activescan logfile

[andrewb1]

Did this in response to this thread:

Cannot open internet options in control panel

I think i did it right. cheers.

sorry didn't add the HijackThis logfile in the first post. sorry for the bump.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:26:03, on 06/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AntispywareBot\AntispywareBot.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecu...th.srf?lc=1033
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Access
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTYAHO~1\Help\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe
O4 - HKLM\..\Run: [GSISETUP] C:\DOCUME~1\andy\LOCALS~1\Temp\GsiInst.exe INSTALL C:\DOCUME~1\andy\LOCALS~1\Temp\.\V205Res 13
O4 - HKLM\..\Run: [Windoxs Update Center] W32RfSA.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [Windoxs Update Center] W32RfSA.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Windoxs Update Center] W32RfSA.exe
O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AntispywareBot] C:\Program Files\AntispywareBot\AntispywareBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,C:\WINDOWS\system32\guard32.dll,avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13879 bytes

[andrewb1]

bump.

[chemist]

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

AntiSpywareBot<<Please read this

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

First, we need to install the Windows Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Download the file from this Microsoft page:

For XP Home >> http://www.microsoft.com/downloads/d...displaylang=en

For XP Pro >> http://www.microsoft.com/downloads/d...displaylang=en

Do not be concerned that this file is for SP2 and you have SP3. It will work just fine on your system.

Save it as it is originally named to your Desktop.

Now close all open windows and programs, including all antivirus and antispyware programs. Get help here



Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Recovery Console.

As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return.

ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:



Please continue as follows:

• Close/disable all antivirus and antispyware programs so they do not interfere with the running of ComboFix. Get help here
• Please click Yes to continue scanning for malware.

When the tool is finished, it will produce a log for you.

Please post that log, ComboFix.txt along with a new HijackThis log so we may continue cleansing the system.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

Please close HijackThis now.

------------------------------------------------------

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------

Please post the following in your next reply:

ComboFix.txt
new HijackThis log
Add-Remove Programs.txt

If you have any questions along the way...STOP and ask them before proceeding.

[andrewb1]

Combofix log

ComboFix 08-10-10.09 - andy 2008-10-11 20:25:18.2 - NTFSx86
Running from: C:\Documents and Settings\andy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\andy\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\andy\Application Data\AntispywareBot
C:\Documents and Settings\andy\Application Data\AntispywareBot\Log\2008 Oct 11 - 05_56_59 PM_671.log
C:\Documents and Settings\andy\Application Data\AntispywareBot\Log\2008 Oct 11 - 06_09_40 PM_671.log
C:\Documents and Settings\andy\Application Data\AntispywareBot\Log\2008 Oct 11 - 06_19_58 PM_937.log
C:\Documents and Settings\andy\Application Data\AntispywareBot\rs.dat
C:\Documents and Settings\andy\Application Data\AntispywareBot\Settings\ScanResults.pie
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job
C:\WINDOWS\temp\perflib_perfdata_1cc.dat

.
((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
.

2008-10-06 17:22 . 2008-10-06 17:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-05 12:21 . 2008-10-05 12:21 <DIR> d-------- C:\Program Files\Panda Security
2008-10-05 12:21 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-04 14:04 . 2006-11-07 21:01 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-10-04 11:57 . 2008-10-04 12:41 <DIR> d-------- C:\Program Files\Security Task Manager
2008-10-04 11:57 . 2008-10-04 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-02 11:49 . 2008-10-03 22:51 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-02 11:18 . 2008-10-02 11:18 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-02 11:18 . 2008-10-02 11:18 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-02 11:18 . 2008-10-02 11:18 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-02 11:18 . 2008-10-02 11:18 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-02 11:10 . 2008-10-02 11:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-02 10:57 . 2008-10-02 10:57 <DIR> d-------- C:\WINDOWS\EHome
2008-10-02 10:31 . 2008-10-11 20:00 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-02 10:31 . 2008-10-02 17:50 <DIR> d-------- C:\Documents and Settings\andy\Application Data\AVGTOOLBAR
2008-10-02 10:31 . 2008-10-02 10:31 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-02 10:31 . 2008-10-02 10:31 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-02 10:31 . 2008-10-02 10:31 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-02 10:30 . 2008-10-02 10:30 <DIR> d-------- C:\Program Files\AVG
2008-10-02 10:30 . 2008-10-02 10:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-01 20:53 . 2008-10-01 20:53 <DIR> d-------- C:\Program Files\Safari
2008-09-20 22:40 . 2008-09-20 22:40 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-09-16 18:36 . 2008-04-14 01:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-16 18:35 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-16 18:34 . 2008-04-14 01:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 19:35 2,435,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-11 18:52 28,892 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-02 10:50 --------- d-----w C:\Documents and Settings\andy\Application Data\chin move
2008-09-30 20:27 --------- d-----w C:\Documents and Settings\andy\Application Data\U3
2008-09-28 12:50 --------- d-----w C:\Documents and Settings\andy\Application Data\BitTorrent
2008-09-21 20:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-21 11:30 --------- d-----w C:\Documents and Settings\andy\Application Data\Xfire
2008-09-18 21:15 --------- d-s---w C:\Program Files\Xfire
2008-09-03 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS
2008-09-03 13:52 --------- d-----w C:\Program Files\Belarc
2008-08-29 14:57 --------- d-----w C:\Program Files\Apple Software Update
2008-08-29 14:53 --------- d-----w C:\Program Files\iTunes
2008-08-29 14:52 --------- d-----w C:\Program Files\iPod
2008-08-29 14:47 --------- d-----w C:\Program Files\Bonjour
2008-08-29 14:46 --------- d-----w C:\Program Files\QuickTime
2008-01-16 15:39 8 ----a-w C:\Documents and Settings\andy\Application Data\usb.dat.bin
2007-04-22 20:06 92,064 ----a-w C:\Documents and Settings\andy\mqdmmdm.sys
2007-04-22 20:06 9,232 ----a-w C:\Documents and Settings\andy\mqdmmdfl.sys
2007-04-22 20:06 79,328 ----a-w C:\Documents and Settings\andy\mqdmserd.sys
2007-04-22 20:06 66,656 ----a-w C:\Documents and Settings\andy\mqdmbus.sys
2007-04-22 20:06 6,208 ----a-w C:\Documents and Settings\andy\mqdmcmnt.sys
2007-04-22 20:06 5,936 ----a-w C:\Documents and Settings\andy\mqdmwhnt.sys
2007-04-22 20:06 4,048 ----a-w C:\Documents and Settings\andy\mqdmcr.sys
2007-04-22 20:06 25,600 ----a-w C:\Documents and Settings\andy\usbsermptxp.sys
2007-04-22 20:06 22,768 ----a-w C:\Documents and Settings\andy\usbsermpt.sys
2007-02-18 18:35 180 ----a-w C:\Documents and Settings\andy\Application Data\wklnhst.dat
2006-05-23 16:39 12,527,920 ----a-w C:\Program Files\IE7BETA2-WindowsXP-x86-enu.exe
2006-04-09 23:01 1,684,992 -c--a-w C:\Program Files\tginstall0943.msi
2006-03-23 11:36 2,726,712 ----a-w C:\Program Files\LastfmWindows-1.1.4.exe
2006-03-11 23:56 719,244 ----a-w C:\Program Files\NyxLauncher.International.20051201.exe
2006-02-23 21:40 5,862,994 ----a-w C:\Program Files\ts2_client_rc2_2032.exe
2006-02-23 21:38 541,004 ----a-w C:\Program Files\GunzInternational_20060222.exe
2005-11-27 00:35 7,256,768 ----a-w C:\Program Files\SkypeSetup.exe
2005-08-23 01:02 56 --sh--r C:\WINDOWS\system32\6AC0ACAE4C.sys
2005-08-23 01:02 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="/WinStart" [X]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-06 2486272]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 406016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 4620288]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 86016]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.EXE" [2002-01-28 885760]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2005-07-09 98352]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-02 1234712]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 C:\WINDOWS\system32\ptipbmf.dll]
"nwiz"="nwiz.exe" [2004-10-29 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-09 110592]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-02-12 114688]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-02-04 169472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2006-12-26 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2007-09-08 00:01 43008 C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a--c--- 2006-05-24 19:31 1372160 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aswUpdSv"=2 (0x2)
"StyleXPService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-02 97928]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-12 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-12 24208]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-02 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-02 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-02 76040]
R3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 10254]
R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 220079]
S3 iadusb;BT Voyager 205 ADSL Router;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2005-02-16 30371]
S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys [ ]
S3 XDva025;XDva025;C:\WINDOWS\system32\XDva025.sys [ ]
S4 SI3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2003-05-09 89749]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8fb069d-f127-11dc-b161-0011d844423f}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-10-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Windoxs Update Center - W32RfSA.exe
HKLM-Run-Motive SmartBridge - C:\PROGRA~1\BTYAHO~1\Help\SMARTB~1\MotiveSB.exe
HKLM-Run-DSLAGENTEXE - C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe
HKLM-Run-Windoxs Update Center - W32RfSA.exe
HKLM-Run-NWEReboot - (no file)
HKLM-RunServices-Windoxs Update Center - W32RfSA.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.uk/
R0 -: HKLM-Main,Window Title = Tiscali Internet Access
R0 -: HKLM-Main,Search Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 -: HKCU-Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecu...th.srf?lc=1033
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;*.local
R1 -: HKCU-SearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
O8 -: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 -: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 -: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 20:33:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\MLANG.dll
.
Completion time: 2008-10-11 20:50:33
ComboFix-quarantined-files.txt 2008-10-11 19:50:19

