0 d-------- C:\Program Files\Online Services
2008-03-06 12:31:51 0 d-------- C:\Program Files\AOL 9.0
2008-02-28 21:55:18 0 d-------- C:\Program Files\Samsung
2008-02-24 21:09:35 66488 --a----c- C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-02-23 18:45:32 11790 --ahs---- C:\WINDOWS\system32\vvvwa.ini2
2008-02-20 21:58:14 87616 --a------ C:\WINDOWS\system32\gkkobqfs.dll
2008-02-20 20:24:49 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-20 18:45:35 0 d-------- C:\Documents and Settings\Dave\Application Data\Uniblue
2008-02-19 22:44:07 0 d-------- C:\Program Files\Lavasoft
2008-02-19 22:39:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-19 22:00:09 88128 --a------ C:\WINDOWS\system32\pwdurtwt.dll
2008-02-19 21:57:10 89152 --a------ C:\WINDOWS\system32\qlxmgtsc.dll
2008-02-19 21:45:19 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-02-19 20:19:57 217839 --ahs---- C:\WINDOWS\system32\rqstv.ini2
2008-02-17 22:40:08 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-02-15 15:51:23 0 d-------- C:\Documents and Settings\Dave\Application Data\Mozilla
2008-02-13 18:03:50 24626 --a------ C:\WINDOWS\system32\ScrrnES.dll <Not Verified; Microsoft Corporation; Microsoft (r) Script Runtime>
2008-02-12 11:19:00 0 d-------- C:\Documents and Settings\Dave\Application Data\Viewpoint
2008-02-04 22:28:06 0 d-------- C:\Program Files\Windows Live Safety Center


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
19/09/2007 06:15 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42738BA2-79C2-4097-B98D-920D8314D51B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7842FE81-DDCC-F250-978B-BF44A1B614B2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82A50C6C-99ED-455E-BAF0-0B2CB38205D6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [10/04/2007 18:35]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [08/01/2007 10:22]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 22:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvvv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^broadband medic.lnk]
backup=C:\WINDOWS\pss\broadband medic.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6c30e84f]
rundll32.exe "C:\WINDOWS\system32\gkkobqfs.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\barb bib mp3 camp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mp3start]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvchost]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]
C:\Program Files\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"c:\Apps\Powercinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Services Loader]
C:\WINDOWS\SYSTEM32\DRIVERS\services.exe C:\WINDOWS\SYSTEM32\DRIVERS\serv-u.ini

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows svchost]
C:\WINDOWS\system32\drivers\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\svchost.exe -b C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7966 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-21 17:08:36 ------------

[amateur]

Hello and welcome to TSF.

Sorry for the delayed response. If you have not received help elsewhere and still need help please post a fresh main.txt, as it has been a while since you posted, and I'll be happy to help you.

[loise300]

thank you for replying, im still having the same problems with andt.sys and indt2.sys, so i am very grateful of your help. here is my main.txt, thanks again.

Deckard's System Scanner v20071014.68
Run by Dave on 2008-03-26 21:50:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 86% (more than 75%).
Total Physical Memory: 192 MiB (512 MiB recommended).


-- HijackThis (run as Dave.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-26 21:53:31
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\DJBTT5CY\dss[1].exe
C:\Program Files\Trend Micro\HijackThis\Dave.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.multi-map.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {42738BA2-79C2-4097-B98D-920D8314D51B} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7842FE81-DDCC-F250-978B-BF44A1B614B2} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {82A50C6C-99ED-455E-BAF0-0B2CB38205D6} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - AutorunsDisabled - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} () - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} () - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} () - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} () - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - C:\APPS\HIDSERVICE\HidService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - C:\WINDOWS\system32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: - http://www.travelstyletours.co.uk/im...tle/title3.jpg

--
End of file - 10427 bytes

-- Files created between 2008-02-26 and 2008-03-26 -----------------------------

2008-03-24 19:02:14 0 d-------- C:\Program Files\iTunes
2008-03-24 19:00:24 0 d-------- C:\Program Files\Bonjour
2008-03-24 18:58:03 0 d-------- C:\Program Files\QuickTime
2008-03-24 18:55:08 0 d-------- C:\Program Files\Apple Software Update
2008-03-24 18:53:52 0 d-------- C:\Program Files\Common Files\Apple
2008-03-24 18:53:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-24 07:44:12 45056 --a------ C:\WINDOWS\system32\Indt2.sys <Not Verified; b; >
2008-03-24 07:44:09 276992 --a------ C:\WINDOWS\system32\andt.sys
2008-03-23 14:35:44 0 dr-h----- C:\Documents and Settings\Dave\Recent
2008-03-21 15:53:49 0 d-------- C:\Program Files\ZonedOut
2008-03-21 15:51:55 322518 --a------ C:\Program Files\ie-spyad_zo.exe
2008-03-21 15:37:33 0 d-------- C:\ie-spyad_zo
2008-03-21 15:27:45 0 d-------- C:\Program Files\SpywareBlaster
2008-03-20 22:02:15 0 d-------- C:\Documents and Settings\Dave\Application Data\Samsung
2008-03-20 12:27:24 0 d-------- C:\Program Files\Common Files\Java
2008-03-19 20:20:32 0 d-------- C:\Program Files\Blubster
2008-03-07 15:20:52 0 d-------- C:\Program Files\Autoruns
2008-03-07 14:59:22 0 d-------- C:\Program Files\Trend Micro
2008-03-06 11:47:10 0 d-------- C:\Program Files\RegCure


-- Find3M Report ---------------------------------------------------------------

2008-03-26 21:23:13 0 d-------- C:\Program Files\McAfee
2008-03-24 19:02:43 0 d-------- C:\Program Files\iPod
2008-03-24 18:53:52 0 d-------- C:\Program Files\Common Files
2008-03-23 11:03:51 0 d-------- C:\Documents and Settings\Dave\Application Data\SiteAdvisor
2008-03-21 23:13:13 0 d-------- C:\Program Files\XoftSpySE
2008-03-21 15:53:39 240904 --a------ C:\Program Files\ZonedOut.zip
2008-03-20 23:08:44 0 d-------- C:\Program Files\Messenger
2008-03-20 23:08:43 0 d-------- C:\Program Files\MSN Messenger
2008-03-20 12:30:32 0 d-------- C:\Program Files\Java
2008-03-19 10:02:11 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-11 11:50:05 0 d-------- C:\Documents and Settings\Dave\Application Data\Vso
2008-03-07 15:20:35 545278 --a------ C:\Program Files\Autoruns.zip
2008-03-07 10:33:01 0 d-------- C:\Documents and Settings\Dave\Application Data\uTorrent
2008-03-06 12:31:51 0 d-------- C:\Program Files\Online Services
2008-03-06 12:31:51 0 d-------- C:\Program Files\AOL 9.0
2008-03-03 13:32:24 0 d-------- C:\Program Files\Spyware Doctor
2008-02-28 21:55:18 0 d-------- C:\Program Files\Samsung
2008-02-24 21:09:35 66488 --a----c- C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-02-23 18:45:32 11790 --ahs---- C:\WINDOWS\system32\vvvwa.ini2
2008-02-23 12:21:45 32256 --a------ C:\WINDOWS\system32\routing.exe
2008-02-23 12:21:38 40 --a------ C:\WINDOWS\system32\drmgs.sys
2008-02-23 10:09:14 0 d-------- C:\Documents and Settings\Dave\Application Data\PC Tools
2008-02-20 20:24:49 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-20 18:45:35 0 d-------- C:\Documents and Settings\Dave\Application Data\Uniblue
2008-02-19 22:44:07 0 d-------- C:\Program Files\Lavasoft
2008-02-19 22:39:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-19 21:45:19 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-02-19 20:19:57 217839 --ahs---- C:\WINDOWS\system32\rqstv.ini2
2008-02-17 22:40:08 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-02-15 15:51:23 0 d-------- C:\Documents and Settings\Dave\Application Data\Mozilla
2008-02-13 18:03:50 24626 --a------ C:\WINDOWS\system32\ScrrnES.dll <Not Verified; Microsoft Corporation; Microsoft (r) Script Runtime>
2008-02-12 11:19:00 0 d-------- C:\Documents and Settings\Dave\Application Data\Viewpoint
2008-02-04 22:28:06 0 d-------- C:\Program Files\Windows Live Safety Center
2008-01-24 16:48:14 35738 --a------ C:\WINDOWS\hosts


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
26/11/2007 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42738BA2-79C2-4097-B98D-920D8314D51B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7842FE81-DDCC-F250-978B-BF44A1B614B2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82A50C6C-99ED-455E-BAF0-0B2CB38205D6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [10/04/2007 18:35]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [08/01/2007 10:22]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 22:33]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 23:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 13:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvvv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^broadband medic.lnk]
backup=C:\WINDOWS\pss\broadband medic.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6c30e84f]
rundll32.exe "C:\WINDOWS\system32\gkkobqfs.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\barb bib mp3 camp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mp3start]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvchost]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]
C:\Program Files\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"c:\Apps\Powercinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Services Loader]
C:\WINDOWS\SYSTEM32\DRIVERS\services.exe C:\WINDOWS\SYSTEM32\DRIVERS\serv-u.ini

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows svchost]
C:\WINDOWS\system32\drivers\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\svchost.exe -b C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-03-26 21:57:27 ------------

[amateur]

Hi,

Go to Start > Run. Copy/Paste or type the text in blue exactly as it is:

sc stop perfmons and then click OK
sc delete perfmons and then click OK

sc stop Routing and then click OK
sc delete Routing and then click OK

============================

Scan with HijackThis and put a checkmark against the following entries:

O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {42738BA2-79C2-4097-B98D-920D8314D51B} - (no file)
O2 - BHO: (no name) - {7842FE81-DDCC-F250-978B-BF44A1B614B2} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {82A50C6C-99ED-455E-BAF0-0B2CB38205D6} - (no file)
O9 - Extra button: (no name) - AutorunsDisabled - (file missing)
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe

Close all browsers and windows other than HijackThis and click on "fix checked".

