constantly getting bleeping nises and visrus checker is throwing up the culprit rbot.765952.17

here is my hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 11:29:17, on 03/05/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\RAM Def\ramdef.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Windows\system32\qpijvqti.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Windows\system32\conime.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Users\Dave\Desktop\f-bot.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [RAMDef] C:\Program Files\RAM Def\ramdef.exe -tray
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] qpijvqti.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Microsoft Windows Update] qpijvqti.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] qpijvqti.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/wind...?1186512785546
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Besides a couple of 'unknown' applications that i dont recognize as nasty and a few 'unkown' processes which seems ok to me, i cant see anything in your logs?

Do you know what these are?

C:\Program Files\RAM Def\ramdef.exe
C:\Windows\system32\qpijvqti.exe
C:\Users\Dave\Desktop\f-bot.exe

That executable in system32 worries me a bit but ive never seen it before? (might do some more research on that one unless crunchie can fill me in on it)

These items below are autoloading programs from the registry that i do not recognize as malicious(thats not to say they arent) Something to do with windows update in vista......
O4 - HKLM\..\Run: [Microsoft Windows Update] qpijvqti.exe

O4 - HKLM\..\RunServices: [Microsoft Windows Update] qpijvqti.exe

O4 - HKCU\..\Run: [Microsoft Windows Update] qpijvqti.exe

Apart from this your log looks fine!

If you like, try renaming the HiJackThis.exe to digitalfix.exe....rescan with it and post a new log.

Regards

Hi. First of all you need to update hijackthis to version 2.0.2. Download HijackThis from here. Download it to your desktop and NOT a temporary folder.

==========

Try running this;

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :

• Restart your computer
• After hearing your computer beep once during startup, but before the
  Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

• In Safe Mode, right click the SDFix.zip folder and choose Extract
  All,
• Open the extracted folder and double click RunThis.bat to
  start the script.
• Type Y to begin the script.
• It will remove the Trojan Services then make some repairs to the
  registry and prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• Your system will take longer that normal to restart as the fixtool
  will be running and removing files.
• When the desktop loads the Fixtool will complete the removal and
  display Finished, then press any key to end the script and load
  your desktop icons.
• Finally open the SDFix folder on your desktop and copy and paste the
  contents of the results file Report.txt back onto the forum with
  a new HijackThis log

Sdfix doesnt seem to work woth vista any other ideas?

Sorry about that. I thought by now it would have been Vista compatible.

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

ComboFix 08-05-09.1 - Dave 2008-05-11 13:17:01.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1219 [GMT 1:00]
Running from: C:\Users\Dave\Desktop\ComboFix.exe
.
/wow section not completed