Pre-Run: 34,346,496,000 bytes free
Post-Run: 34,321,522,688 bytes free

218 --- E O F --- 2008-10-02 16:38:05

___________________________________________________________
HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:42, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecu...th.srf?lc=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12201 bytes


_____________________________________________________________

Okay i tried running the C:\Qoobox\Add-Remove Programs.txt and it opened a notepad file but it was empty. Although i managed to find one called ComboFix Quarantined files.txt, i'm not sure if this is correct but i attached it to my post anyway just incase.

[chemist]

• Double-click on HijackThis.exe to run it.
• Click Open the Misc Tools section and click the button labeled Open Uninstall Manager...
• Click the Save List... button and Save it to your Desktop.
• Close HijackThis now.
• Post uninstall_list.txt in your next reply.

------------------------------------------------------

[andrewb1]

okay attached it.

[chemist]

Hello, andrewb1.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Quote:

C:\Documents and Settings\andy\My Documents\My Received Files\KeyGen [ Style XP 3.19 ].rar

This is one reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, uninstall any such applications.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, avast and AVG. It also appears that you have two firewalls installed and running, ZoneAlarm and Comodo. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one antivirus and one firewall to keep and uninstall the others via Add or Remove Programs in your Control Panel.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

Uinstall Aze Bar<<Please read this

------------------------------------------------------

I see you have P2P software ( BitTorrent and LimeWire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here, here, and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you decide to uninstall BitTorrent and LimeWire, also delete these Folders if they still exist:

C:\Documents and Settings\andy\Application Data\BitTorrent
C:\Documents and Settings\andy\Application Data\LimeWire
C:\Program Files\BitTorrent
C:\Program Files\LimeWire

------------------------------------------------------

Empty the following Folder if it still exists:

C:\Program Files\Yahoo!\YPSR\Quarantine

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the quotebox below into Notepad:

Quote:

File::
c:\windows\azesearch.bmp
c:\windows\system32\azebar.xml

Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}]
[-hkey_current_user\software\dynamic toolbar]
R0 -: HKLM-Main,Search Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 -: HKCU-SearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

Driver::
XDva007
XDva025

Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix

If you are prompted to update ComboFix, please click Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.

------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 Update 7 and Save it to your Desktop.
• Scroll down to where it says Java Runtime Environment (JRE) 6 Update 7 The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
• Click the Download button to the right.
• Select the Windows platform from the dropdown menu.
• Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6 License Agreement.
• Click Continue
• Click on the link to download Windows Offline Installation and Save the file to your Desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start(or My Computer) > Control Panel and click on Add or Remove Programs
• Click (highlight) the following items:
  • J2SE Runtime Environment 5.0 Update 10
  • J2SE Runtime Environment 5.0 Update 9
  • Java 2 Runtime Environment, SE v1.4.2_01
  • Java(TM) 6 Update 2
  • Java(TM) 6 Update 3
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.

• After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button.
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files Window.
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
  • Click OK to leave the Temporary Files Window.
  • Click OK to leave the Java Control Panel.
  • Delete jre-6u7-windows-i586-p.exe from your desktop.

------------------------------------------------------

Please download ATF-Cleaner by Atribune and Save it to your Desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

------------------------------------------------------

Please run this online scan to help look for remnants.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at any Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

Please close HijackThis now.

------------------------------------------------------

Please post the following in your next reply:

ComboFix.txt
Kaspersky report
new HijackThis log
report on system behavior

[andrewb1]

Quote:

Originally Posted by chemist

C:\Documents and Settings\andy\My Documents\My Received Files\KeyGen [ Style XP 3.19 ].rar

Cant find this file in that directory, i may possibly have deleted it before.