==============================

Restart the computer for the changes to take effect.

==============================

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

==============================

Download ATF Cleaner by Atribune and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
The rest are optional - if you want to remove the lot, check "Select All".

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

Firefox :
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Opera :
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

When you have finished, click on the Exit button in the Main menu.

For Technical Support, double-click the e-mail address located at the bottom of each menu

==============================

Go to Start>Control Panel>Add/Remove Programs and remove if Kaspersky online scanner is present prior to downloading the most up-to-date one.

Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
• Scan using the following Anti-Virus database:
• Standard
• Scan Options:
• Scan Archives
• Scan Mail Bases
• Click OK
• Now under select a target to scan:
• Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
• Now click on the Save as Text button:
• Save the file to your desktop in txt format.

Copy and paste that information from Kapersky in your next post.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans for no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Or use Firefox with IE-Tab plugin

==============================

Please run Deckard's System Scanner once again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK

"%userprofile%\desktop\dss.exe" /config

In addition to what is checked already

Tick:

Drivers
Services

Click Scan!

When finished, it shall produce a log for you. Post that log in your next reply along with the Kaspersky report and the MBAM report.

[loise300]

hi, thanks for replying so fast, and sorry it took me a while to get back to you but i've had alot on.

i scanned with hijackthis but couldnt find these 2 entries to delete:

O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe

i dont know if thats a problem?

i have 2 logs for you the MBAM and DSS, i also have the kaspersky but i'm having trouble posting it because its so big (over 6000kb), i tried to put it into an attatchment but it failed to upload several times, and also when i just try to copy/paste it my computer freezes, i am also unsure if i have done it right or not because it seems like the kaspersky log is displaying everything on my computer, although it only found 5 viruses and 6 infections, and there is more on the log than them, i apologise for this, but i am really unsure about it, and would like some clarification as to if i have done it right or not, and possibly if i need to do it again.

anyway thank you again for your time, here are my 2 logs:

MBAM:

Malwarebytes' Anti-Malware 1.09
Database version: 561

Scan type: Quick Scan
Objects scanned: 44371
Time elapsed: 16 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Wallpaper (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer\bin (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer\Ready (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer\temp (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer\Upload (Adware.Comet) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\dynamic toolbar\batch.bat (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\unins000.exe (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\pbukv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Wallpaper\swpstart.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\andt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Indt2.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drmgs.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\routing.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\perfs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


DSS:

Deckard's System Scanner v20071014.68
Run by Dave on 2008-03-29 14:41:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 192 MiB (512 MiB recommended).


-- HijackThis (run as Dave.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-29 14:44:14
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dave\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\Dave.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.multi-map.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} () - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} () - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} () - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} () - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O23 - Service: McAfee Application Installer Cleanup (0049451206793933) (0049451206793933mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\004945~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - C:\APPS\HIDSERVICE\HidService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - C:\WINDOWS\system32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: - http://www.travelstyletours.co.uk/im...tle/title3.jpg

--
End of file - 9889 bytes

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 musbehco - c:\docume~1\louise\locals~1\temp\musbehco.sys (file missing)
S3 ss_bus (Samsung Mobile USB Device 1.0 driver (WDM)) - c:\windows\system32\drivers\ss_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device 1.0>
S3 ss_mdfl (SAMSUNG Mobile USB Modem 1.0 Filter) - c:\windows\system32\drivers\ss_mdfl.sys <Not Verified; MCCI; SAMSUNG Mobile USB Modem 1.0 Filter>
S3 ss_mdm (SAMSUNG Mobile USB Modem 1.0 Drivers) - c:\windows\system32\drivers\ss_mdm.sys <Not Verified; MCCI; SAMSUNG Mobile USB Modem 1.0>
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20070709.002\symidsco.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\apps\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\apps\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 CyberLink Media Library Service - "c:\program files\cyberlink\shared files\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>
R2 GenericHidService (Generic Service for HID Keyboard Input Collections) - c:\apps\hidservice\hidservice.exe

S2 0049451206793933mcinstcleanup (McAfee Application Installer Cleanup (0049451206793933)) - c:\windows\temp\004945~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S4 GEARSecurity - system32\gearsec.exe <Not Verified; GEAR Software; gearsec>


-- Files created between 2008-02-29 and 2008-03-29 -----------------------------

2008-03-29 10:41:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-29 10:41:15 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-28 17:52:59 0 d-------- C:\Program Files\Lavasoft
2008-03-28 17:52:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-28 17:48:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 21:33:17 0 d-------- C:\Program Files\iTunes
2008-03-27 20:08:24 0 d-------- C:\Documents and Settings\Dave\Application Data\Malwarebytes
2008-03-27 20:08:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-27 20:08:01 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-24 19:02:14 0 d-------- C:\Program Files\iTunes(2)
2008-03-24 19:01:15 233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-03-24 19:00:24 0 d-------- C:\Program Files\Bonjour
2008-03-24 18:58:03 0 d-------- C:\Program Files\QuickTime
2008-03-24 18:55:08 0 d-------- C:\Program Files\Apple Software Update
2008-03-24 18:53:52 0 d-------- C:\Program Files\Common Files\Apple
2008-03-24 18:53:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-23 14:35:44 0 dr-h----- C:\Documents and Settings\Dave\Recent
2008-03-21 15:53:49 0 d-------- C:\Program Files\ZonedOut
2008-03-21 15:51:55 322518 --a------ C:\Program Files\ie-spyad_zo.exe
2008-03-21 15:37:33 0 d-------- C:\ie-spyad_zo
2008-03-21 15:27:45 0 d-------- C:\Program Files\SpywareBlaster
2008-03-20 22:02:15 0 d-------- C:\Documents and Settings\Dave\Application Data\Samsung
2008-03-20 12:27:24 0 d-------- C:\Program Files\Common Files\Java
2008-03-19 20:20:32 0 d-------- C:\Program Files\Blubster
2008-03-07 15:20:52 0 d-------- C:\Program Files\Autoruns
2008-03-07 14:59:22 0 d-------- C:\Program Files\Trend Micro
2008-03-06 11:47:10 0 d-------- C:\Program Files\RegCure


-- Find3M Report ---------------------------------------------------------------

2008-03-29 12:31:42 0 d-------- C:\Program Files\McAfee
2008-03-28 20:57:02 0 d-------- C:\Documents and Settings\Dave\Application Data\Adobe
2008-03-28 17:48:13 0 d-------- C:\Program Files\Common Files
2008-03-28 16:42:25 0 d-------- C:\Program Files\XoftSpySE
2008-03-27 2050 0 d-------- C:\Program Files\Common Files\Download Manager
2008-03-24 19:02:43 0 d-------- C:\Program Files\iPod
2008-03-23 11:03:51 0 d-------- C:\Documents and Settings\Dave\Application Data\SiteAdvisor
2008-03-21 15:53:39 240904 --a------ C:\Program Files\ZonedOut.zip
2008-03-20 23:08:44 0 d-------- C:\Program Files\Messenger
2008-03-20 23:08:43 0 d-------- C:\Program Files\MSN Messenger
2008-03-20 12:30:32 0 d-------- C:\Program Files\Java
2008-03-19 10:02:11 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-11 11:50:05 0 d-------- C:\Documents and Settings\Dave\Application Data\Vso
2008-03-07 15:20:35 545278 --a------ C:\Program Files\Autoruns.zip
2008-03-07 10:33:01 0 d-------- C:\Documents and Settings\Dave\Application Data\uTorrent
2008-03-06 12:31:51 0 d-------- C:\Program Files\Online Services
2008-03-06 12:31:51 0 d-------- C:\Program Files\AOL 9.0
2008-03-03 13:32:24 0 d-------- C:\Program Files\Spyware Doctor
2008-02-28 21:55:18 0 d-------- C:\Program Files\Samsung
2008-02-24 21:09:35 66488 --a----c- C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-02-23 18:45:32 11790 --ahs---- C:\WINDOWS\system32\vvvwa.ini2
2008-02-23 10:09:14 0 d-------- C:\Documents and Settings\Dave\Application Data\PC Tools
2008-02-20 20:24:49 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-20 18:45:35 0 d-------- C:\Documents and Settings\Dave\Application Data\Uniblue
2008-02-19 21:45:19 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-02-19 20:19:57 217839 --ahs---- C:\WINDOWS\system32\rqstv.ini2
2008-02-17 22:40:08 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-02-15 15:51:23 0 d-------- C:\Documents and Settings\Dave\Application Data\Mozilla
2008-02-13 18:03:50 24626 --a------ C:\WINDOWS\system32\ScrrnES.dll <Not Verified; Microsoft Corporation; Microsoft (r) Script Runtime>
2008-02-12 11:19:00 0 d-------- C:\Documents and Settings\Dave\Application Data\Viewpoint
2008-02-04 22:28:06 0 d-------- C:\Program Files\Windows Live Safety Center
2008-01-24 16:48:14 35738 --a------ C:\WINDOWS\hosts


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
26/11/2007 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [10/04/2007 18:35]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [08/01/2007 10:22]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 22:33]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvvv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^broadband medic.lnk]
backup=C:\WINDOWS\pss\broadband medic.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6c30e84f]
rundll32.exe "C:\WINDOWS\system32\gkkobqfs.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\barb bib mp3 camp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mp3start]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvchost]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]
C:\Program Files\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"c:\Apps\Powercinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Services Loader]
C:\WINDOWS\SYSTEM32\DRIVERS\services.exe C:\WINDOWS\SYSTEM32\DRIVERS\serv-u.ini

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows svchost]
C:\WINDOWS\system32\drivers\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\svchost.exe -b C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)

*Newly Created Service* - 0049451206793933MCINSTCLEANUP



-- End of Deckard's System Scanner: finished at 2008-03-29 14:47:27 ------------

[amateur]

Hi,

Quote:

hi, thanks for replying so fast, and sorry it took me a while to get back to you but i've had alot on.

