BSOD, IE and WoW closing randomly/bogus_driver, etc.

[Dyclon55]

Well the issue started after I cleaned my computer out with Kaspersky. Whenever I leave my computer alone a blue screen will pop up (BSOD) and say like Bogus_driver, bad_pool_header, etc. I press f8 and it will go back to normal. I usually use Mozilla Firefox but one of those 5 steps I was sent said I needed to use Internet Explorer to get Microsoft updates, but I discovered I couldn't use Internet Explorer just like World of Warcraft(software program). It used to also do it for Itunes and Ventrilo, but doesn't do that anymore. For warcraft it only closes once I begin to type in my password.(If that helps at all). My Kaspersky also is saying somthing about wanting to neutralize Internet Explorer but it ends up saying it was skipped.

Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:51 PM, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\DOCUME~1\Ian\LOCALS~1\Temp\csrssc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.alot.com/sidebar?pr=as...sion=1.2.5.255 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: C:\WINDOWS\system32\jdsfg8w3jedf.dll - {C5AF42A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jdsfg8w3jedf.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Ian\LOCALS~1\Temp\csrssc.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: uj38ehfh7efefefds98jkefn - {C5AF42A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jdsfg8w3jedf.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5577 bytes


Panda Results:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-12 19:27:10
PROTECTIONS: 1
MALWARE: 47
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Anti-Virus 8.0.0.454 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\x762f1f9.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\x762f1f9.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@tradedoubler[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\x762f1f9.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\x762f1f9.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.mediaplex.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@revenue[2].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Ian\Cookies\ian@findwhat[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\x762f1f9.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@com[1].txt
00167653 Cookie/Outster TrackingCookie No 0 Yes No C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\x762f1f9.default\cookies.txt[.outster.com/]
00167653 Cookie/Outster TrackingCookie No 0 Yes No C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\x762f1f9.default\cookies.txt[.outster.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@xiti[1].txt
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@hotlog[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@azjmp[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@statcounter[2].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@counter.hitslink[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\x762f1f9.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@bs.serving-sys[2].txt
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@as-us.falkag[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@adtech[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\x762f1f9.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\x762f1f9.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\x762f1f9.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\x762f1f9.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Cookies\joe keith@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@adrevolver[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\x762f1f9.default\cookies.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Cookies\joe keith@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@zedo[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@adrevolver[3].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.adrevolver.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@searchportal.information[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\x762f1f9.default\cookies.txt[.target.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Cookies\joe keith@atwola[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Joe Keith\Application Data\Mozilla\Firefox\Profiles\ufc8jsvn.default\cookies.txt[.smartadserver.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@ehg-dig.hitbox[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@ads.addynamix[1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Wyatt Keith\Cookies\wyatt keith@citi.bridgetrack[1].txt
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP3\A0001449.exe
00377802 Spyware/PeoplePC Spyware No 0 Yes No C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
02897167 Exploit/iFrame HackTools No 0 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SB67UJ2N\wpad[2].htm
02897167 Exploit/iFrame HackTools No 0 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SB67UJ2N\wpad[1].htm
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\system32\jdsfg8w3jedf.dll
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\system32\jdsfg8w3jedf.dll
03408118 Application/AntivirusXP2008 HackTools No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP1\A0000004.exe
03408118 Application/AntivirusXP2008 HackTools No 0 Yes No C:\WINDOWS\system32\pphcpphj0ecog.exe
03408118 Application/AntivirusXP2008 HackTools No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP2\A0001010.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location 4Q
;===================================================================================================================================================================================
Yes C:\WINDOWS\temp\csrssc.exe 4Q
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 4Q
;===================================================================================================================================================================================
;===================================================================================================================================================================================

[Angelfire777]

Hi, welcome to tsf!

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
C:\Qoobox\Add-remove programs.txt
New HijackThis log.