Quote:

Originally Posted by chemist

It appears that you have two antivirus programs installed and running, avast and AVG. It also appears that you have two firewalls installed and running, ZoneAlarm and Comodo. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one antivirus and one firewall to keep and uninstall the others via Add or Remove Programs in your Control Panel.

When trying to delete avast, this message appears.


I dont actually want avast on my pc anymore as i use AVG anyway, but have not been able to delete it.

Quote:

Originally Posted by chemist

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

Uinstall Aze Bar<<Please read this

When trying to delete this, nothing happens except for maybe a brief flash of a window, similar if not exactly the same problem as what is happening with my Internet Options.

[chemist]

OK, just skip those two items and continue with the rest of the instructions and we'll deal with those later.

[andrewb1]

ComboFix
ComboFix 08-10-11.02 - andy 2008-10-12 10:30:37.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.132 [GMT 1:00]
Running from: C:\Documents and Settings\andy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\andy\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\azesearch.bmp
c:\windows\system32\azebar.xml

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA007
-------\Legacy_XDVA025
-------\Service_XDva007
-------\Service_XDva025


((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.

2008-10-12 10:02 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-12 10:01 . 2008-10-12 10:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-06 17:22 . 2008-10-06 17:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-05 12:21 . 2008-10-05 12:21 <DIR> d-------- C:\Program Files\Panda Security
2008-10-05 12:21 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-04 14:04 . 2006-11-07 21:01 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-10-04 11:57 . 2008-10-04 12:41 <DIR> d-------- C:\Program Files\Security Task Manager
2008-10-04 11:57 . 2008-10-04 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-02 11:49 . 2008-10-03 22:51 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-02 11:18 . 2008-10-02 11:18 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-02 11:18 . 2008-10-02 11:18 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-02 11:18 . 2008-10-02 11:18 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-02 11:18 . 2008-10-02 11:18 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-02 11:10 . 2008-10-02 11:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-02 10:57 . 2008-10-02 10:57 <DIR> d-------- C:\WINDOWS\EHome
2008-10-02 10:31 . 2008-10-11 20:00 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-02 10:31 . 2008-10-02 17:50 <DIR> d-------- C:\Documents and Settings\andy\Application Data\AVGTOOLBAR
2008-10-02 10:31 . 2008-10-02 10:31 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-02 10:31 . 2008-10-02 10:31 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-02 10:31 . 2008-10-02 10:31 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-02 10:30 . 2008-10-02 10:30 <DIR> d-------- C:\Program Files\AVG
2008-10-02 10:30 . 2008-10-02 10:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-01 20:53 . 2008-10-01 20:53 <DIR> d-------- C:\Program Files\Safari
2008-09-20 22:40 . 2008-09-20 22:40 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-09-16 18:36 . 2008-04-14 01:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-16 18:35 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-16 18:34 . 2008-04-14 01:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 09:37 2,910,240 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-12 09:02 --------- d-----w C:\Program Files\Java
2008-10-11 23:54 33,260 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-11 22:06 --------- d-----w C:\Program Files\COMODO
2008-10-11 22:06 --------- d-----w C:\Documents and Settings\andy\Application Data\Comodo
2008-10-11 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-10-03 22:37 21,504 ----a-w C:\WINDOWS\Internet Logs\xDB58.tmp
2008-10-03 21:07 29,696 ----a-w C:\WINDOWS\Internet Logs\xDB56.tmp
2008-10-03 21:07 1,323,520 ----a-w C:\WINDOWS\Internet Logs\xDB57.tmp
2008-10-03 18:00 46,080 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp
2008-10-03 17:16 1,321,472 ----a-w C:\WINDOWS\Internet Logs\xDB55.tmp
2008-10-02 15:58 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp
2008-10-02 15:58 1,318,400 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp
2008-10-02 15:13 28,672 ----a-w C:\WINDOWS\Internet Logs\xDB51.tmp
2008-10-02 14:59 57,856 ----a-w C:\WINDOWS\Internet Logs\xDB4F.tmp
2008-10-02 14:59 1,314,816 ----a-w C:\WINDOWS\Internet Logs\xDB50.tmp
2008-10-02 10:50 --------- d-----w C:\Documents and Settings\andy\Application Data\chin move
2008-09-30 20:27 --------- d-----w C:\Documents and Settings\andy\Application Data\U3
2008-09-28 12:50 --------- d-----w C:\Documents and Settings\andy\Application Data\BitTorrent
2008-09-21 20:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-21 11:30 --------- d-----w C:\Documents and Settings\andy\Application Data\Xfire
2008-09-18 21:15 --------- d-s---w C:\Program Files\Xfire
2008-09-03 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS
2008-09-03 13:52 --------- d-----w C:\Program Files\Belarc
2008-08-29 14:57 --------- d-----w C:\Program Files\Apple Software Update
2008-08-29 14:53 --------- d-----w C:\Program Files\iTunes
2008-08-29 14:52 --------- d-----w C:\Program Files\iPod
2008-08-29 14:47 --------- d-----w C:\Program Files\Bonjour
2008-08-29 14:46 --------- d-----w C:\Program Files\QuickTime
2008-01-16 15:39 8 ----a-w C:\Documents and Settings\andy\Application Data\usb.dat.bin
2007-04-22 20:06 92,064 ----a-w C:\Documents and Settings\andy\mqdmmdm.sys
2007-04-22 20:06 9,232 ----a-w C:\Documents and Settings\andy\mqdmmdfl.sys
2007-04-22 20:06 79,328 ----a-w C:\Documents and Settings\andy\mqdmserd.sys
2007-04-22 20:06 66,656 ----a-w C:\Documents and Settings\andy\mqdmbus.sys
2007-04-22 20:06 6,208 ----a-w C:\Documents and Settings\andy\mqdmcmnt.sys
2007-04-22 20:06 5,936 ----a-w C:\Documents and Settings\andy\mqdmwhnt.sys
2007-04-22 20:06 4,048 ----a-w C:\Documents and Settings\andy\mqdmcr.sys
2007-04-22 20:06 25,600 ----a-w C:\Documents and Settings\andy\usbsermptxp.sys
2007-04-22 20:06 22,768 ----a-w C:\Documents and Settings\andy\usbsermpt.sys
2007-02-18 18:35 180 ----a-w C:\Documents and Settings\andy\Application Data\wklnhst.dat
2006-05-23 16:39 12,527,920 ----a-w C:\Program Files\IE7BETA2-WindowsXP-x86-enu.exe
2006-04-09 23:01 1,684,992 -c--a-w C:\Program Files\tginstall0943.msi
2006-03-23 11:36 2,726,712 ----a-w C:\Program Files\LastfmWindows-1.1.4.exe
2006-03-11 23:56 719,244 ----a-w C:\Program Files\NyxLauncher.International.20051201.exe
2006-02-23 21:40 5,862,994 ----a-w C:\Program Files\ts2_client_rc2_2032.exe
2006-02-23 21:38 541,004 ----a-w C:\Program Files\GunzInternational_20060222.exe
2005-11-27 00:35 7,256,768 ----a-w C:\Program Files\SkypeSetup.exe
2005-08-23 01:02 56 --sh--r C:\WINDOWS\system32\6AC0ACAE4C.sys
2005-08-23 01:02 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-11_20.49.26.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-09-24 22:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 00:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-09-24 22:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 00:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-24 23:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 01:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="/WinStart" [X]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-06 2486272]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 406016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 4620288]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 86016]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.EXE" [2002-01-28 885760]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2005-07-09 98352]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-02 1234712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 C:\WINDOWS\system32\ptipbmf.dll]
"nwiz"="nwiz.exe" [2004-10-29 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-09 110592]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-02-12 114688]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-02-04 169472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2006-12-26 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2007-09-08 00:01 43008 C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a--c--- 2006-05-24 19:31 1372160 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aswUpdSv"=2 (0x2)
"StyleXPService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-02 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-02 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-02 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-02 76040]
R3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 10254]
R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 220079]
S3 iadusb;BT Voyager 205 ADSL Router;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2005-02-16 30371]
S4 SI3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2003-05-09 89749]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8fb069d-f127-11dc-b161-0011d844423f}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-10-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 10:36:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-12 10:49:06
ComboFix-quarantined-files.txt 2008-10-12 09:48:27