((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-05-11 13:16 . 2008-05-11 13:16 <DIR> d-------- C:\327882R2FWJFW
2008-05-11 13:02 . 2008-05-11 13:02 4,958,588 --a------ C:\Windows\{00000004-00000000-00000004-00001102-00000004-20021102}.BAK
2008-05-11 12:48 . 2008-05-11 13:01 <DIR> d-------- C:\Users\Dave\AppData\Roaming\AOL
2008-05-11 12:48 . 2008-05-11 12:48 855 --a------ C:\Windows\aolback.exe.lnk
2008-05-11 12:46 . 2008-05-11 12:46 <DIR> d-------- C:\Users\All Users\Viewpoint
2008-05-11 12:46 . 2008-05-11 12:46 <DIR> d-------- C:\ProgramData\Viewpoint
2008-05-11 12:46 . 2008-05-11 12:27 54,832 --a------ C:\Windows\System32\AOLParconLink.exe
2008-05-11 12:31 . 2008-05-11 12:48 <DIR> d-------- C:\Users\All Users\AOL
2008-05-11 12:31 . 2008-05-11 12:48 <DIR> d-------- C:\ProgramData\AOL
2008-05-11 12:31 . 2008-05-11 12:47 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-05-11 12:31 . 2008-05-11 13:10 <DIR> d-------- C:\Program Files\AOL 9.0
2008-05-11 12:31 . 2006-11-29 23:24 33,588 --a------ C:\Windows\System32\drivers\wanatw4.sys
2008-05-11 11:51 . 2008-05-11 11:52 233,638,225 --a------ C:\Windows\MEMORY.DMP
2008-05-11 11:43 . 2005-01-14 04:41 11,254 --a------ C:\Windows\System32\locate.com
2008-05-11 11:41 . 2008-05-11 11:47 <DIR> d-------- C:\MGtools
2008-05-11 11:41 . 2008-05-11 11:47 71,275 --a------ C:\MGlogs.zip
2008-05-11 11:17 . 2008-05-11 11:17 <DIR> d-------- C:\cf
2008-05-11 10:26 . 2008-05-11 10:30 1,238,055 --a------ C:\MGtools.exe
2008-05-11 10:14 . 2008-05-11 10:14 335 --a------ C:\Windows\nsreg.dat
2008-05-07 12:58 . 2008-05-07 12:58 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-05-07 12:58 . 2008-05-07 12:58 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-05-06 16:03 . 2008-05-06 16:03 354,560 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-05-06 16:03 . 2008-04-04 14:51 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-05-06 16:03 . 2008-04-04 14:51 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-05-06 10:39 . 2008-05-06 10:39 944,184 --a------ C:\Windows\System32\winload.exe
2008-05-06 10:39 . 2008-05-06 10:39 620,088 --a------ C:\Windows\System32\ci.dll
2008-05-06 10:39 . 2008-05-06 10:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-05-06 10:39 . 2008-05-06 10:39 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-05-06 10:39 . 2008-05-06 10:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-05-06 10:39 . 2008-05-06 10:39 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-05-06 10:39 . 2008-05-06 10:39 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-05-06 10:39 . 2008-05-06 10:39 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-05-06 10:39 . 2008-05-06 10:39 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-05-06 10:38 . 2008-05-06 10:38 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-05-06 10:38 . 2008-05-06 10:38 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-05-03 15:34 . 2008-05-03 15:34 <DIR> d-------- C:\Users\Dave\AppData\Roaming\WaterProof
2008-05-03 15:33 . 2008-05-03 15:33 <DIR> d-------- C:\Program Files\WaterProof
2008-05-03 15:28 . 2008-05-03 15:28 765 --a------ C:\Windows\wininit.ini
2008-05-03 14:46 . 2008-05-03 14:46 401,720 --a------ C:\Users\Dave\HiJackThis.exe
2008-05-03 12:15 . 2008-05-03 12:15 <DIR> d-------- C:\Users\Dave\AppData\Roaming\ActiveState
2008-05-03 11:44 . 2008-05-03 11:44 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-05-03 11:44 . 2008-05-03 11:44 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-05-03 11:41 . 2008-05-03 11:41 99,840 --a------ C:\Windows\System32\poqexec.exe
2008-05-03 11:03 . 2008-05-03 11:03 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-03 10:59 . 2008-05-03 11:15 <DIR> d-------- C:\Program Files\ScanSpyware v3.8
2008-05-03 10:56 . 2008-05-03 10:57 <DIR> d-------- C:\Users\Dave\AppData\Roaming\AdwareAlert
2008-05-03 10:53 . 2008-05-03 10:53 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-05-03 10:52 . 2008-05-03 10:49 691,545 --a------ C:\Windows\unins000.exe
2008-05-03 10:52 . 2008-05-03 10:52 2,538 --a------ C:\Windows\unins000.dat
2008-05-03 10:37 . 2007-11-14 17:52 765,952 -r-hs---- C:\Windows\System32\ouwtoigq.exe
2008-05-03 10:27 . 2007-11-14 17:52 765,952 -r-hs---- C:\Windows\System32\tktslhpf.exe
2008-05-03 10:07 . 2007-11-14 17:52 765,952 -r-hs---- C:\Windows\System32\qfdyscpo.exe
2008-05-02 14:42 . 2007-11-14 17:52 765,952 -r-hs---- C:\Windows\System32\ocpzknen.exe
2008-05-02 14:42 . 2007-11-14 17:52 765,952 -r-hs---- C:\Windows\System32\bibrraad.exe
2008-05-02 13:17 . 2008-05-02 13:17 <DIR> d-------- C:\Program Files\Discreet e-Learning
2008-05-02 13:16 . 2000-10-31 02:11 98,304 --a------ C:\Windows\System32\tsccvid.dll
2008-05-01 08:08 . 2007-11-14 17:52 765,952 -r-hs---- C:\Windows\System32\owhpxbcw.exe
2008-05-01 08:07 . 2007-11-14 17:52 765,952 -r-hs---- C:\Windows\System32\wmtxpecx.exe
2008-04-27 18:56 . 2008-04-27 18:56 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-27 18:50 . 2008-04-27 18:50 <DIR> d-------- C:\Users\Dave\AppData\Roaming\TuneUp Software