No problem. I was quite busy myself.

Quote:

i scanned with hijackthis but couldnt find these 2 entries to delete:

O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe

i dont know if thats a problem?

No problem at all. I expected them not to be present, but included them in the fix just in case.

===============================

You have been visiting crack sites and downloading crack software. Please be informed that visiting crack sites and downloading crack software are sure ways of getting infected.

===============================

Backup Your Registry with ERUNT

• Please use the following link and scroll down to ERUNT and download it.
  
  http://aumha.org/freeware/freeware.php
  
• For version with the Installer:
  
  Use the setup program to install ERUNT on your computer
  
• For the zipped version:
  
  Unzip all the files into a folder of your choice.
  
• Click Erunt.exe to backup your registry to the folder of your choice.

---------------

Open notepad. It must be notepad, not wordpad.
Copy and paste the text inside the code box below into notepad, including the blank line at the end. Make sure that wordwrap is turned off in notepad - click the format menu and uncheck wordwrap.
Choose file save as and set file type to all files.
Type fixreg.reg in the file name and save it to your desktop. It should look like this:

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):73,63,65,63,6c,69,00,00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6c30e84f]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\barb bib mp3 camp]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvchost]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows svchost]

Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Close notepad. Make sure that all windows are closed.

Find the fixreg.reg file on your desktop.
Double click it.
It will then ask if you want the file merged to your registry.
Answer yes.

===============================================

Reboot your computer.

===============================================

Quote:

Total Physical Memory: 192 MiB (512 MiB recommended).

You might like to increase your system's memory. It must be running very slowly at the moment.

===============================

Quote:

i also have the kaspersky but i'm having trouble posting it because its so big (over 6000kb)

Did you run the ATF cleaner prior to running Kaspersky? Try the following and see if it helps:

Please download fixedit.exe
Save it to your desktop.

• Now open the Kaspersky file.txt you saved.
• Copy the entire contents .
• Now click on fix edit.exe to open it.
• Paste the contents of the kaspersky file in there.
• Click the Make Global Changes tab,
• and type infected in the Test Key text.
• In the top green block, tick on the button labeled "Contains the Test key anywhere".
  {Third box down in this version}
• Then at the bottom of the page, check the box labeled "Retain only lines that pass the test parameter, discard the rest".
  Hit GO.
• Now click on the show/edit current text.
  This should dramatically reduce the size of the file.
• Highlight everything using your mouse ("cntrl a")
• Then right click and choose copy ("cntrl c")

And paste that in your next post along with a fresh HijackThis log.

[loise300]

hi,
i made the fixreg.reg file and saved it to my desktop, but when i come to open it, it asks me what program i'd like to open it with, so i am unsure what to open it with so was unable to do that step. here is my kasperksy log and the new hijackthis log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 29, 2008 6:15:50 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/03/2008
Kaspersky Anti-Virus database records: 603700
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 86417
Number of viruses found: 5
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 01:54:15