Pre-Run: 34,184,359,936 bytes free
Post-Run: 34,168,078,336 bytes free

213 --- E O F --- 2008-10-02 16:38:05


___________________________________________________________
Kaspersky log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, October 12, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, October 12, 2008 11:19:44
Records in database: 1306853
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 101163
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:09:29

No malware has been detected. The scan area is clean.

The selected area was scanned.


___________________________________________________________
HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:50, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecu...th.srf?lc=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JS...ws-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12131 bytes


___________________________________________________________

Firefox doesn't freeze and appears to be working normally now. Internet Options still does nothing when clicked on.

[chemist]

Hello again, andrew. Let's tackle your remaining problems in steps.

Are you familiar with this Folder:

C:\Documents and Settings\andy\Application Data\chin move

Please let me know.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist: (Make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Please remember to close all other windows, including browsers then click Fix checked.

Please close HijackThis now. Is Internet Options still not working?

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the quotebox below into Notepad:

Quote:

dir /a /s "C:\Documents and Settings\andy\Application Data\chin move" > log.txt
dir /a /s "C:\Program Files\aze" >> log.txt
notepad log.txt
del log.txt

Save this as peek.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on peek.bat and allow it to run. A Notepad file will open. Post the contents of that file in your next reply. Delete peek.bat now.

------------------------------------------------------

Let's get rid of avast! antivirus.

Please download aswClear.exe and Save it to your Desktop.

• Start Windows in Safe Mode.
• Double-click aswClear.exe
• If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
• Click REMOVE
• Restart your computer.

Is avast! Antivirus gone from Add or Remove Programs?

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

Please close HijackThis now.

------------------------------------------------------

[andrewb1]

Quote:

Originally Posted by chemist

Hello again, andrew. Let's tackle your remaining problems in steps.

Are you familiar with this Folder:

C:\Documents and Settings\andy\Application Data\chin move

Please let me know.

No im not familiar with it, sorry.
------------------------------------------------------

Quote:

Originally Posted by chemist

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist: (Make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Please remember to close all other windows, including browsers then click Fix checked.

Please close HijackThis now. Is Internet Options still not working?

Yes its still not working.

__________________________________________________________
HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:42, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecu...th.srf?lc=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JS...ws-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12019 bytes

___________________________________________________________
Peek

Volume in drive C is Windows
Volume Serial Number is 3C0D-AC97

Directory of C:\Documents and Settings\andy\Application Data\chin move

02/10/2008 11:50 <DIR> .
02/10/2008 11:50 <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 35,192,492,032 bytes free
Volume in drive C is Windows
Volume Serial Number is 3C0D-AC97

__________________________________
Is this right?

[chemist]

Good job!

Delete this Folder:

C:\Documents and Settings\andy\Application Data\chin move

------------------------------------------------------

Is avast! gone? Check Add or Remove Programs.

------------------------------------------------------

• Download Registry Search Tool (RegSrch.vbs) from here and Save it to your Desktop.
• (Scroll down the page to Registry Search Tool and click the green download arrow)
• The RegSrch.zip file should open up on your desktop.
• Click 'Extract all files' and follow the prompts. Use the Browse button to Save it to the Desktop.
• Double-click RegSrch.vbs
• Copy/paste Aze into the Search bar and click OK.
• Wait for it to complete the search, click OK at the prompt.
• Then when wordpad opens, copy the text as a reply into this thread.

------------------------------------------------------

[andrewb1]

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "Aze" 12/10/2008 20:17:47

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AZESearch]