[Dyclon55]

To install the recovery console without the discs it asks what service pack I have which is 3 and it is not on the list. I recently was able to do a windows update.

[Angelfire777]

You can use the one for service pack 2.

[Dyclon55]

Combo Fix log:

ComboFix 08-08-14.01 - Ian 2008-08-14 19:36:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.607 [GMT -4:00]
Running from: C:\Documents and Settings\Ian\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ian\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Ian\Application Data\macromedia\Flash Player\#SharedObjects\T4WTGUKF\interclick.com
C:\Documents and Settings\Ian\Application Data\macromedia\Flash Player\#SharedObjects\T4WTGUKF\interclick.com\ud.sol
C:\Documents and Settings\Ian\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Ian\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Ian\Application Data\rhctphj0ecog
C:\Documents and Settings\Joe Keith\Application Data\macromedia\Flash Player\#SharedObjects\4UXSTWW6\interclick.com
C:\Documents and Settings\Joe Keith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Joe Keith\Application Data\rhctphj0ecog
C:\Documents and Settings\LocalService\Application Data\wsnpoem
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\NetworkService\Application Data\wsnpoem
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\Wyatt Keith\Application Data\macromedia\Flash Player\#SharedObjects\NQ3XJTSR\interclick.com
C:\Documents and Settings\Wyatt Keith\Application Data\macromedia\Flash Player\#SharedObjects\NQ3XJTSR\interclick.com\ud.sol
C:\Documents and Settings\Wyatt Keith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Wyatt Keith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\system32\blphcpphj0ecog.scr
C:\WINDOWS\system32\ctfmonb.bmp
C:\WINDOWS\system32\phcpphj0ecog.bmp
C:\WINDOWS\system32\pphcpphj0ecog.exe
C:\WINDOWS\system32\shell31.dll
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\audio.dll.cla
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\wiaservb.log
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TCPSR
-------\Service_tcpsr


((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.