2008-04-27 18:49 . 2008-04-27 18:49 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-04-27 18:49 . 2008-04-27 18:49 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-04-27 18:49 . 2008-05-06 16:03 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-25 17:33 . 2007-11-14 17:52 765,952 -r-hs---- C:\Windows\System32\wdkrmssf.exe
2008-04-25 17:33 . 2007-11-14 17:52 765,952 -r-hs---- C:\Windows\System32\vsyjsbyc.exe
2008-04-24 10:28 . 2007-11-14 17:52 765,952 -r-hs---- C:\Windows\System32\roalqllh.exe
2008-04-24 10:28 . 2007-11-14 17:52 765,952 -r-hs---- C:\Windows\System32\pzkedbbw.exe
2008-04-20 11:23 . 2008-04-20 11:24 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-04-20 11:18 . 2008-04-20 11:18 <DIR> d--h----- C:\Users\Dave\InstallAnywhere
2008-04-18 13:25 . 2007-11-14 17:52 765,952 -r-hs---- C:\Windows\System32\egvqfboc.exe
2008-04-18 13:25 . 2007-11-14 17:52 765,952 -r-hs---- C:\Windows\System32\bspyjwxp.exe
2008-04-12 15:54 . 2007-11-14 17:52 765,952 -r-hs---- C:\Windows\System32\bpkahlqa.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 12:09 --------- d-----w C:\Users\Dave\AppData\Roaming\WTablet
2008-05-11 11:53 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-11 10:57 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-10 18:21 --------- d-----w C:\ProgramData\Google Updater
2008-05-08 10:44 --------- d-----w C:\Users\Dave\AppData\Roaming\CoreFTP
2008-05-07 15:05 --------- d-----w C:\Users\Dave\AppData\Roaming\uTorrent
2008-05-07 14:19 --------- d-----w C:\Users\Dave\AppData\Roaming\OpenOffice.org2
2008-05-07 13:38 --------- d-----w C:\Program Files\PartyGaming
2008-05-06 15:09 --------- d-----w C:\Program Files\Windows Mail
2008-05-06 09:40 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-05 09:50 --------- d-----w C:\Program Files\iTunes
2008-05-05 09:50 --------- d-----w C:\Program Files\iPod
2008-05-05 09:48 --------- d-----w C:\Program Files\QuickTime
2008-05-05 09:40 --------- d-----w C:\Program Files\Apple Software Update
2008-05-05 08:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-03 11:18 --------- d-----w C:\Program Files\Developers Pad
2008-05-03 10:42 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-05-03 10:42 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-05-03 10:42 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-03 10:42 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-05-03 09:42 --------- d-----w C:\Program Files\Opera
2008-05-03 09:37 --------- d---a-w C:\ProgramData\TEMP
2008-04-27 18:08 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-27 17:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 10:26 --------- d-----w C:\Users\Dave\AppData\Roaming\Sports Interactive
2008-04-20 10:23 --------- d-----w C:\Program Files\Sports Interactive
2008-04-05 14:08 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-04 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-04 16:01 --------- d-----w C:\Program Files\Dark Basic Software
2008-03-30 21:28 --------- d-----w C:\Program Files\VideoLAN
2008-03-26 11:58 --------- d-----w C:\ProgramData\Avira
2008-03-26 11:58 --------- d-----w C:\Program Files\Avira
2008-03-26 11:13 --------- d-----w C:\ProgramData\iolo
2008-03-26 11:13 --------- d-----w C:\Program Files\iolo
2008-03-25 18:16 --------- d-----w C:\Users\Dave\AppData\Roaming\iolo
2008-03-25 17:04 74,703 ----a-w C:\Windows\System32\mfc45.dll
2008-03-24 19:28 --------- d-----w C:\ProgramData\Joy coal mpeg heck
2008-03-24 11:36 102,664 ----a-w C:\Windows\system32\drivers\tmcomm.sys
2008-03-19 20:55 --------- d-----w C:\Program Files\Java
2008-03-19 12:28 --------- d-----w C:\Program Files\ActiveState Komodo Edit 4
2008-03-17 12:31 --------- d-----w C:\Program Files\CoreFTP
2008-03-16 18:14 --------- d-----w C:\Program Files\MSN Messenger
2008-03-16 18:13 --------- d-----w C:\Program Files\Windows Live
2008-03-16 18:12 --------- d-----w C:\ProgramData\WLInstaller
2008-03-12 11:16 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-12 09:14 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-12 09:14 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-02-29 17:53 669,184 ----a-w C:\Windows\System32\pbsvc.exe
2008-02-29 17:53 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-02-29 17:53 22,328 ----a-w C:\Users\Dave\AppData\Roaming\PnkBstrK.sys
2008-02-29 17:53 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-02-17 10:48 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-17 10:48 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-17 10:48 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-17 10:48 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-17 10:45 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-17 10:45 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-17 10:44 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 10:44 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 10:44 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-17 10:44 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-17 10:44 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-17 10:44 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-17 10:44 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 10:44 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 10:44 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-17 10:44 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-17 10:40 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-05 20:02 174 --sha-w C:\Program Files\desktop.ini