"URTM_STD_ENU_X86_IXP"=".+hv'C^G2B*9MkbIdFwU(HUiXuPHl9tG*_hI~FdQ,?Lv9q*6%l*9MkbIdFwUPCWxJ^eij9xoQwV}krKepC46JlCv?AoW?)HP{Ts]bVh`pM_Y19kqHtLeC{pQFOXO*vD*g(HTy?VXB]2dXK!ZVMKe!?(Fe*LUQ&nVO.BKod8`SA-c,JF0cEPA{K^IYn3?Z@b`Bn(P2O%p.[I.l{l,k9A+()ARN%q&nwr.-N)YNA!%cqbhI{hh!}8Ek]+2{=*k=L+O{ezQrV,.lh87AA)N'5b2S7rU_]-+!jVx9=N2SvY6Rjdz=Lm3bEGH=AvNGB5nU{%eYo`J)EN%l?I!%_f2i5gZl?O.Ihn^lV*9MkbIdFwUShs{]{EVd=G5SnG3}p26WBy.I)C+lV*9MkbIdFwUUQ^.ZZ_AG(*9MkbIdFwU&!%Aei5%i8GuctV{`c=bFQ'7On,5}9Cj(MC03k+sPD0,Ya3$Sou8MkbIdFwU=6U.Z@jJG(u8MkbIdFwU0kY@S2'U]8]+j-]IYwxLUQ^.ZZ_AG(u8MkbIdFwU&vv.ZiM}F(*9MkbIdFwUjN0.Z=0pG(*9MkbIdFwU]]J+$eqc_=6[xdeFyWGojN0.Z=0pG(u8MkbIdFwULE0,Y83$Sou8MkbIdFwUBc~HMt@*^8q^P^Y@!Gkg%?O,H~_2`E*9MkbIdFwUc{[uLO[IHAX5=XrAu{b?g+O,H9h2`E*9MkbIdFwUEgn.Z_T*G(*9MkbIdFwU.(S&Q@~9~=M^kgn'+k71zH^.ZJcAG(u8MkbIdFwUc,O,Hog2`E*9MkbIdFwU_-O,HJg2`E*9MkbIdFwU&vv.ZiM}F(u8MkbIdFwUZ.O,H}f2`E*9MkbIdFwUzH^.ZJcAG(*9MkbIdFwUQanodq{gS@LE?UmjgLNGV0O,HWf2`E*9MkbIdFwUR1O,H.f2`E*9MkbIdFwUEgn.Z_T*G(u8MkbIdFwUN2O,Hee2`E*9MkbIdFwU(g70I8-kkV*9MkbIdFwU=6U.Z@jJG(*9MkbIdFwUGW.0I-5tkV*9MkbIdFwU}5y.ItF+lV*9MkbIdFwULE0,Y83$So*9MkbIdFwUPD0,Ya3$So*9MkbIdFwU]A0,Yx4$So*9MkbIdFwUTC0,Y*4$Sou8MkbIdFwU^S_T-dqji9(OAHJ@f*N'L])PeTrG2AKgNNi4GvcB,?Lv9q*6%lu8MkbIdFwUXB0,YS4$So*9MkbIdFwUb*q'C,3]i@xb$O&,-qlXTC0,Y*4$So*9MkbIdFwUXB0,YS4$Sou8MkbIdFwU.?FA3Kd~P?WcNOJa.rOR+H&x5yOc2A9f2rJNZ]!Ka@0,YF5$Sou8MkbIdFwUW,qzl'')*=onPqgVjtEk@&q.IjM5lV*9MkbIdFwUxtl5a^]n9?&!Or0lC_A]a@0,YF5$So*9MkbIdFwUXRswN$S._=VoF$n+[0(W`Z?C$rK'6?~~9*[?YG4`a$tytNY2g(Svy?VXB]2dtvjXn*6.g(Ojy?VXB]2d!N0,YT,$Sou8MkbIdFwU!N0,YT,$So*9MkbIdFwUwvjXn*6.g(Ojy?VXB]2dJTc8F-YnI9-+xs*kKUO3e?0,Yk5$So*9MkbIdFwUe?0,Yk5$Sou8MkbIdFwU]A0,Yx4$Sou8MkbIdFwUKul'pbF_K9W,KL=$g8_37EFmH)29S9G}vsKbK0pT2@mkJ{44-AUCH6n,l.iQJkrjs*Kk2?xb@e.^Eupy~W9WDi^Q{=ID]bO2iv,gzK~oio1{t8PhTKlh*[F7?Y!GRzx?VALDt}hGeSuy?$kMW)8i59EQt,YDIDWqF~lE2@-oz@%$-((~eMC@gO?vU6B_Q?pOeAIi3@7xDYkJbT,)b9A!]Y+^.rrbQkl_j^e4[AP%@Mvp}-&(!$.-(}AkdA=BL*0)'4meB=P%Qt+nT=%Uxvq`AW-)Z@}w(@VPI?`qL6*SzZ+aUaV!f&dfB?v8?jGmhqoc'um07?S&j=lB{Y4o$w}3C*]p(zuGP9E3l*E~1J_)*Lvfk0pE4@gmc'sH8dTW1n^&?ri`+A_pnPWY,!WjQB3%S}Rfc=&UMSC!7`Q2DIPKPpCN{9N}b7P14U5OXS.4v6=yV?1t$'xTRA_708c$C=u+s?4w*tFWfK_dBX(+Bx%`DA%Pn`cwzS0AJe^03Gi)dA^j+KatnX-vrx2sikfmZ=^R[8nVn1H%TnC,l?Ij9AA2eC6fL($v52d?H`(Gp@qM{'U`soUG@_{2qO4+59hcU2[zsSPSE[LRF*n6p@a[`Hk-785(-c(t^@nS[=I)n[O=ztkebIA~2f9FSA?{F1JVkjrt2==SJfa?}=vx)IU1gNl+G$nriB?xH=u[x(=%oaD0JKwHb-.}v8^~NZLfx@3A`=zZjcvhbAvV8g,jhVxR%}}64`+,E?S(sMBY[U~E5_u&')1`_@xb83BJ~g~cbF$'`3EVn@7Rqu7Eu$X?JPEY1RojQ?JuO?Q(9)==B1Mz%qYwi8rPcC,4J8rj{y'g2Vqs&9kI*DBfgAQQ]g3.T(-N%9NUiHn)uXN1Qnynx9OH(AzYPFybsoeVi]}7fPZU)={{?fTrt0PwI6X-tXB~'?wk'bxAIm(P(l0$d+IA1@PwkJ6Ac9gzF&gW4t'Sn?zQ_5wVgW].P}$'ZNK5q@.^L^!_b^KT7v_([$+qD?^]xkMSfvQTOA4k6n2wE@L{-se+75F'PU*Fi.=C~?kRFlx6(IG'([Nl_X=SY=gfveog7B^SX!g7]~`&x@9PDD&7{Q.ue8ACh8tW&?WO^`tl-9=x4-`)E3wu=91Q=kgS__+Z`fUl7{GTe@edzr09_F8x+ZOc2P^fV=h!dBi=)^V4*MLLuG_,eAoziS%4D^WosnIC%dvYN=VOH~.yh+{Uvru[kaiDI?pCT(RPb&l!I'tRr.L0x?3LhZ_=[8PM{IUZ!dzG7AHOfD4{&3*3Q+IBD(mA!A6$Iw.484)J{dY!XdlNr@BOtP8E*(?CZ7`9$3nUu=Z@9?%yw(.L6'XBY}tnK?h~Rh*?)y,j_X=yV7M94@Rs^*a{[.=+q&ov3Hcf^9AQ2[e2VKx3s!fA%2J3z?iiec!1z)h]=[%R+[]1e@Y@ZneH`kfw1I`W5MMaq8*g5`,$4c'QwWYWdKnVW?oh?_N+y+'ZkV^B7PVM9=moUkB~4zIHJC41TeL&B9fosOhOa_mpe4^gIuIua8W1)TUQ1PQp]FHsUdVih?}.=G7,NY]^6$t8.[_8i8IVucW_XKtR1z=rmy?*y@CiP8qEsRZrcE^cf$5Kt?]+a78qC%[Ft%6kBd('L9lQY7AQ_!_X}x,o_-dUT=.euyhbHIUC&aXoe@&f~=~2(0T`1P,q'5WCz3(_U@uF0qj8+Jgh}j.&?PA869(J`N!5@0fdB]MzKk`@9=0O_8U)(7&E.%zzF`h_b9+$AMh9yhY``%Jysycp$AWg6ERmTW)$4KBN9L$0G=u7R=Apz!x'*FneAbIH99bv_Y3Tp6&lhZadS4een?I]F&'qBVQe_g^mo7,my@oqZ_yiM!f&.hHj!a=.'=*q~[g^MfcSuW_^YapJ&?0DKhKWKmQo$+iYURi4FAx`=S_35pzdGT1Pw(tys?V.-6BJe.i`l%&(W7aj)9o0Oj9dd0,BTaC$DF.C4?]~jTQRVs.JksMnFXbNW9@'AcRo[1)g[JzDwE4j!@h7^P=dyurJs&$6xuz5,@BaM?(.Na)Nm%^T+.Xfv@Y[x6H`]R8`!{NsuoCmf=44=j4p3XlX[jxb]}u+ZA43[(@G}KVz$WJ'HdC-g?is~rZ3+5{5QNAr6_rmf?0u6@fpfZ=B-KQYh,S54?=[y}&STw]=FfSQkV^]Y?+JV118Ae!tV6693X.12?w@rP]`Okz(~KaQLdOF]9!x'Tn*mjB8L.JhO2v?W@%fvc@9YSrTQ!b*$jC1^A{8MEP7IlQY4hf4!zPH5=R8J,dHa({QA@KOh(5fd9]})wGdP-H+D+ELEg1.MA@TQE83aMslQo=5CHk?O@*8FD6r.[HiAOEhsGp8r8zQgGcdnD4bnetAOF4tJ9~QDAy93'bmVh3qm}L1g@,n}BcyA'CX9WC8nemgF=QZDnSB~Q9?z_w=ovJ.t@3]]3q(,6wM(Ln?99$z-?s3Nr[cl&8D5$*K,le6w=i8ecaf6nRv813H44`U!9AXpvoV+DMp11v&zWK~Q?nE)Mfx~q-gfLxJYe4K[=ti5y0U4E4gRnj6T2RTY=%-OV?DBHCf{3nk&CREs=`kdK&zJWKMx~L@yt2nh=1g0nQ($iP$uLHDh&r*q=0,1gA}SujU&vS_SOn*K9l*f,7v!IxWaKcj%E?zx?7xbNQ7OO'G*U)^q74=TAf,F~jL~0z1@&MtTZ_bm@ahTf[CM$9hy,5,Y]c18AK`5m+sc1g9'LUzm8RW{=[F7)5JfpttQ4^YB*28r=FRh]GGt{R)hVSGN3x!297GkFLCQg6FW}nm`Y*!b@][X.uPveyq{ALm8N1i5A09&609)952]c2g_BvQz=v[11hO`0-CJr3PZP{b=?Fgg^RLB(oZ^RpU_f{}@9LrN&jYAGMC'nKY8aJ{{=-dokb*`kbNR,e?K3Fj&=!@U`@vtcB]O3)iF1TN`=[nt@.3W=Pjcm-I4eZ6f=W`-[P1NE`N_NGhOvdP2=X.X1&cwBfqaZEnq9x)v9z4@H!U2BI(i=keai('89SCL+7fa!@zy^Zt)F_^4=}oyob3V.aA@Md^v2=d,=ML%i]bR7$jpByQpA?le8i@WtW[Ab0[&9IT8!TgR?}9NP8z&tG*OSG2FA*kl?=aY-S93Y[&k^]T6~uLc84J{bQu.O9`M3JIDN?MG94^gbyZs`mKJZ+(rL}iF=N$!OUVcNW'Voc^'HCf2@iHoKq@dFWPS9OcaIFYv@Qvs`.jM'+H[s+I!zdUt9?u5ND4Lhs?HKL3C5tex@4]MF_.DJGqH%z$cL3s[=ldHJfAxS&5s!Ph=PZ(z85-rN8{q1,`}3@NjTPjk8Hj`kM17%wEcv(?Zt+iH9^7cqxqIHJX*2HZMA5pV@J%YrASJjl`{xGeB-}cz?{iG!Ey_I5.+,4-{!CuVAiFCDGLjhiiv42_$[yPr?1,QYE%N))&&1ImY!yL3?Xer}b=MCS=_HR+4e^'b8XCj1*vqFW'u}.p)}RkA97O%LLI7=vyX51Ml[}ty?X^gZ'}!$9%A*d0`!UGZA}D3$kdR==ObP^X2~)Sw8$OXktzpKRBM~_2(G2LP@=,OO^dwHsZL1kEz,4-E@KtOwML$BBZw&uag$yhR=A4}9XEtPCtEiqyM`UpX=Qcgdte4PVSi]0G.'^?g(Z1z?VXB]2dr`pYQQPb)AD%9A)g2DLsbfnI^'Krm@Im($wvV}Bw)&Q!olKfD?.l.Zh~pzh`iNOkvsp8H@vERMmqfNJ[0acd0Sh4K=jQ0Foh5Vouv1'Mr2pak=Yyt`i[6D&yv&%m5si&B9MtlUz=Ch2VCcrN@u^yx8*?-Ej!*hUlYL..jc}YU9UP2Cf$_8QC6zD$)a]L$?x}$H]mFv38-riPmXJNq@,'f=AHw7ECkwDdNbP%s9fBd4n9nmxK9!]c@q-Uv9]jN^0_dcWyH]Wmb_y=j=5U(2GNw~)(-7h!_!dS39[@VhYlrhL)vcl]*Iq1g(Svy?VXB]2d}~%PNXp+Z9kUK_n-EK%*}_$qtaJ0t@xe)vC?P5yV^$795CtDZ87Tt'.i@YAVR(,^JR..v@X=ojiAFKF=j!F,a%mR`?V0oI3dk`o8hZ?6{'n*~8.e@RbY-?@^hh`6EI]vU=eNP]I))&-5jA%NOQlxIA1o4IXw@[0UN(t4fz^_+=*qa5Wylv1Q5L{6EyJ-$A0(iGpR!J0j)!OXfKcRaA)gIF-(f$=saZO,H*K2`E*9MkbIdFwU_j0,Y]s!So*9MkbIdFwU_j0,Y]s!Sou8MkbIdFwU%9YbWIfIbe?9MkbIdFwU2},H*sMh&@as0PH.NMpH8E8!'47w(=u+&99=^vNA"