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{6339CA69-11FD-4268-B36B-9824EB01239A}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{DB13DD04-483F-44E3-8774-28CFFC800373}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR5.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Documents\Config\desktop2.idf Object is locked skipped
C:\Documents and Settings\All Users\Documents\Fonts\SwUniNew.tff Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\A-0001.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\A-0002.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\complete sexuals\Dress up mate.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\complete sexuals\DSC02192.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\complete sexuals\Kiss this.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\complete sexuals\loise n luce.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\complete sexuals\Lucy n amy.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\complete sexuals\Me n daryl.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\complete sexuals\me room.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\complete sexuals\Me,nat,bex.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\complete sexuals\My bday.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\complete sexuals\nat,bek,me.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\complete sexuals\nat,tina,me.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\complete sexuals\nik,me,shaun.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\complete sexuals\nurse.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\complete sexuals\Photo-0002 (1).jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\complete sexuals\poser mate.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\complete sexuals\transexual.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\complete sexuals\WHAT.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\army crawl loise.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\blonde babe.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\blue slip avoid me.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\blue slip.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\bod ****.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\brown girl in the ring.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\captain birdseye.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\dad loves pick me up.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\edwardian spinach cow.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\fit.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\front crawl loise.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\ganja *****.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\green giant.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\green spliff. blue loise.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\i always knew loise had crabs.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\i like pie.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\i like to urinate in sea.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\im with stupid.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\jean go wee wee.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\jean smells like piss.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\loise av pick.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\loise n her rug.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\loise neb.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\loise pretend 2 eat crisps.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\loise white.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\loise ya head looks like a onion.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\mark lamar.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\mermaid blue.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\morbid loise.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\neb.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\oh no its just slipped out .jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\owd blue slip.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\part of that world.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\pie eatin chin.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\sailor grylls.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\simple sailor.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\sleeping blue slip.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\thinkin luce.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\this wil b another spot the difference.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\trout pout.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\when i was young.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\holiday\windswept blue.jpg Object is locked skipped
C:\Documents and Settings\Dave\Application Data\McAfee\MBK\ARBUSFILE.GDB Object is locked skipped
C:\Documents and Settings\Dave\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Temp\sqlite_pjaLXgDshGfcAgk Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Temp\~DFB783.tmp Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave\ntuser.dat Object is locked skipped
C:\Documents and Settings\Dave\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Louise\.limewire\.NetworkShare\Incomplete\LimeWireWinInstaller.exe.info Object is locked skipped
C:\Documents and Settings\Louise\.limewire\.NetworkShare\Incomplete\LimeWireWinInstaller.exe.part Object is locked skipped
C:\Documents and Settings\Louise\.limewire\.NetworkShare\LimeWireWin4.16.6.exe Object is locked skipped
C:\Documents and Settings\Louise\.limewire\410splashpro.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\412splashpro.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\49splashfree.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\createtimes.cache Object is locked skipped
C:\Documents and Settings\Louise\.limewire\data.ser Object is locked skipped
C:\Documents and Settings\Louise\.limewire\fileurns.bak Object is locked skipped
C:\Documents and Settings\Louise\.limewire\fileurns.cache Object is locked skipped
C:\Documents and Settings\Louise\.limewire\filters.props Object is locked skipped
C:\Documents and Settings\Louise\.limewire\gnutella.net Object is locked skipped
C:\Documents and Settings\Louise\.limewire\installation.props Object is locked skipped
C:\Documents and Settings\Louise\.limewire\library.dat Object is locked skipped
C:\Documents and Settings\Louise\.limewire\limewire.props Object is locked skipped
C:\Documents and Settings\Louise\.limewire\pub1.key Object is locked skipped
C:\Documents and Settings\Louise\.limewire\public.key Object is locked skipped
C:\Documents and Settings\Louise\.limewire\questions.props Object is locked skipped
C:\Documents and Settings\Louise\.limewire\responses.cache Object is locked skipped
C:\Documents and Settings\Louise\.limewire\secureMessage.key Object is locked skipped
C:\Documents and Settings\Louise\.limewire\simpp.xml Object is locked skipped
C:\Documents and Settings\Louise\.limewire\spam.dat Object is locked skipped
C:\Documents and Settings\Louise\.limewire\tables.props Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\dir_closed.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\dir_open.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\kill_on.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\lime.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\logo.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\notsearching.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\question.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\splash.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\black_theme.lwtp Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\dir_closed.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\dir_open.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\logo.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\notsearching.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\question.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\search.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\splash.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\classic_theme.lwtp Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\dir_closed.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\dir_open.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\kill_on.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\lime.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\logo.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\notsearching.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\question.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\splash.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewirePro_theme.lwtp Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\dir_closed.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\dir_open.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\kill_on.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\lime.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\logo.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\notsearching.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\question.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\splash.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\limewire_theme.lwtp Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\kill_on.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\logo.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\notsearching.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\question.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\splash.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\other_theme.lwtp Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\kill_on.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\logo.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\notsearching.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\question.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\splash.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\themes\windows_theme.lwtp Object is locked skipped
C:\Documents and Settings\Louise\.limewire\ttree.cache Object is locked skipped
C:\Documents and Settings\Louise\.limewire\update.xml Object is locked skipped
C:\Documents and Settings\Louise\.limewire\version.key Object is locked skipped
C:\Documents and Settings\Louise\.limewire\version.xml Object is locked skipped
C:\Documents and Settings\Louise\.limewire\xml\data\application.sxml Object is locked skipped
C:\Documents and Settings\Louise\.limewire\xml\data\audio.sxml Object is locked skipped
C:\Documents and Settings\Louise\.limewire\xml\data\delete_me Object is locked skipped
C:\Documents and Settings\Louise\.limewire\xml\data\video.sxml Object is locked skipped
C:\Documents and Settings\Louise\.limewire\xml\misc\application.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\xml\misc\audio.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\xml\misc\document.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\xml\misc\image.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\xml\misc\video.gif Object is locked skipped
C:\Documents and Settings\Louise\.limewire\xml\schemas\application.xsd Object is locked skipped
C:\Documents and Settings\Louise\.limewire\xml\schemas\audio.xsd Object is locked skipped
C:\Documents and Settings\Louise\.limewire\xml\schemas\document.xsd Object is locked skipped
C:\Documents and Settings\Louise\.limewire\xml\schemas\image.xsd Object is locked skipped
C:\Documents and Settings\Louise\.limewire\xml\schemas\video.xsd Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Acrobat\6.0\AcroForm\MRUFormsList Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Acrobat\6.0\AdobeComFnt06.lst Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Acrobat\6.0\Collab\OfflineDocs Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Acrobat\6.0\Collab\Reviews Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Acrobat\6.0\Preferences\AutoFillDefaults.dat Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Acrobat\6.0\Preferences\defaultHeuristics.dat Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Acrobat\6.0\TMGrpPrm.sav Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Acrobat\6.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\AAAAAAAA2 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\AAAAAAAA2M Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\BAAAAAAA2 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\BAAAAAAA2M Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\CAAAAAAA2 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\CAAAAAAA2M Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\DAAAAAAA2 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\DAAAAAAA2M Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\EAAAAAAA2 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\EAAAAAAA2M Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\FAAAAAAA2 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\FAAAAAAA2M Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\GAAAAAAA2 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\GAAAAAAA2M Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\HAAAAAAA2 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\HAAAAAAA2M Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\IAAAAAAA2 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\IAAAAAAA2M Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\index.dat Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\JAAAAAAA2 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\JAAAAAAA2M Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\KAAAAAAA2 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\FileBrowser\Photoshop7\KAAAAAAA2M Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\ImageReady\7.0\Settings\ImageReady Actions\2-State Button.isa Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\ImageReady\7.0\Settings\ImageReady Actions\Constrain to 200x200 pixels.isa Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\ImageReady\7.0\Settings\ImageReady Actions\Flaming Text.isa Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\ImageReady\7.0\Settings\ImageReady Actions\Frozen Text.isa Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\ImageReady\7.0\Settings\ImageReady Actions\Multi-Size & Save.isa Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\ImageReady\7.0\Settings\ImageReady Actions\Spin Zoom In.isa Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\ImageReady\7.0\Settings\ImageReady Actions\Spin.isa Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\ImageReady\7.0\Settings\ImageReady Actions\Web Page Template.isa Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\ImageReady\7.0\Settings\ImageReady Actions\Zoom In.isa Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\ImageReady\7.0\Settings\ImageReady Actions\Zoom Out.isa Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\ImageReady\7.0\Settings\ImageReady Palette Cache.irx Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\ImageReady\7.0\Settings\ImageReady Plug-in Cache.irx Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\ImageReady\7.0\Settings\ImageReady Swatches.aco Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\ImageReady\7.0\Settings\Recently Used Optimizations.irs Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Photoshop\7.0\Adobe Photoshop 7.0 Settings\Actions Palette.psp Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Photoshop\7.0\Adobe Photoshop 7.0 Settings\Adobe Photoshop 7.0 Prefs.psp Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Photoshop\7.0\Adobe Photoshop 7.0 Settings\Brushes.psp Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Photoshop\7.0\Adobe Photoshop 7.0 Settings\Color Settings.csf Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Photoshop\7.0\Adobe Photoshop 7.0 Settings\Contours.psp Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Photoshop\7.0\Adobe Photoshop 7.0 Settings\CustomShapes.psp Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Photoshop\7.0\Adobe Photoshop 7.0 Settings\Gradients.psp Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Photoshop\7.0\Adobe Photoshop 7.0 Settings\Patterns.psp Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Photoshop\7.0\Adobe Photoshop 7.0 Settings\PluginCache.psp Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Photoshop\7.0\Adobe Photoshop 7.0 Settings\Styles.psp Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Photoshop\7.0\Adobe Photoshop 7.0 Settings\Swatches.psp Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Photoshop\7.0\Adobe Photoshop 7.0 Settings\ToolPresets.psp Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Adobe\Workflow\Options.txt Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Apple Computer\iTunes\CD Info.cidb Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Apple Computer\iTunes\iTunes.pref Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Apple Computer\iTunes\iTunesPrefs.xml Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Audacity\audacity.cfg Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Cool Record Edit Pro\MRUItems.dat Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Cool Record Edit Pro\Settings.dat Object is locked skipped
C:\Documents and Settings\Louise\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Louise\Application Data\DivX\DivX Player\Database.dat Object is locked skipped
C:\Documents and Settings\Louise\Application Data\DivX\DivX Player\DownloadQueue.dlq Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Google\GoogleEarth\myplaces.backup.kml Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Google\GoogleEarth\myplaces.kml Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Google\GoogleEarth\myplaces.kml.tmp Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Google\GoogleEarth\myplaces.old Object is locked skipped
C:\Documents and Settings\Louise\Application Data\IrfanView\IrfanView_Wallpaper.bmp Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Leadertech\PowerRegister\PowerReg.dat Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Logitech\SetPoint\gamelist.xml Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Logitech\SetPoint\Last_user.xml Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Logitech\SetPoint\user.xml Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Macromedia\Flash Player\#SharedObjects(2)\7EBKGWAK\www.youtube.com\soundData.sol Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Macromedia\Flash Player\#SharedObjects(2)\7EBKGWAK\www.youtube.com\timeDisplayConfig.sol Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Macromedia\Flash Player\macromedia(2).com\support(2)\flashplayer(2)\sys(2)\#www.youtube(2).com\settings.sol Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Macromedia\Flash Player\macromedia(2).com\support(2)\flashplayer(2)\sys(2)\settings.sol Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Macromedia\Shockwave Player\Prefs\PE4GJAXW\htbgWriteTest.txt Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Macromedia\Shockwave Player\Prefs\PE4GJAXW\kbox_g91.txt Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Macromedia\Shockwave Player\Prefs\PE4GJAXW\Sketch.txt Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Macromedia\Shockwave Player\Prefs\PE4GJAXW\systemsys.txt Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Macromedia\Shockwave Player\Prefs\PE4GJAXW\vgdir.txt Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Macromedia\Shockwave Player\Prefs\PE4GJAXW\vgfile1.txt Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Macromedia\Shockwave Player\Prefs\PE4GJAXW\vgtemplate1.txt Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Macromedia\Shockwave Player\Prefs\PE4GJAXW\vgtemplate2.txt Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Macromedia\Shockwave Player\Prefs\PE4GJAXW\vgtemplate3.txt Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Macromedia\Shockwave Player\Prefs\PE4GJAXW\vgtemplatedir.txt Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Macromedia\Shockwave Player\Shockwave Log Object is locked skipped
C:\Documents and Settings\Louise\Application Data\McAfee\MBK\ARBUSFILE.GDB Object is locked skipped
C:\Documents and Settings\Louise\Application Data\McAfee\MBK\config.xml Object is locked skipped
C:\Documents and Settings\Louise\Application Data\McAfee\MBK\config.xml.Bak Object is locked skipped
C:\Documents and Settings\Louise\Application Data\McAfee\MBK\Exceptions.txt Object is locked skipped
C:\Documents and Settings\Louise\Application Data\McAfee\MBK\MonitorInfo.xml Object is locked skipped
C:\Documents and Settings\Louise\Application Data\McAfee\MBK\PAEFileTypes.xml Object is locked skipped
C:\Documents and Settings\Louise\Application Data\McAfee\MBK\PCEFileTypes.xml Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Media Player Classic\default.mpcpl Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Address Book\Louise.wab Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Address Book\Louise.wab~ Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Credentials\S-1-5-21-2484164758-4289812923-617904061-1007\Credentials Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\107367539B7C89418A100A6FF29C5EAC Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\2BBA88436E92E1ABCED8E68D74DC5B38 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\33ECCD4EC2899E5F6A7E306662596E0F Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\4241116AF370FAC5C95DE753B1F7BD7C Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\561F989D166B9195191D8592AEB81CDD Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\5C8DDA36D60247082B142836039F4636 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\6C68A73125F3238F044A8115D96841B6 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\6CE8EFD9237C13C5FAD9A5EF89E5764D Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\71644221AC231DBD2359C18EBB2118DC Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\7735880A01E3F94F763761958A7A8191 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\7C8A03C4580C6B04FDF34357F3474EDC Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\A66496915E372C06F0D8C0CC31F81B97 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\B2F4B1D39F0694C6CDB433BC3CCF1418 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\B82262A5D5DA4DDACE9EDA7F787D0DEB Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\C571B417AAF1F617555A0486AB3F5361 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\CA0D73613D6B64246BFCA3B839EE4E43 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\CFE3BF66E9913B1EDEDFE338EA0280AE Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\D9446DF6FD9BABE04CC252D4F0FB3D01 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\DC2135CED98D8A4D7C0CEE202BB0B810 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\EE7DFEE2CA8CFB0F905ED5FA70B3CD71 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\F5A17C00E427F919C4A49EEF5AD0EE53 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\Content\F6DEB9C1F3251400F7D6EB743CB14FB4 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\107367539B7C89418A100A6FF29C5EAC Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BBA88436E92E1ABCED8E68D74DC5B38 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\33ECCD4EC2899E5F6A7E306662596E0F Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\4241116AF370FAC5C95DE753B1F7BD7C Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\561F989D166B9195191D8592AEB81CDD Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\5C8DDA36D60247082B142836039F4636 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\6C68A73125F3238F044A8115D96841B6 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\6CE8EFD9237C13C5FAD9A5EF89E5764D Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\71644221AC231DBD2359C18EBB2118DC Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\7735880A01E3F94F763761958A7A8191 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\7C8A03C4580C6B04FDF34357F3474EDC Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\A66496915E372C06F0D8C0CC31F81B97 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\B2F4B1D39F0694C6CDB433BC3CCF1418 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\B82262A5D5DA4DDACE9EDA7F787D0DEB Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\C571B417AAF1F617555A0486AB3F5361 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\CA0D73613D6B64246BFCA3B839EE4E43 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFE3BF66E9913B1EDEDFE338EA0280AE Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\D9446DF6FD9BABE04CC252D4F0FB3D01 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\DC2135CED98D8A4D7C0CEE202BB0B810 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\EE7DFEE2CA8CFB0F905ED5FA70B3CD71 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\F5A17C00E427F919C4A49EEF5AD0EE53 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\CryptnetUrlCache\MetaData\F6DEB9C1F3251400F7D6EB743CB14FB4 Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\033d6524204d4b2a1b81d907ec2c9962_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\1e9b9eb98dfa31f3b3a9085931eb684d_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\1f611c80d9f0a9502d3a43db5e0d4dcf_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\314afc91784d06e4fd07b7157877299e_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\52a67dba448242bc06f4c9facfa57111_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\5a299bcbd087c2c35e83ab9eec046cd5_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\5baa3a06a453b6ba969541b11b8e9dc3_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\6b29ae44e85efac3c72ff4d1865d73f1_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\77cb0c374217e92e8dad8694e0d38a9d_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\83aa4cc77f591dfc2374580bbd95f6ba_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\8778940399d7130ae648656df83cc81c_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\881cd4f1accd29bf9da0b0f8a7976019_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\97e005e3572ad93e426f9b193ca17649_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\9bb6c989ea3abbd26145e98981498f63_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\9db5f9bdf55698f32892ac91fe878268_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\a1b906a65bb2871acd8c8b2962c2af18_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\a53107fee44b9bf317cbcec7e20718c5_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\a61edbbfd2aa346668842a20138b80b9_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\b37d976a690ddc846ef41a643e61ecd7_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\b70efe5f30f21f46d0783fdcf852d77e_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\bc7c6d74d4f062c25c7fe7264f5ed052_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\bfd91877a8190451c76af33e9fb8b5c3_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\c494ccbf1797cbf2796499b29c3b3a49_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\c53cad3fc9e7fbdfa209bbfc4a9fad84_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\c5c2a9204f9e5741cc4be4582388cc4c_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\d21710fc6f72b35cb8063c913337a081_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\d752e0fe12adb22c0cef0b5f93efe39f_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\e308c815779aae347428c39d0c3e1368_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\e9aa6b9ba67faad7298bb61cc13e00d2_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\eccce17a1485643df479afe7465c0b9f_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\f4cea03d5a61e7da7019ade5b9da02d1_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2484164758-4289812923-617904061-1007\fcbd6e5af3a19f3b26af4687563d1d95_0a302f25-f286-430d-9780-5726104a468b Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\IMJP8_1\imjp81u.dic Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Installer\{4513F51E-3D1B-4791-B652-4C8B263ACD07}\1033.MST Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Installer\{4513F51E-3D1B-4791-B652-4C8B263ACD07}\ARPPRODUCTICON.exe Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Installer\{4513F51E-3D1B-4791-B652-4C8B263ACD07}\Uninstall_EasyStudio_2FA333E9845C4292870E7E41F38443CA.exe Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Logitech QuickCam.lnk Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Louise\Application Data\Microsoft\Media Player\001C0334.wpl Object is locked skipped
C:\


HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:06, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dave\Desktop\FixEdit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.multi-map.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O23 - Service: McAfee Application Installer Cleanup (0278031206891242) (0278031206891242mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\027803~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O24 - Desktop Component 0: (no name) - http://www.travelstyletours.co.uk/im...tle/title3.jpg

--
End of file - 9077 bytes

[amateur]

Hi,

The Kaspersky report is incomplete. Were you not able to use the Fixedit program?

Please visit this webpage for download links, and instructions for running Combofix: http://www.bleepingcomputer.com/comb...o-use-combofix
[list]When the tool is finished, it will produce a report for you. [*]Please post the C:\ComboFix.txt along with a new HijackThis log

[loise300]

hi, sorry for taking a while to get back to you, i just seem to have been working all the time, with no spare time to come on here.
but anyway, yeah i used the fixedit program and thats what it came up with, i seem to be having no luck but here are my 2 new logs anyway, and thank you again for your time.

Combofix:

ComboFix 08-04-01.2 - Dave 2008-04-03 18:51:15.1 - NTFSx86
Running from: C:\Documents and Settings\Dave\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dave\Application Data\ezpinst.log
C:\Documents and Settings\Dave\Application Data\inst.exe
C:\Temp\isgTi19
C:\WINDOWS\cookies.ini
C:\WINDOWS\hosts
C:\WINDOWS\system32\nGpxx18
C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\rqstv.ini2
C:\WINDOWS\system32\tmp0_103214479287.bk
C:\WINDOWS\system32\tmp0_107209419012.bk
C:\WINDOWS\system32\tmp0_161793257151.bk
C:\WINDOWS\system32\tmp0_336274502077.bk
C:\WINDOWS\system32\tmp0_341475817010.bk
C:\WINDOWS\system32\tmp0_531384516153.bk
C:\WINDOWS\system32\tmp0_772397657676.bk
C:\WINDOWS\system32\tmp0_77843117043.bk
C:\WINDOWS\system32\tmp0_848577133993.bk
C:\WINDOWS\system32\twtrudwp.ini
C:\WINDOWS\system32\vvvwa.ini2

.
((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 )))))))))))))))))))))))))))))))
.

2008-03-30 21:04 . 2008-03-30 21:04 <DIR> d-------- C:\Program Files\ERUNT
2008-03-28 18:52 . 2008-03-28 18:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-28 18:52 . 2008-03-28 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-28 18:48 . 2008-03-28 18:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 22:33 . 2008-03-27 22:33 <DIR> d-------- C:\Program Files\iTunes
2008-03-27 21:08 . 2008-03-28 22:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-27 21:08 . 2008-03-27 21:08 <DIR> d-------- C:\Documents and Settings\Dave\Application Data\Malwarebytes
2008-03-27 21:08 . 2008-03-27 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-24 20:02 . 2008-03-27 22:33 <DIR> d-------- C:\Program Files\iTunes(2)
2008-03-21 17:57 . 2008-03-21 17:57 <DIR> d-------- C:\Deckard
2008-03-21 16:53 . 2008-03-21 16:53 <DIR> d-------- C:\Program Files\ZonedOut
2008-03-21 16:53 . 2008-03-21 16:53 240,904 --a------ C:\Program Files\ZonedOut.zip
2008-03-21 16:51 . 2008-03-21 16:52 322,518 --a------ C:\Program Files\ie-spyad_zo.exe
2008-03-21 16:37 . 2008-03-21 16:52 <DIR> d-------- C:\ie-spyad_zo
2008-03-21 16:27 . 2008-03-23 17:18 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-20 23:02 . 2008-03-20 23:02 <DIR> d-------- C:\Documents and Settings\Dave\Application Data\Samsung
2008-03-20 13:31 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-20 13:27 . 2008-03-20 13:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-19 21:22 . 2008-03-19 21:22 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-03-19 21:22 . 2008-03-19 21:22 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-03-19 21:20 . 2008-03-22 00:29 <DIR> d-------- C:\Program Files\Blubster
2008-03-19 11:24 . 2008-03-19 11:24 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-03-19 11:24 . 2008-03-19 11:24 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-03-16 18:46 . 2008-03-24 09:56 1,298 --a------ C:\WINDOWS\system32\1.tsk
2008-03-14 09:36 . 2008-03-14 09:36 68 --a------ C:\WINDOWS\system32\tmp4_41336580076.bk
2008-03-14 09:36 . 2008-03-14 09:36 68 --a------ C:\WINDOWS\system32\tmp3_146604756631.bk
2008-03-14 09:35 . 2008-03-14 09:35 68 --a------ C:\WINDOWS\system32\tmp1_722295694431.bk
2008-03-13 17:50 . 2008-03-13 17:50 68 --a------ C:\WINDOWS\system32\tmp4_13128551881.bk
2008-03-13 17:50 . 2008-03-13 17:50 68 --a------ C:\WINDOWS\system32\tmp3_631917438445.bk
2008-03-13 17:50 . 2008-03-13 17:50 68 --a------ C:\WINDOWS\system32\tmp1_617550201071.bk
2008-03-12 09:47 . 2008-03-12 09:47 68 --a------ C:\WINDOWS\system32\tmp4_713891247549.bk
2008-03-12 09:47 . 2008-03-12 09:47 68 --a------ C:\WINDOWS\system32\tmp3_66207929627.bk
2008-03-12 09:47 . 2008-03-12 09:47 68 --a------ C:\WINDOWS\system32\tmp1_76027470302.bk
2008-03-11 11:00 . 2008-03-11 11:00 68 --a------ C:\WINDOWS\system32\tmp4_526410837371.bk
2008-03-11 11:00 . 2008-03-11 11:00 68 --a------ C:\WINDOWS\system32\tmp3_440351463720.bk
2008-03-11 11:00 . 2008-03-11 11:00 68 --a------ C:\WINDOWS\system32\tmp1_466131342282.bk
2008-03-10 17:49 . 2008-03-10 17:49 68 --a------ C:\WINDOWS\system32\tmp4_159896718361.bk
2008-03-10 17:49 . 2008-03-10 17:49 68 --a------ C:\WINDOWS\system32\tmp3_779005470428.bk
2008-03-10 17:49 . 2008-03-10 17:49 68 --a------ C:\WINDOWS\system32\tmp1_86421314845.bk
2008-03-09 15:57 . 2008-03-09 15:57 68 --a------ C:\WINDOWS\system32\tmp4_7508335652.bk
2008-03-09 15:57 . 2008-03-09 15:57 68 --a------ C:\WINDOWS\system32\tmp3_835906749888.bk
2008-03-09 15:57 . 2008-03-09 15:57 68 --a------ C:\WINDOWS\system32\tmp1_22951193262.bk
2008-03-08 00:02 . 2008-03-08 00:02 68 --a------ C:\WINDOWS\system32\tmp4_18808480702.bk
2008-03-08 00:02 . 2008-03-08 00:02 68 --a------ C:\WINDOWS\system32\tmp3_242016771396.bk
2008-03-08 00:02 . 2008-03-08 00:02 68 --a------ C:\WINDOWS\system32\tmp1_495547622328.bk
2008-03-07 16:20 . 2008-03-07 16:20 <DIR> d-------- C:\Program Files\Autoruns
2008-03-07 16:20 . 2008-03-07 16:20 545,278 --a------ C:\Program Files\Autoruns.zip
2008-03-07 15:59 . 2008-03-07 15:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-07 12:37 . 2008-03-07 12:37 68 --a------ C:\WINDOWS\system32\tmp4_685836561807.bk
2008-03-07 12:37 . 2008-03-07 12:37 68 --a------ C:\WINDOWS\system32\tmp3_18732870581.bk
2008-03-07 12:37 . 2008-03-07 12:37 68 --a------ C:\WINDOWS\system32\tmp1_480638638070.bk
2008-03-07 01:01 . 2008-03-07 01:01 68 --a------ C:\WINDOWS\system32\tmp4_729273409191.bk
2008-03-07 01:01 . 2008-03-07 01:01 68 --a------ C:\WINDOWS\system32\tmp3_631141899985.bk
2008-03-07 01:01 . 2008-03-07 01:01 68 --a------ C:\WINDOWS\system32\tmp1_229602325576.bk
2008-03-06 12:47 . 2008-03-06 13:23 <DIR> d-------- C:\Program Files\RegCure