2006-10-20 11:09 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2005-09-20 12:07 52 ----a-w C:\Program Files\Save Windows and Programs (No Data or Documents).BDF
2005-09-20 12:07 52 ----a-w C:\Program Files\Save Data and Documents Only.BDF
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\axbrvpte.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\bibrraad.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\bkmcgiyf.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\bpkahlqa.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\bspyjwxp.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\cfuctank.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\cgqyeyds.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\dzllsxef.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\egvqfboc.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\ggjckaht.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\jgjiszqs.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\jvajkmuy.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\jxhqhuhs.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\lgnmodzc.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\lilsxriu.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\ljyzrhfe.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\mdmidzgf.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\mwmampqr.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\ocpzknen.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\oscurynf.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\othbkolp.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\ouwtoigq.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\owhpxbcw.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\pawyvbrt.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\pzkedbbw.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\qehkqzer.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\qfdyscpo.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\qphbmnie.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\qsuyoyot.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\rlygipjw.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\roalqllh.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\tgarjdgg.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\thgqejpc.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\tktslhpf.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\tpkupwon.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\twawbche.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\vjerjsog.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\vsyjsbyc.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\wbvoermp.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\wdkrmssf.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\wmtxpecx.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\xhrxfcrk.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\yhsjfvtv.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\ynsnpvzp.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\yzzdjyvy.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\zrpkyvow.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-11-02 10:45 8704]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:34 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [2007-04-18 07:49 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-05 19:31 1006264]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-11-02 10:44 989696 C:\Windows\System32\bthprops.cpl]
"RAMDef"="C:\Program Files\RAM Def\ramdef.exe" [2002-10-28 13:39 122040]
"CTHelper"="CTHELPER.EXE" [2007-02-12 20:47 19456 C:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-02-12 20:47 19968 C:\Windows\System32\CTXFIHLP.EXE]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [2007-05-11 12:58 176128]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-03 10:40 262401]
"HostManager"="C:\Program Files\Common Files\AOL\1210505470\ee\AOLSoftware.exe" [2006-09-26 01:52 50736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-07-11 13:15:13 132656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
"SENTINEL"= snti386.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:Enabledxpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:enabledxpsp2res.dll,-22019
"C:\\Program Files\\MSN Messenger\\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:Enabled:Windows Live Messenger 8.1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"137:UDP"= 137:UDP:Enabledxpsp2res.dll,-22001
"138:UDP"= 138:UDP:Enabledxpsp2res.dll,-22002
"139:TCP"= 139:TCP:Enabledxpsp2res.dll,-22004
"1900:UDP"= 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"445:TCP"= 445:TCP:Enabledxpsp2res.dll,-22005