2008-08-14 13:44 . 2008-08-14 15:43 <DIR> d-------- C:\Documents and Settings\Wyatt Keith\Application Data\Ventrilo
2008-08-14 03:28 . 2008-06-23 12:57 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-14 03:28 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-14 03:28 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-14 03:28 . 2008-06-23 12:57 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-14 03:28 . 2008-06-23 12:57 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-14 03:28 . 2008-06-23 12:57 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-14 03:28 . 2008-06-23 12:57 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-14 03:28 . 2008-06-23 12:57 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-14 03:28 . 2008-06-23 05:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-14 00:06 . 2008-08-14 00:06 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-14 00:06 . 2008-08-14 00:06 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-14 00:06 . 2008-08-14 00:06 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-14 00:06 . 2008-08-14 00:06 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-14 00:02 . 2008-08-14 00:08 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-13 23:43 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-13 23:42 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-13 23:41 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-08-13 23:41 . 2008-04-13 20:11 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-08-13 23:41 . 2008-04-13 20:11 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-08-13 23:41 . 2008-04-13 20:11 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-08-13 23:41 . 2008-04-13 20:11 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-08-13 23:41 . 2008-04-13 20:11 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-08-13 23:41 . 2008-04-13 20:11 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-08-13 23:41 . 2008-04-13 20:11 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-08-13 16:55 . 2008-08-13 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-08-13 16:38 . 2008-08-13 16:55 <DIR> d-------- C:\Documents and Settings\Ian\Application Data\Uniblue
2008-08-13 16:37 . 2008-08-13 16:55 <DIR> d-------- C:\Program Files\Uniblue
2008-08-13 16:26 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 16:26 . 2008-05-01 10:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 03:29 . 2008-08-13 03:29 <DIR> d-------- C:\Program Files\AIM Search
2008-08-13 03:29 . 2008-08-13 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-08-13 03:28 . 2008-08-13 03:29 <DIR> d-------- C:\Program Files\AIM6
2008-08-13 01:40 . 2008-08-13 03:10 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-08-13 01:38 . 2008-08-13 01:38 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-08-12 18:14 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-12 18:13 . 2008-08-12 18:13 <DIR> d-------- C:\Program Files\Panda Security
2008-08-12 18:04 . 2008-08-12 18:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-12 17:49 . 2008-08-12 17:49 <DIR> d-------- C:\ie-spyad_zo
2008-08-12 17:43 . 2008-08-12 20:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-12 17:42 . 2008-08-12 17:46 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-11 13:46 . 2008-08-11 13:46 <DIR> d-------- C:\Documents and Settings\Joe Keith\Application Data\MSNInstaller
2008-08-11 13:41 . 2008-08-11 13:41 2 --a------ C:\WINDOWS\msoffice.ini
2008-08-09 14:41 . 2008-08-09 14:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-09 01:10 . 2008-08-09 01:10 <DIR> d---s---- C:\WINDOWS\system32\config\systemprofile\Temporary Internet Files
2008-08-09 01:10 . 2008-08-09 01:10 <DIR> d---s---- C:\WINDOWS\system32\config\systemprofile\History
2008-08-09 01:09 . 2008-08-09 11:40 10,000 --a------ C:\WINDOWS\system32\jdsfg8w3jedf.dll
2008-08-09 01:09 . 2008-08-09 01:09 0 --a------ C:\WINDOWS\system32\lich.dat
2008-08-04 00:24 . 2008-08-04 00:24 <DIR> d-------- C:\Program Files\iPod
2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll
2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat
2008-07-23 05:03 . 2008-07-23 05:03 <DIR> d-------- C:\Documents and Settings\Ian\Application Data\alot
2008-07-21 18:34 . 2008-07-21 18:34 121,872 --a------ C:\WINDOWS\system32\drivers\kl1.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 23:40 565,280 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-14 23:40 27,452 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-14 23:40 142,844 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-14 23:40 10,639,136 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-14 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-13 23:37 --------- d-----w C:\Program Files\Microsoft Games
2008-08-13 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-13 07:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-08-13 05:34 --------- d-----w C:\Program Files\World of Warcraft
2008-08-13 00:54 147,456 ----a-w C:\Program Files\mDNSResponder
2008-08-12 21:23 --------- d-----w C:\Program Files\WildTangent
2008-08-11 17:48 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-11 17:42 --------- d-----w C:\Documents and Settings\Wyatt Keith\Application Data\AOL
2008-08-11 17:42 --------- d-----w C:\Documents and Settings\Joe Keith\Application Data\AOL
2008-08-11 15:39 --------- d-----w C:\Documents and Settings\Joe Keith\Application Data\Ventrilo
2008-08-11 15:38 --------- d-----w C:\Program Files\DivX
2008-08-11 06:41 --------- d-----w C:\Program Files\RGB
2008-08-09 21:28 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-09 18:52 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-09 18:52 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-04 04:24 --------- d-----w C:\Program Files\iTunes
2008-07-26 20:58 --------- d-----w C:\Documents and Settings\Joe Keith\Application Data\alot
2008-07-25 21:39 --------- d-----w C:\Documents and Settings\Ian\Application Data\Apple Computer
2008-07-14 21:31 --------- d-----w C:\Program Files\QuickTime
2008-07-13 01:20 144 ----a-w C:\domains.dat
2008-06-26 06:28 --------- d-----w C:\Documents and Settings\Ian\Application Data\TeamViewer
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-09-15 16:02 51,418,424 ----a-w C:\Program Files\iTunesSetup.exe
2007-07-26 01:45 811,436 ----a-w C:\Program Files\WoW-2.1.3.6898-to-0.2.0.6932-enUS-downloader.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 04:00 7585792]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 01:58 458752]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 19:02 40960]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 20:20 206088]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 15:09:32 73728]