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 17:59 --------- d-----w C:\Program Files\McAfee
2008-04-02 18:08 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-01 22:46 --------- d-----w C:\Documents and Settings\Dave\Application Data\uTorrent
2008-04-01 22:40 --------- d-----w C:\Documents and Settings\Dave\Application Data\SiteAdvisor
2008-04-01 22:38 --------- d-----w C:\Documents and Settings\Dave\Application Data\Vso
2008-04-01 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-01 20:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-28 16:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-28 16:42 --------- d-----w C:\Program Files\XoftSpySE
2008-03-27 20:06 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-03-24 19:02 --------- d-----w C:\Program Files\iPod
2008-03-20 23:08 --------- d-----w C:\Program Files\MSN Messenger
2008-03-20 12:30 --------- d-----w C:\Program Files\Java
2008-03-19 10:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-06 12:31 --------- d-----w C:\Program Files\AOL 9.0
2008-03-03 13:32 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-28 21:55 --------- d-----w C:\Program Files\Samsung
2008-02-23 10:09 --------- d-----w C:\Documents and Settings\Dave\Application Data\PC Tools
2008-02-20 18:45 --------- d-----w C:\Documents and Settings\Dave\Application Data\Uniblue
2008-02-20 16:15 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee
2008-02-19 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-19 21:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-15 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-02-12 11:19 --------- d-----w C:\Documents and Settings\Dave\Application Data\Viewpoint
2007-09-29 10:39 47,360 -c--a-w C:\Documents and Settings\Dave\Application Data\pcouffin.sys
2007-02-15 23:03 4,859,480 -c--a-w C:\Program Files\MsgPlusLive-411.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-04-10 19:35 36904]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6c30e84f]
C:\WINDOWS\system32\gkkobqfs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\barb bib mp3 camp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 14:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-05-04 18:21 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a--c--- 2005-12-25 18:41 20480 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a--c--- 2005-01-18 18:07 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a--c--- 2005-01-18 18:47 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a--c--- 2005-01-18 18:37 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2004-10-08 12:52 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a--c--- 2003-12-30 11:40 380928 C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mp3start]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
--a--c--- 2004-08-04 14:00 158208 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvchost]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]
--a--c--- 2003-12-13 18:17 61440 C:\Program Files\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a--c--- 2005-01-28 11:10 110740 c:\Apps\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2004-05-14 15:47 67072 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a--c--- 2004-03-26 14:07 49152 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Services Loader]
C:\WINDOWS\SYSTEM32\DRIVERS\services.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows svchost]
C:\WINDOWS\system32\drivers\etc\LSASS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AOL 9.0\\aol.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

S3 musbehco;musbehco;C:\DOCUME~1\Louise\LOCALS~1\Temp\musbehco.sys []
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2006-02-14 07:42]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2006-02-14 07:42]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2006-02-14 07:42]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 01:23:19 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-04-01 00:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-03-07 15:33:32 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-07 15:33:32 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-07 15:33:31 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-03-07 15:33:31 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 19:03:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-04-03 19:08:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-03 18:08:14
Pre-Run: 45,791,686,656 bytes free
Post-Run: 45,718,700,032 bytes free
.
2008-03-19 10:35:13 --- E O F ---




HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:36, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.multi-map.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O24 - Desktop Component 0: (no name) - http://www.travelstyletours.co.uk/im...tle/title3.jpg

--
End of file - 7510 bytes

[amateur]

Hi,

Quote:

hi, sorry for taking a while to get back to you, i just seem to have been working all the time, with no spare time to come on here.

No problem. I know the feeling very well.

I see that you are using p2p file sharing programs like uTorrent, LimeWire and Blubster. I would like to warn you that the nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. So, regardless of whether one is using a "clean" program, one may still be prone to infection by malware because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. Also by default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple, file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft.
I recommend very strongly that you remove them from your system via Add/Remove Programs in Control Panel.

=======================================

• Open notepad (Start>All programs>accessories>notepad )
• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as CFScript.txt
• Change the Save as Type to All Files
• and Save it on the desktop

(It must be notepad, not wordpad, or it won't work):

Code:

KILLALL::

File::
C:\DOCUME~1\Louise\LOCALS~1\Temp\musbehco.sys
C:\WINDOWS\SwSys2.bmp  
C:\WINDOWS\SwSys1.bmp  
C:\WINDOWS\system32\1.tsk  
C:\WINDOWS\system32\tmp4_41336580076.bk  
C:\WINDOWS\system32\tmp3_146604756631.bk  
C:\WINDOWS\system32\tmp1_722295694431.bk  
C:\WINDOWS\system32\tmp4_13128551881.bk  
C:\WINDOWS\system32\tmp3_631917438445.bk  
C:\WINDOWS\system32\tmp1_617550201071.bk  
C:\WINDOWS\system32\tmp4_713891247549.bk  
C:\WINDOWS\system32\tmp3_66207929627.bk  
C:\WINDOWS\system32\tmp1_76027470302.bk  
C:\WINDOWS\system32\tmp4_526410837371.bk  
C:\WINDOWS\system32\tmp3_440351463720.bk  
C:\WINDOWS\system32\tmp1_466131342282.bk  
C:\WINDOWS\system32\tmp4_159896718361.bk  
C:\WINDOWS\system32\tmp3_779005470428.bk  
C:\WINDOWS\system32\tmp1_86421314845.bk  
C:\WINDOWS\system32\tmp4_7508335652.bk  
C:\WINDOWS\system32\tmp3_835906749888.bk  
C:\WINDOWS\system32\tmp1_22951193262.bk  
C:\WINDOWS\system32\tmp4_18808480702.bk  
C:\WINDOWS\system32\tmp3_242016771396.bk  
C:\WINDOWS\system32\tmp1_495547622328.bk  
C:\WINDOWS\system32\tmp4_685836561807.bk  
C:\WINDOWS\system32\tmp3_18732870581.bk  
C:\WINDOWS\system32\tmp1_480638638070.bk  
C:\WINDOWS\system32\tmp4_729273409191.bk  
C:\WINDOWS\system32\tmp3_631141899985.bk  
C:\WINDOWS\system32\tmp1_229602325576.bk

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6c30e84f]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\barb bib mp3 camp]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mp3start]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvchost]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Services Loader]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows svchost]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Driver::
musbehco

Save this as CFScript.txt



Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

==============================

Make sure you follow the set up instructions carefully for DrWebCurit as it tends to be a bit aggressive:

Please download Dr.Web CureIt to the desktop.

Disconnect this PC from the internet and close all open programs.

It's crucial that you follow this next step exactly as instructed: Do not multi-task while the scan is running...only DrWeb can be active

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously, along with the combofix.txt and a new HijackThis log in your next reply.