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\livecall.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\livecall.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Domain"= TCP:%windir%\Network Diagnostic\xpnetdiag.exexpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Domain"= UDP:%windir%\Network Diagnostic\xpnetdiag.exexpsp3res.dll,-20000
"C:\\utorrent\\utorrent.exe-UDP-Standard"= TCProfile=Public|C:\utorrent\utorrent.exe:µTorrent
"C:\\utorrent\\utorrent.exe-TCP-Standard"= UDProfile=Public|C:\utorrent\utorrent.exe:µTorrent
"C:\\Program Files\\TVAnts\\Tvants.exe-UDP-Standard"= TCProfile=Public|C:\Program Files\TVAnts\Tvants.exe:TVAnts
"C:\\Program Files\\TVAnts\\Tvants.exe-TCP-Standard"= UDProfile=Public|C:\Program Files\TVAnts\Tvants.exe:TVAnts
"C:\\Program Files\\SopCast\\SopCast.exe-UDP-Standard"= TCProfile=Public|C:\Program Files\SopCast\SopCast.exeopCast Main Application
"C:\\Program Files\\SopCast\\SopCast.exe-TCP-Standard"= UDProfile=Public|C:\Program Files\SopCast\SopCast.exeopCast Main Application
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-UDP-Standard"= TCProfile=Public|C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\livecall.exe-UDP-Standard"= TCProfile=Public|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\Messenger\\msmsgs.exe-UDP-Standard"= TCProfile=Public|C:\Program Files\Messenger\msmsgs.exe:Windows Messenger
"C:\\Program Files\\Messenger\\msmsgs.exe-TCP-Standard"= UDProfile=Public|C:\Program Files\Messenger\msmsgs.exe:Windows Messenger
"C:\\Program Files\\iTunes\\iTunes.exe-UDP-Standard"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\\Program Files\\iTunes\\iTunes.exe-TCP-Standard"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\\Program Files\\IBP 9\\IBP.exe-UDP-Standard"= TCProfile=Public|C:\Program Files\IBP 9\IBP.exe:Internet Business Promoter (IBP)
"C:\\Program Files\\IBP 9\\IBP.exe-TCP-Standard"= UDProfile=Public|C:\Program Files\IBP 9\IBP.exe:Internet Business Promoter (IBP)
"C:\\Program Files\\Bonjour\\mDNSResponder.exe-UDP-Standard"= TCProfile=Public|C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"C:\\Program Files\\Bonjour\\mDNSResponder.exe-TCP-Standard"= UDProfile=Public|C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Standard"= TCProfile=Public|%windir%\Network Diagnostic\xpnetdiag.exexpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Standard"= UDProfile=Public|%windir%\Network Diagnostic\xpnetdiag.exexpsp3res.dll,-20000
"TCP Query User{E05D58D4-6560-400F-A664-64191E7CA826}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{F9A0ED79-DB85-4E49-93DE-76DB28B2F15B}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{426FBEA7-1A5E-48A4-878C-C105CBF84334}C:\\users\\dave\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\dave\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{9F23201F-CE52-4663-8527-143BFEDF2151}C:\\users\\dave\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\dave\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{57E00588-0F89-44E0-A247-F47B6E47450C}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{53EE0EEC-A933-4A48-A748-EA10F313C919}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{C9ED7F9B-A248-42A6-89B6-9F8A9EA99E82}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exeopCast Adver
"UDP Query User{158F18F6-D29C-4530-A8D7-8B51E7149F11}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exeopCast Adver
"{6DB8402B-1FBB-4A49-9BB7-9FC94B1C47FE}"= UDP:H:\unreal\Binaries\UT3.exe:Unreal Tournament 3
"{CEC74C67-A518-48CA-B048-4BC42D41E89F}"= TCP:H:\unreal\Binaries\UT3.exe:Unreal Tournament 3