"ProductNonBootFiles"="nzT]jI{jf(=1&L[-81-]'mT]jI{jf(=1&L[-81-]b!eLOy{lf(YUu.Q^5gGTdbKx-lbmf(Gn,L[[Q~CN+?tG,trmf(6a?ef)qcK4%jY0(z7qf(fVbqFgkW_BP=BGEGYlf(y~S~pL''F`Vnb1p4Smf(.()L[lj+'(v%3Qf'=nf(9K)L[lj+'(B.xwJWilf(3Dt.Q^5gGT,gH.[lmkf(`%(L[u]z)5yyT]jI{jf(=1&L[-81-]K&,kcJAlf(R@'L[_GKba%fCo)=Lnf(E4*L[xeX)y'fCo)=Lnf(E4*L[xeX)y{eCo)=Lnf(E4*L[xeX)y)fCo)=Lnf(E4*L[xeX)y!fCo)=Lnf(E4*L[xeX)y+fCo)=Lnf(E4*L[xeX)yA3kDVRlpf(d9+L[xeX)y^ry(gGepf(d9+L[xeX)y-fCo)=Lnf(E4*L[xeX)y0fCo)=Lnf(E4*L[xeX)ylXwp?4[sf(lf*L[_GKba2fCo)=Lnf(E4*L[xeX)y4fCo)=Lnf(E4*L[xeX)yQ2{q`z,wf(4G&L[lj+'(}E3vNTNnf(F7*L[xeX)yvE3vNTNnf(F7*L[xeX)yxE3vNTNnf(F7*L[xeX)yzE3vNTNnf(F7*L[xeX)y!F3vNTNnf(F7*L[xeX)y%F3vNTNnf(F7*L[xeX)yG3kDVRlpf(d9+L[xeX)yI3kDVRlpf(d9+L[xeX)yb*{VfBQnf(G=*L[xeX)yg*{VfBQnf(G=*L[xeX)yi*{VfBQnf(G=*L[xeX)ym*{VfBQnf(G=*L[xeX)yq*{VfBQnf(G=*L[xeX)yu*{VfBQnf(G=*L[xeX)yy*{VfBQnf(G=*L[xeX)y$+{VfBQnf(G=*L[xeX)y&+{VfBQnf(G=*L[xeX)y(+{VfBQnf(G=*L[xeX)y*+{VfBQnf(G=*L[xeX)y,+{VfBQnf(G=*L[xeX)y.+{VfBQnf(G=*L[xeX)y1+{VfBQnf(G=*L[xeX)yE3kDVRlpf(d9+L[xeX)y3+{VfBQnf(G=*L[xeX)y5+{VfBQnf(G=*L[xeX)y9+{VfBQnf(G=*L[xeX)y?+{VfBQnf(G=*L[xeX)ya`i0,Gosf(oo*L[_GKbazE2t5e%qf(g6u.Q(31aR8fCo)=Lnf(E4*L[xeX)y=fCo)=Lnf(E4*L[xeX)y@fCo)=Lnf(E4*L[xeX)yBfCo)=Lnf(E4*L[xeX)y6fCo)=Lnf(E4*L[xeX)yDfCo)=Lnf(E4*L[xeX)yMGqOw3Jrf(Hm)L[lj+'(OGqOw3Jrf(Hm)L[lj+'((b1{J9+pf(Zx*L[xeX)ytCy0Z*ktf(qu*L[_GKbaQa72Y?!lf({jeqFYK{3k!0~0`xhkf(7)dqFgkW_B+0~0`xhkf(7)dqFgkW_Bva72Y?!lf({jeqFYK{3k*ReZR@_kf(1rcqFgkW_BUc72Y?!lf({jeqFYK{3k$ReZR@_kf(1rcqFgkW_Bbc72Y?!lf({jeqFYK{3k20~0`xhkf(7)dqFgkW_B&ReZR@_kf(1rcqFgkW_Bpc72Y?!lf({jeqFYK{3kF!*ay_hkf('=6__07*6T=mT]jI{jf(=1&L[-81-]^pT]jI{jf(=1&L[-81-]`zBkuInpf(Ed)L[lj+'(uGLsmcYkf('=6__07*6T(moni9dmf('b&!!=}h%6HmT]jI{jf(=1&L[-81-]iuT]jI{jf(=1&L[-81-](HLsmcYkf('=6__07*6TmA)}&R@mf(*'t.Q^5gGT^TBZvtQlf(ATw.Qtcx[TA3dG_pamf(wNv.Q?MZETVqE-cH`pf(aD*L[_GKbanIo$'h^kf(~Mw.Q^5gGT&nT]jI{jf(=1&L[-81-]SfU$&FXrf(Ip)L[lj+'(FoT]jI{jf(=1&L[-81-]cD!*30duf(.4&L[lj+'(zISDFCDkf(%46__07*6TvMX~x%[qf(Rp)L[_GKbaCrT]jI{jf(=1&L[-81-]KrT]jI{jf(=1&L[-81-]QrT]jI{jf(=1&L[-81-]o{3WQ8Dlf(R@'L[_GKba6b-Cb`Ykf(]w'L[u]z)5h.0fNsImf(ra(L[u]z)55rT]jI{jf(=1&L[-81-]M5KDYSUnf(HA*L[xeX)y'jY0(z7qf(fVbqFgkW_BhY,w=mgsf(YJ*L[lj+'(@!jc2SGmf(X['L[hjwRnCtT]jI{jf(=1&L[-81-]KtT]jI{jf(=1&L[-81-]$.Zcnjgsf(mi*L[_GKba=^cJEdVlf(y~S~pL''F`A^cJEdVlf(y~S~pL''F`^tT]jI{jf(=1&L[-81-]}cHQ?K@mf([['L[_GKbapzBkuInpf(Ed)L[lj+'(nzBkuInpf(Ed)L[lj+'(lzBkuInpf(Ed)L[lj+'(Rnb1p4Smf(.()L[lj+'(Pnb1p4Smf(.()L[lj+'(T'W1!bRmf(6a?ef)qcK4[lT]jI{jf(=1&L[-81-]tCzrM)]lf(ELdqFgkW_B@3B}ETUlf(ELdqFgkW_BB3&5,B^pf(V%eqFgkW_B83&5,B^pf(V%eqFgkW_Bn(Q%q,)rf(s!cqFgkW_B7YK?{]tuf(^?eqFgkW_B=3&5,B^pf(V%eqFgkW_B@3&5,B^pf(V%eqFgkW_BeoT]jI{jf(=1&L[-81-]pxAzs!vtf(Cyn.Q2tAE!rxAzs!vtf(Cyn.Q2tAE!ProductFiles"