[loise300]

Hi, back again
i did the cureit scan and it found nothing in the express scan, but then i did the complete scan and it found some things, here are my logs for you:

CureIt:

POSTOOBE.NEC;C:\DRIVERS;VBS.Generic.278;Deleted.;
A0292359.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP878;Trojan.DownLoader.51414;Deleted.;
A0302565.old;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP885;Trojan.Click.17956;Deleted.;
A0312863.dll;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP901;Trojan.Virtumod.272;Deleted.;
A0312864.dll;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP901;Trojan.Virtumod.269;Deleted.;
A0312865.dll;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP901;Trojan.Virtumod.269;Deleted.;
A0323395.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP907;Probably BACKDOOR.Trojan;Incurable.Moved.;
A0328438.bat;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP917;Probably BATCH.Virus;Incurable.Moved.;
A0328446.bat;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP917;Probably SCRIPT.Virus;Incurable.Moved.;
A0328473.bat;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP917;Probably BATCH.Virus;Incurable.Moved.;
A0328480.bat;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP917;Probably SCRIPT.Virus;Incurable.Moved.;
A0328523.EXE;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP918;Program.PsExec.170;Incurable.Moved.;
A0328534.bat;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP918;Probably BATCH.Virus;Incurable.Moved.;
A0328542.bat;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP918;Probably SCRIPT.Virus;Incurable.Moved.;
A0328592.bat;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP918;Probably BATCH.Virus;Incurable.Moved.;
A0328598.bat;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP918;Probably SCRIPT.Virus;Incurable.Moved.;
A0328630.EXE;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP919;Program.PsExec.170;Incurable.Moved.;
A0328645.EXE;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP919;Program.PsExec.170;Incurable.Moved.;
A0328652.bat;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP919;Probably BATCH.Virus;Incurable.Moved.;
A0328659.bat;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP919;Probably SCRIPT.Virus;Incurable.Moved.;
PSEXESVC.EXE;C:\WINDOWS;Program.PsExec.170;Incurable.Moved.;




ComboFix:


ComboFix 08-04-01.2 - Dave 2008-04-04 19:14:20.2 - NTFSx86
Running from: C:\Documents and Settings\Dave\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dave\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\DOCUME~1\Louise\LOCALS~1\Temp\musbehco.sys
C:\WINDOWS\SwSys1.bmp
C:\WINDOWS\SwSys2.bmp
C:\WINDOWS\system32\1.tsk
C:\WINDOWS\system32\tmp1_22951193262.bk
C:\WINDOWS\system32\tmp1_229602325576.bk
C:\WINDOWS\system32\tmp1_466131342282.bk
C:\WINDOWS\system32\tmp1_480638638070.bk
C:\WINDOWS\system32\tmp1_495547622328.bk
C:\WINDOWS\system32\tmp1_617550201071.bk
C:\WINDOWS\system32\tmp1_722295694431.bk
C:\WINDOWS\system32\tmp1_76027470302.bk
C:\WINDOWS\system32\tmp1_86421314845.bk
C:\WINDOWS\system32\tmp3_146604756631.bk
C:\WINDOWS\system32\tmp3_18732870581.bk
C:\WINDOWS\system32\tmp3_242016771396.bk
C:\WINDOWS\system32\tmp3_440351463720.bk
C:\WINDOWS\system32\tmp3_631141899985.bk
C:\WINDOWS\system32\tmp3_631917438445.bk
C:\WINDOWS\system32\tmp3_66207929627.bk
C:\WINDOWS\system32\tmp3_779005470428.bk
C:\WINDOWS\system32\tmp3_835906749888.bk
C:\WINDOWS\system32\tmp4_13128551881.bk
C:\WINDOWS\system32\tmp4_159896718361.bk
C:\WINDOWS\system32\tmp4_18808480702.bk
C:\WINDOWS\system32\tmp4_41336580076.bk
C:\WINDOWS\system32\tmp4_526410837371.bk
C:\WINDOWS\system32\tmp4_685836561807.bk
C:\WINDOWS\system32\tmp4_713891247549.bk
C:\WINDOWS\system32\tmp4_729273409191.bk
C:\WINDOWS\system32\tmp4_7508335652.bk
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SwSys1.bmp
C:\WINDOWS\SwSys2.bmp
C:\WINDOWS\system32\1.tsk
C:\WINDOWS\system32\tmp1_22951193262.bk
C:\WINDOWS\system32\tmp1_229602325576.bk
C:\WINDOWS\system32\tmp1_466131342282.bk
C:\WINDOWS\system32\tmp1_480638638070.bk
C:\WINDOWS\system32\tmp1_495547622328.bk
C:\WINDOWS\system32\tmp1_617550201071.bk
C:\WINDOWS\system32\tmp1_722295694431.bk
C:\WINDOWS\system32\tmp1_76027470302.bk
C:\WINDOWS\system32\tmp1_86421314845.bk
C:\WINDOWS\system32\tmp3_146604756631.bk
C:\WINDOWS\system32\tmp3_18732870581.bk
C:\WINDOWS\system32\tmp3_242016771396.bk
C:\WINDOWS\system32\tmp3_440351463720.bk
C:\WINDOWS\system32\tmp3_631141899985.bk
C:\WINDOWS\system32\tmp3_631917438445.bk
C:\WINDOWS\system32\tmp3_66207929627.bk
C:\WINDOWS\system32\tmp3_779005470428.bk
C:\WINDOWS\system32\tmp3_835906749888.bk
C:\WINDOWS\system32\tmp4_13128551881.bk
C:\WINDOWS\system32\tmp4_159896718361.bk
C:\WINDOWS\system32\tmp4_18808480702.bk
C:\WINDOWS\system32\tmp4_41336580076.bk
C:\WINDOWS\system32\tmp4_526410837371.bk
C:\WINDOWS\system32\tmp4_685836561807.bk
C:\WINDOWS\system32\tmp4_713891247549.bk
C:\WINDOWS\system32\tmp4_729273409191.bk
C:\WINDOWS\system32\tmp4_7508335652.bk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MUSBEHCO
-------\Service_musbehco


((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-04 09:24 . 2008-04-04 09:24 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-03-30 21:04 . 2008-03-30 21:04 <DIR> d-------- C:\Program Files\ERUNT
2008-03-28 18:52 . 2008-03-28 18:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-28 18:52 . 2008-03-28 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-28 18:48 . 2008-03-28 18:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 22:33 . 2008-03-27 22:33 <DIR> d-------- C:\Program Files\iTunes
2008-03-27 21:08 . 2008-03-28 22:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-27 21:08 . 2008-03-27 21:08 <DIR> d-------- C:\Documents and Settings\Dave\Application Data\Malwarebytes
2008-03-27 21:08 . 2008-03-27 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-24 20:02 . 2008-03-27 22:33 <DIR> d-------- C:\Program Files\iTunes(2)
2008-03-21 17:57 . 2008-03-21 17:57 <DIR> d-------- C:\Deckard
2008-03-21 16:53 . 2008-03-21 16:53 <DIR> d-------- C:\Program Files\ZonedOut
2008-03-21 16:53 . 2008-03-21 16:53 240,904 --a------ C:\Program Files\ZonedOut.zip
2008-03-21 16:51 . 2008-03-21 16:52 322,518 --a------ C:\Program Files\ie-spyad_zo.exe
2008-03-21 16:37 . 2008-03-21 16:52 <DIR> d-------- C:\ie-spyad_zo
2008-03-21 16:27 . 2008-03-23 17:18 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-20 23:02 . 2008-03-20 23:02 <DIR> d-------- C:\Documents and Settings\Dave\Application Data\Samsung
2008-03-20 13:31 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-20 13:27 . 2008-03-20 13:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-19 21:20 . 2008-03-22 00:29 <DIR> d-------- C:\Program Files\Blubster
2008-03-19 11:24 . 2008-03-19 11:24 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-03-19 11:24 . 2008-03-19 11:24 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-03-07 16:20 . 2008-03-07 16:20 <DIR> d-------- C:\Program Files\Autoruns
2008-03-07 16:20 . 2008-03-07 16:20 545,278 --a------ C:\Program Files\Autoruns.zip
2008-03-07 15:59 . 2008-03-07 15:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-06 12:47 . 2008-03-06 13:23 <DIR> d-------- C:\Program Files\RegCure

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 18:33 --------- d-----w C:\Program Files\McAfee
2008-04-02 18:08 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-01 22:46 --------- d-----w C:\Documents and Settings\Dave\Application Data\uTorrent
2008-04-01 22:40 --------- d-----w C:\Documents and Settings\Dave\Application Data\SiteAdvisor
2008-04-01 22:38 --------- d-----w C:\Documents and Settings\Dave\Application Data\Vso
2008-04-01 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-01 20:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-28 16:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-28 16:42 --------- d-----w C:\Program Files\XoftSpySE
2008-03-27 20:06 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-03-24 19:02 --------- d-----w C:\Program Files\iPod
2008-03-20 23:08 --------- d-----w C:\Program Files\MSN Messenger
2008-03-20 12:30 --------- d-----w C:\Program Files\Java
2008-03-19 10:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-06 12:31 --------- d-----w C:\Program Files\AOL 9.0
2008-03-03 13:32 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-28 21:55 --------- d-----w C:\Program Files\Samsung
2008-02-23 10:09 --------- d-----w C:\Documents and Settings\Dave\Application Data\PC Tools
2008-02-20 18:45 --------- d-----w C:\Documents and Settings\Dave\Application Data\Uniblue
2008-02-20 16:15 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee
2008-02-19 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-19 21:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-15 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-02-12 11:19 --------- d-----w C:\Documents and Settings\Dave\Application Data\Viewpoint
2007-09-29 10:39 47,360 -c--a-w C:\Documents and Settings\Dave\Application Data\pcouffin.sys
2007-02-15 23:03 4,859,480 -c--a-w C:\Program Files\MsgPlusLive-411.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-03_19.07.29.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-03 14:23:43 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-04 17:25:10 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-03 14:23:43 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-04 17:25:10 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-03 14:23:43 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-04 17:25:10 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-23 13:50:32 309,096 ----a-w C:\WINDOWS\Temp\0111891207297563mcinst.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-04-10 19:35 36904]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 14:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-05-04 18:21 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a--c--- 2005-12-25 18:41 20480 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a--c--- 2005-01-18 18:07 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a--c--- 2005-01-18 18:47 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a--c--- 2005-01-18 18:37 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2004-10-08 12:52 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a--c--- 2003-12-30 11:40 380928 C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
--a--c--- 2004-08-04 14:00 158208 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]
--a--c--- 2003-12-13 18:17 61440 C:\Program Files\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a--c--- 2005-01-28 11:10 110740 c:\Apps\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2004-05-14 15:47 67072 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a--c--- 2004-03-26 14:07 49152 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AOL 9.0\\aol.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2006-02-14 07:42]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2006-02-14 07:42]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2006-02-14 07:42]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 01:23:19 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-04-01 00:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-03-07 15:33:32 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-07 15:33:32 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-07 15:33:31 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-03-07 15:33:31 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 19:34:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-04-04 19:44:55 - machine was rebooted [Dave]
ComboFix-quarantined-files.txt 2008-04-04 18:44:46
ComboFix2.txt 2008-04-03 18:08:21
Pre-Run: 45,662,912,512 bytes free
Post-Run: 45,715,525,632 bytes free
.
2008-03-19 10:35:13 --- E O F ---



HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:19, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.multi-map.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O24 - Desktop Component 0: (no name) - http://www.travelstyletours.co.uk/im...tle/title3.jpg

--
End of file - 7500 bytes

[amateur]

Hi,

Couple of questions before we proceed. Have you removed LimeWire, uTorrent and Blubster? I need to know that so that we can delete their folders too.