"{84B3973C-7D95-4A19-8F0C-F4987831704D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{36037F1D-7BDB-4820-8F36-1D10FEBCD72D}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DC709908-E897-4293-BE2B-E814DFBF470B}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{088112E6-BED9-432A-9468-AF9C7734FFC2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0893BA79-0B4F-4A45-9111-98D2F73DF0FF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{724B2031-4947-40EB-9317-E51AF25D4CDC}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{BD5A081B-EA6A-4AF8-9A13-DAF47F4C2C7C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{776D0B28-F065-4CBA-9B91-9127880D94F7}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8394283E-36F2-4DB6-A825-793290C5CDD7}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{6038B33C-0341-4FD5-AEFD-1C214B316338}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{07DC3DAD-53D5-4315-8DEE-1251D0593271}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{E66E0EEC-6430-4BB5-AEEE-19B1D12FD79B}H:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= UDP:H:\program files\autodesk\maya2008\bin\maya.exe:Maya
"UDP Query User{60570AD3-ED4A-4904-8DD8-63C065E4231B}H:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= TCP:H:\program files\autodesk\maya2008\bin\maya.exe:Maya
"TCP Query User{B179DF4A-4D4B-42AF-BF1C-76B08DB0C129}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{AE4F3A99-B3AC-458E-A905-0BD19A468184}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{9FF7EF2A-82E6-4E65-A32E-4BB4CC926B61}"= UDP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{82CC5686-BD3B-4054-B6FF-6D0769C2C4B7}"= TCP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{3CB84FEF-4FCE-47DC-8161-F1CBC11799EF}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{6C78AB72-2D71-4B13-A849-A717CE5FE326}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{FC49E3C6-4DE5-46C7-A6CE-ACD488A61588}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{FF572F38-CC5B-4DB2-A2D6-F2872427FF51}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{0801D404-1A75-4A62-8F8A-5DEC132E3049}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{FD8CF48C-CE3B-435E-A297-789CC90A6FA9}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{F1DB7785-1283-4E2D-8093-9BAB773400A6}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{5CC46B23-F7F5-431D-9551-7A3B8E060075}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{7C418694-2DC5-486F-8099-DBE0143E2919}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{C104931C-22A9-4303-9666-41A7E498A502}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{16936F71-55E0-44AF-8C78-0B72FF4CF8B9}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{C0C54C3F-939F-4DB0-9B36-1A2687708F62}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{D466F799-29B1-489F-BCE8-EE26F3BA4AA0}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{F834A401-D696-4406-9317-EB3F6D3973FF}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{04F1F59F-D018-4E8B-A273-FD8D456D3003}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{0B0FDDF8-379F-4519-993C-2649EA6643AE}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{5CB1894E-FC63-419D-A81A-85006A73334D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{15A36052-ED44-42E0-ADBB-1F08A37FB45E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F3206ABD-6493-447A-B8E7-C3F93447D2C8}C:\\windows\\system32\\jgjiszqs.exe"= UDP:C:\windows\system32\jgjiszqs.exe:jgjiszqs
"UDP Query User{9C85A4F2-5CC9-4905-AD06-6DD9914BF5DA}C:\\windows\\system32\\jgjiszqs.exe"= TCP:C:\windows\system32\jgjiszqs.exe:jgjiszqs