"ProductNonBootFiles"="nzT]jI{jf(=1&L[-81-]dbKx-lbmf(Gn,L[[Q~CNu*{VfBQnf(G=*L[xeX)y@vTC5-ie!?O@?t8kXV}nVnb1p4Smf(.()L[lj+'('.i$2`'85Aw$lt^QmP@zuGLsmcYkf('=6__07*6T-q1y7QC.hoDx0g_j4N(k,gH.[lmkf(`%(L[u]z)59dMr%g?`c9wtw)bccvs,oo~R@jK(g(X}ZeAjLly8?-`zgahlf(AL7__oeu^I+~lP^@k(g(_4[eAjLly8y?L^uv`$g(00dqF?s}u+)l1^VrR2&?+60X+8!I!^tCy0Z*ktf(qu*L[_GKbarc72Y?!lf({jeqFYK{3ktc72Y?!lf({jeqFYK{3kW+2r%P~F5A2pw(cnGD*ya)6y+S},C?p8yhJ4.SK?MAmE,^!aOA4+Xi]+GDDG++wQywYIy=n!cohJfvvFK68q`xx23@kB[ewBPC-2-,x(dYjF.?J9JwIVx!-vkb^@UCMUE9rF^3kv+v0xJ9}Q+n`B)=&9c7v0b.yT^U%`9,3)u=lZB7QB0J-&C'~)p}G@Y8nHc+e$g]EL!jJerH&1*@%+yF_r)m6QE`e1J{'T`9jP~@7Gb'3@%*hc1=**g((530(A%nlK]2WA+1YddAF$)12x31TR`SGKO7WHt@Vlar[z{U)Q5QciuCK-MA2Cc6E%KGA`hG6Ejo%oj=I3Fc`bLge)-xqG+9}m?9mSvUDB@uz)uq0UglRT_8?a^qhW&B~b=xzvcs!um@Yhc^($bTaEy=jU$oAPy@2eYx^y7@OazHwTUpUC09=mVWy]Y~g^BGbIu4ImU?W4?[?M~R$s^_5Xjqtx1@.[jKCG`eUAadpE7ELtd?w2~i.r==c$ZqM_w1UkZ8j(amy?@1W-q4h.]5nV*?xY]~P?@aQu`t=.KM0R==AkUFY?]KOtCrT]jI{jf(=1&L[-81-]KrT]jI{jf(=1&L[-81-]QrT]jI{jf(=1&L[-81-]P,0aR({+L9(7uk%O-=ugMjlX*9a~+9j4ow%VdMWYk8MN-siGD9Gaq{g'SCYaiTiR3*m.2AO}gi*Ib$v*?E_elNAv^?'b&$=*oxluSqW^g}r$2=DXPl.!B-utj]`,C?8mLA]KT`pw0egdtCzrM)]lf(ELdqFgkW_BB3&5,B^pf(V%eqFgkW_B@3&5,B^pf(V%eqFgkW_BpzBkuInpf(Ed)L[lj+'(nzBkuInpf(Ed)L[lj+'(lzBkuInpf(Ed)L[lj+'(80h5Giv!g(vaTeA?)7(&Em'`igdpf(aD*L[_GKbahlT]jI{jf(=1&L[-81-]!?n))^9%g(+8UeA?)7(&u-C_QH_mX@,Q^K$pon2O3]dCy~JJ??%rq,H`YRs%6s?[[,`&)9py0bGg*hPGcB'Hq33[f?ruf[lgD4l1n$=f]w~IJ?s1Oae+=TS.]c!p4=i4P9TMGJYDEX^ogiiAzeAag8jqlfz*3FVK_{@h=i,nf(R8(L[JO9}X_}M^V8Xqf(Rp)L[_GKbaProductFiles"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Country List\994]
"Name"="Azerbaijan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AZESearch]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AZESearch]
"DisplayName"="Uinstall Aze Bar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AZESearch]
"UninstallString"="regsvr32 /u /s \"C:\\WINDOWS\\system32\\azesearch4.ocx\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\control.ini]
"Screen Saver.3DMaze"="USR:Control Panel\\Screen Saver.3DMaze"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones]
"TimeZone_3"="Azerbaijan Standard Time"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones]
"TimeZone_109"="Azerbaijan Standard Time"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones]
"Std_Uninstall_109"="Azerbaijan Standard Time"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones]
"Dlt_Uninstall_109"="Azerbaijan Daylight Time"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time]
"Std"="Azerbaijan Standard Time"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time]
"Dlt"="Azerbaijan Daylight Time"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0000042c]
"Layout Text"="Azeri Latin"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0000042c]
"Layout File"="KBDAZEL.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0000082c]
"Layout Text"="Azeri Cyrillic"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0000082c]
"Layout File"="KBDAZE.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\0000042c]
"Layout Text"="Azeri Latin"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\0000042c]
"Layout File"="KBDAZEL.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\0000082c]
"Layout Text"="Azeri Cyrillic"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\0000082c]
"Layout File"="KBDAZE.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000042c]
"Layout Text"="Azeri Latin"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000042c]
"Layout File"="KBDAZEL.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000082c]
"Layout Text"="Azeri Cyrillic"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000082c]
"Layout File"="KBDAZE.DLL"