C:\Documents and Settings\Wyatt Keith\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 15:09:32 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cks00.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ian^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\Ian\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Joe Keith^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\Joe Keith\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 16:35 67112 C:\PROGRA~1\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-08-06 11:21 50472 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-06 00:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 19:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 19:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-18 04:00 7585792 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-18 04:00 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-06-19 14:33 163840 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
--------- 2005-10-11 13:23 1187840 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 16:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-04-01 01:01 761946 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2008-07-23 14:05 1927448 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
--a------ 2008-05-02 15:15 1424648 C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-06-01 20:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
--a------ 2008-04-13 20:11 177152 C:\WINDOWS\system32\mqrt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-18 04:00 1617920 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"Vongo Service"=2 (0x2)
"PnkBstrA"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-enUS-downloader.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\regsvr32.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2009\\avp.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]
S0 Cks00;Cks00;C:\WINDOWS\system32\Drivers\Cks00.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-13 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [2008-05-02 15:15]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
ShellIconOverlayIdentifiers-{EA3775F2-28BE-11D3-9C8D-00105A24ED29} - (no file)
MSConfigStartUp-AOL Fast Start - C:\Program Files\America Online 9.0\AOL.EXE
MSConfigStartUp-AppleSyncNotifier - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-kdfzf - C:\WINDOWS\system32\kdfzf.exe
MSConfigStartUp-ctfmona - C:\WINDOWS\system32\ctfmona.exe
MSConfigStartUp-iexplorer - C:\WINDOWS\iexplorer.exe
MSConfigStartUp-Jnskdfmf9eldfd - C:\DOCUME~1\Ian\LOCALS~1\Temp\csrssc.exe
MSConfigStartUp-McAfeeUpdaterUI - C:\Program Files\McAfee\Common Framework\UdaterUI.exe
MSConfigStartUp-ShStatEXE - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\x762f1f9.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 19:42:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????\??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-08-14 19:45:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-14 23:45:45

Pre-Run: 23,766,757,376 bytes free
Post-Run: 23,993,536,512 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

315 --- E O F --- 2008-08-13 23:24:03




Add-Remove program text:

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Search --> C:\Program Files\AIM Search\uninstaller.exe AIM Search
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157) -->
Hotfix for Windows Media Player 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287) --> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP QuickPlay 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0031 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13BCF6CB-2F54-4962-9B11-32F07048ACF3}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Kaspersky Anti-Virus 2009 --> MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009 --> MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs --> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs --> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB09F05F-85C6-4205-B28D-5BF071D276C3}\setup.exe" -l0x9
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838) --> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648) --> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759) --> "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974) --> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066) --> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954) --> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838) --> "C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839) --> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TourSetup --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpyEraser --> "C:\Program Files\Uniblue\SpyEraser\unins000.exe"
Update for Windows Media Player 10 (KB910393) --> "C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800) --> "C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251) --> "C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2) --> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978) --> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{85DD724B-15E5-4572-81BF-CF9031D83848}
Vongo --> MsiExec.exe /I{DB7E00C9-6DEF-489A-8112-D8F81614F45A}
Windows Genuine Advantage Notifications (KB905474) -->
Windows Genuine Advantage Validation Tool (KB892130) -->
Windows Genuine Advantage Validation Tool (KB892130) -->
Windows Internet Explorer 7 --> "C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11 --> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11 --> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\Setup.exe" -l0x9 -removeonly
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe



New Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:37 PM, on 8/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5246 bytes

[Angelfire777]

Hi,

You downloaded the wrong package. You have media center edition which is based on xp pro but it's ok, the home package would work ok.


*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.


*delete these files:

C:\WINDOWS\system32\jdsfg8w3jedf.dll
C:\WINDOWS\system32\lich.dat

*I don't see these programs installed so you may delete these leftover folders:

C:\Documents and Settings\Ian\Application Data\alot
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\WildTangent
C:\Documents and Settings\Joe Keith\Application Data\alot


*click start > run > copy and paste:

sc delete Cks00

press enter.


*Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cks00.sys]

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
__________

*Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.

• Click Start > Control Panel
• Click Add/Remove Programs
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove button.
• Repeat as many times as necessary to remove all versions of Java.
• Reboot your computer once all Java components are removed.

Then download Java Runtime Environment 6u7, and install it to your computer.

• Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
• On the General tab, under Temporary Internet Files, click the Settings button.
• Next, click on the Delete Files button
• There are two options in the window to clear the cache - Leave BOTH Checked
  • Applications and Applets
    Trace and Log Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Temporary Files Window
• Click OK to leave the Java Control Panel.

*Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems

On your next reply, please include a

• Fresh HijackThis log.
• eset scan log

[Dyclon55]

ESET Scanner:


# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3360 (20080815)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=a638153e74aba04a8c5d300f702ad44d
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-08-16 07:54:47
# local_time=2008-08-16 03:54:47 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=446458
# found=4
# scan_time=4483
C:\QooBox\Quarantine\C\WINDOWS\iexplorer.exe.vir a variant of Win32/Injector.CA trojan 157F604376AEA90AF48082E229D4C55E
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmonb.bmp.vir Win32/TrojanDownloader.FakeAlert.BU trojan 048D36722CDEDB58886C9EA795B05684
C:\QooBox\Quarantine\C\WINDOWS\system32\phcpphj0ecog.bmp.vir Win32/TrojanDownloader.FakeAlert.DJ trojan 818C2209BD67775533DDF1ACEFB1F84C
C:\QooBox\Quarantine\C\WINDOWS\system32\pphcpphj0ecog.exe.vir Win32/TrojanDownloader.FakeAlert.FK trojan BBC8

Hijack This:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:02 PM, on 8/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5548 bytes




The only remaining problem is i can't see any pictures while in internet explorer just shows the 3 different color shapes where the pictures should be. It is the same for my WoW launcher. I'm not sure If I'm still getting the blue screen but i let this scanner run for awhile by itself and the bsod wasn't popping up like it used to.

[Angelfire777]

Hi, please try this:

Clean your Cache and Cookies in IE:

• Close all instances of Outlook Express and Internet Explorer
• Go to Control Panel > Internet Options > General tab
• Click the "Delete Cookies" button
• Next to it, Click the "Delete Files" button
• When prompted, place a check in: "Delete all offline content", click OK

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

• Go to Tools > Options.
• Click Privacy in the menu on the left side of the Options window.
• Click the Clear button located to the right of each option (History, Cookies, Cache).
• Click OK to close the Options window
  Alternatively, you can clear all information stored while browsing by clicking Clear All.
  A confirmation dialog box will be shown before clearing the information.

* Clean other Temporary files + Recycle bin

• Go to start > run and type: cleanmgr and click ok.
• Let it scan your system for files to remove.
• Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
• Press OK to remove them.

[Dyclon55]

Hey, thanks I really appreciate the help and everything seems to be running smooth again, if this happens again I'll know how to fix it now. Thanks again.

[Angelfire777]

Congratulations! Your log looks clean!

Click start > run > copy and paste:

combofix /u

That will hide your system files, clear your system restore cache and uninstall combofix.


Here are some free programs I recommend that could help you improve your pc's security.

Firewall Application - Although Windows Xp comes with a firewall, you should not rely on it because the Windows Firewall can only filter incoming data; outgoing traffic is not controlled, meaning that malware/viruses that are present in your computer can access the internet with no restrictions. There are several other Firewall that can protect you better by filtering incoming and outgoing data. Make sure you get only one of these.

» Comodo
» Kerio

MVPS Hosts File
~You can download it from here
~I highly recommend this hosts file. You can learn more about this here

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"

And miekiemoes' "How to Prevent Malware"

Happy safe surfing!

Note: Please reply to this thread one last time so I could mark it as resolved.

[Dyclon55]

Thanks again.