Scan with HijackThis and put a checkmark against the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Close all browsers and click on "fix checked".

================================

Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Select "http://www.travelstyletours.co.uk/images/title/title3.jpg" you find in there and press the delete button on the right.
Hit ok below > apply in previous window.

Also let me know how the computer is running now.

[loise300]

hi,

ive ran HijackThis and fixed both entries and i deleted:
http://www.travelstyletours.co.uk/im...tle/title3.jpg

overall my computer is running alot better than it was, and is alot quicker.

i removed Limewire ages ago before i had this problem, but obviously i havent removed it fully, like i thought i had, and i have now removed Blubster and uTorrent.
once again thank you for your help.

[amateur]

Excellent.

• Open notepad (Start>All programs>accessories>notepad )
• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as CFScript.txt
• Change the Save as Type to All Files
• and Save it on the desktop

(It must be notepad, not wordpad, or it won't work):

Code:

Folder::
C:\Documents and Settings\Louise\.limewire
C:\Documents and Settings\Dave\Application Data\uTorrent
C:\Program Files\Blubster

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=-

Save this as CFScript.txt



Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[loise300]

here are my 2 new logs for you:

ComboFix:


ComboFix 08-04-01.2 - Dave 2008-04-07 21:58:19.3 - NTFSx86
Running from: C:\Documents and Settings\Dave\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dave\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-03-07 to 2008-04-07 )))))))))))))))))))))))))))))))
.

2008-04-04 19:57 . 2008-04-05 14:30 <DIR> d-------- C:\Documents and Settings\Dave\DoctorWeb
2008-03-30 21:04 . 2008-03-30 21:04 <DIR> d-------- C:\Program Files\ERUNT
2008-03-28 18:52 . 2008-03-28 18:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-28 18:52 . 2008-03-28 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-28 18:48 . 2008-03-28 18:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 22:33 . 2008-03-27 22:33 <DIR> d-------- C:\Program Files\iTunes
2008-03-27 21:08 . 2008-03-28 22:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-27 21:08 . 2008-03-27 21:08 <DIR> d-------- C:\Documents and Settings\Dave\Application Data\Malwarebytes
2008-03-27 21:08 . 2008-03-27 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-24 20:02 . 2008-03-27 22:33 <DIR> d-------- C:\Program Files\iTunes(2)
2008-03-21 17:57 . 2008-03-21 17:57 <DIR> d-------- C:\Deckard
2008-03-21 16:53 . 2008-03-21 16:53 <DIR> d-------- C:\Program Files\ZonedOut
2008-03-21 16:53 . 2008-03-21 16:53 240,904 --a------ C:\Program Files\ZonedOut.zip
2008-03-21 16:51 . 2008-03-21 16:52 322,518 --a------ C:\Program Files\ie-spyad_zo.exe
2008-03-21 16:37 . 2008-03-21 16:52 <DIR> d-------- C:\ie-spyad_zo
2008-03-21 16:27 . 2008-03-23 17:18 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-20 23:02 . 2008-03-20 23:02 <DIR> d-------- C:\Documents and Settings\Dave\Application Data\Samsung
2008-03-20 13:31 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-20 13:27 . 2008-03-20 13:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-19 11:24 . 2008-03-19 11:24 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-03-19 11:24 . 2008-03-19 11:24 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-03-07 16:20 . 2008-03-07 16:20 <DIR> d-------- C:\Program Files\Autoruns
2008-03-07 16:20 . 2008-03-07 16:20 545,278 --a------ C:\Program Files\Autoruns.zip
2008-03-07 15:59 . 2008-03-07 15:59 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 18:00 --------- d-----w C:\Program Files\McAfee
2008-04-05 21:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-02 18:08 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-01 22:40 --------- d-----w C:\Documents and Settings\Dave\Application Data\SiteAdvisor
2008-04-01 22:38 --------- d-----w C:\Documents and Settings\Dave\Application Data\Vso
2008-04-01 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-01 20:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-28 16:42 --------- d-----w C:\Program Files\XoftSpySE
2008-03-27 20:06 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-03-24 19:02 --------- d-----w C:\Program Files\iPod
2008-03-20 23:08 --------- d-----w C:\Program Files\MSN Messenger
2008-03-20 12:30 --------- d-----w C:\Program Files\Java
2008-03-19 10:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-06 12:31 --------- d-----w C:\Program Files\AOL 9.0
2008-03-06 12:23 --------- d-----w C:\Program Files\RegCure
2008-03-03 13:32 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-28 21:55 --------- d-----w C:\Program Files\Samsung
2008-02-23 10:09 --------- d-----w C:\Documents and Settings\Dave\Application Data\PC Tools
2008-02-20 18:45 --------- d-----w C:\Documents and Settings\Dave\Application Data\Uniblue
2008-02-20 16:15 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee
2008-02-19 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-19 21:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-15 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-02-12 11:19 --------- d-----w C:\Documents and Settings\Dave\Application Data\Viewpoint
2007-09-29 10:39 47,360 -c--a-w C:\Documents and Settings\Dave\Application Data\pcouffin.sys
2007-02-15 23:03 4,859,480 -c--a-w C:\Program Files\MsgPlusLive-411.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-03_19.07.29.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-03 14:23:43 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-07 18:12:19 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-03 14:23:43 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-07 18:12:19 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-03 14:23:43 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-07 18:12:19 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-30 15:21:46 52,880 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-05 20:58:55 52,880 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-30 15:21:47 380,658 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-05 20:58:55 380,658 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-04-10 19:35 36904]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 14:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-05-04 18:21 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a--c--- 2005-12-25 18:41 20480 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a--c--- 2005-01-18 18:07 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a--c--- 2005-01-18 18:47 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a--c--- 2005-01-18 18:37 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2004-10-08 12:52 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a--c--- 2003-12-30 11:40 380928 C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
--a--c--- 2004-08-04 14:00 158208 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]
--a--c--- 2003-12-13 18:17 61440 C:\Program Files\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a--c--- 2005-01-28 11:10 110740 c:\Apps\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2004-05-14 15:47 67072 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a--c--- 2004-03-26 14:07 49152 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AOL 9.0\\aol.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2006-02-14 07:42]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2006-02-14 07:42]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2006-02-14 07:42]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 01:23:19 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-04-01 00:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-03-07 15:33:32 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-07 15:33:32 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-07 15:33:31 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-03-07 15:33:31 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 22:08:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6172\saHook.dll
.
Completion time: 2008-04-07 22:15:05
ComboFix-quarantined-files.txt 2008-04-07 21:14:57
ComboFix2.txt 2008-04-04 18:44:56
ComboFix3.txt 2008-04-03 18:08:21
Pre-Run: 45,481,549,824 bytes free
Post-Run: 45,468,069,888 bytes free
.
2008-03-19 10:35:13 --- E O F ---



HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:00, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.multi-map.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2484164758-4289812923-617904061-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Louise')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

--
End of file - 7362 bytes

[amateur]

Hi,

It's looking good. If you have no further issues, you're all set to go. The logs are clean.

• Click Start then Run
• Now type Combofix /u in the runbox and click OK. Notice the space between the Combofix and the /
  
  
  
  This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

Here are some steps to make your surfing more secure in future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Keep your antivirus-program up-to-date and do regular scans with it. Please make sure that you have only one active antivirus program on your system.

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site http://windowsupdate.microsoft.com/ to get the critical updates.

If you are running Microsoft, or any portion thereof, go to the Microsoft's Office Update site http://office.microsoft.com/officeup....aspx?lc=en-us and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place:

SpywareBlaster A tutorial on installing & using this product can be found here: http://www.bleepingcomputer.com/forums/tutorial49.html
SpywareGuard here

If you haven't got one, already, install a firewall and keep it up-to-date. Please make sure that you have only one active firewall on your system.

A firewall will prevent unauthorized contact between your computer and internet. A tutorial on Firewalls and a listing of some available ones can be found here:
http://forum.malwareremoval.com/viewtopic.php?p=56#56
http://www.bleepingcomputer.com/forums/tutorial60.html

Test your firewall here to make sure that it's working properly

Ccleaner is a useful utility to clean the temporary files and cookies on a regular basis. Tutorial for CCleaner will explain how to use it. Note: Don't use the Registry (formerly Issues) block as it deals with the registry and can be dangerous.

But above all, keep all your software UP-TO-DATE at all time!!

A colleague of ours has excellent information and tips on the prevention of malware here and more on improving speed/system performance after malware removal here .

If you want to fight back the Malware Writers, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

Happy Surfing!

[loise300]

hi,
thank you so much for all the time and effort you've put into helping me.
i will now be alot more careful with what i go on, and will make sure i keep my stuff upto date.

thanks again and hopefully i wont be seeing you anytime soon

[amateur]

You're welcome. Glad we could help. Stay safe!