[chemist]

Hi andrew. You have to help me out here and answer my questions. Is avast! gone?

When you say Internet Options won't work, do you mean in the Control Panel, under Tools, or both? Let me know.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist: (Make sure you do not miss any)

O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart

Please remember to close all other windows, including browsers then click Fix checked.

Please close HijackThis now.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad (don't forget to copy and paste REGEDIT4):

Code:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AZESearch]

Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------

Reboot your computer.

Is Uinstall Aze Bar gone? Please check Add or Remove Programs.

[andrewb1]

Sorry, yes avast! is gone. 'Uinstall Aze Bar' has also gone from Add/Remove programs list.

And Internet Options wont work in the Control panel or under Tools menu.

[chemist]

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:

if exist C:\peek*.txt del /q C:\peek*.txt
if exist C:\look.txt del /q C:\look.txt
REG QUERY "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFolderOptions>C:\peek1.txt
REG QUERY "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v NoBrowserOptions>C:\peek2.txt
REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoFolderOptions>C:\peek3.txt
type C:\peek*.txt > C:\look.txt
start notepad C:\look.txt
del C:\peek*.txt

Save this as peek.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on peek.bat and allow it to run. A Notepad file will open. Post the contents of that file in your next reply. Delete peek.bat now.

------------------------------------------------------

[andrewb1]

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

[chemist]

This one may have licked me. We may have to reinstall IE7. First, do you have more than one administrator account? If so, go into a different administrator account and see if Internet Options is working. Let me know.

If you only have one administrator account, create another one via User Accounts in your Control Panel. Now see if Internet Options is working in that account. Let me know.

[andrewb1]

No, it stayed the same. Should i try to re-install IE7?