"{F1DE8232-3B4B-4649-A281-AFED640388EA}"= UDP:C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"{930E6734-29D4-41F0-A99F-E32D2C35BF2D}"= TCP:C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"{A0634106-A719-439C-AB18-572D474B63C4}"= UDP:C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe:iolo AntiVirus®
"{DACBE09F-6582-485A-BF49-44196A9D94FB}"= TCP:C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe:iolo AntiVirus®
"{3E7A4E3A-8EC3-42ED-8D52-35FC4085EEC3}"= UDP:C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe:iolo AntiVirus® Email Protection
"{7826A1F6-143A-442F-A361-11281D378B4B}"= TCP:C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe:iolo AntiVirus® Email Protection
"{049DAC5B-5F8C-4F08-B7D2-B8FE1C3CC39F}"= UDP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{EEF25ED6-EA8D-4BE6-ABDB-FA1447FC77FC}"= TCP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{F2470EA9-E515-41AC-BA31-F757668039EA}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{98E37358-7C01-415E-B706-2A79739492A7}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{5FC1F75C-CBF4-4AE0-B1B1-F4C323DDF218}C:\\program files\\waterproof\\phpedit\\2.12.8\\extensions\\dbg\\dbglistener.exe"= UDP:C:\program files\waterproof\phpedit\2.12.8\extensions\dbg\dbglistener.exe:Listener for php debugger DBG
"UDP Query User{2850068E-2C6E-4ED4-BC7E-E19B39C443A0}C:\\program files\\waterproof\\phpedit\\2.12.8\\extensions\\dbg\\dbglistener.exe"= TCP:C:\program files\waterproof\phpedit\2.12.8\extensions\dbg\dbglistener.exe:Listener for php debugger DBG
"TCP Query User{2CCEFD09-E466-4B23-98C3-926A35EB0F9A}C:\\program files\\waterproof\\phpedit\\2.12.8\\phpedit.exe"= UDP:C:\program files\waterproof\phpedit\2.12.8\phpedit.exeHPEdit - The PHP IDE
"UDP Query User{70EB3B0D-8ABA-4B91-8605-53FB9F3CCB4D}C:\\program files\\waterproof\\phpedit\\2.12.8\\phpedit.exe"= TCP:C:\program files\waterproof\phpedit\2.12.8\phpedit.exeHPEdit - The PHP IDE
"{EAC2F4A5-972F-4B2A-8020-BBEA49396EAE}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FEB7FF30-D24D-4468-BC75-DEF48DD1D6C0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0AEB14E4-9666-4AFF-BE8A-2065DA8280F9}"= UDP:C:\Program Files\AOL 9.0\waol.exe:AOL
"{1FBA6D27-EBFC-463C-9FE4-F88D2E6C2877}"= TCP:C:\Program Files\AOL 9.0\waol.exe:AOL
"{D7F07924-1CE7-421D-8DEC-5AFBE47C843D}"= UDP:C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{33687362-DEC2-46FF-B7C8-CF82C69B6883}"= TCP:C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{7117EE63-2804-4CA2-A94C-CA0D53A94991}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A07A7C15-7885-4DF6-9BE6-23DBEE3E72B8}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E8FA962E-6ECA-4A9E-B42C-8F6FA830A771}"= UDP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{B7640469-2281-4B6B-9EB1-65271B65A7B7}"= TCP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL System Information

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:Enabledxpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:enabledxpsp2res.dll,-22019
"C:\\Documents and Settings\\Dave\\Application Data\\SopCast\\adv\\SopAdver.exe"= C:\Users\Dave\Application Data\SopCast\adv\SopAdver.exe:EnabledopCast Adver
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"= C:\Program Files\Bonjour\mDNSResponder.exe:Enabled:Bonjour
"C:\\Program Files\\IBP 9\\IBP.exe"= C:\Program Files\IBP 9\IBP.exe:Enabled:Internet Business Promoter (IBP)
"C:\\Program Files\\iTunes\\iTunes.exe"= C:\Program Files\iTunes\iTunes.exe:Enabled:iTunes
"C:\\Program Files\\Messenger\\msmsgs.exe"= C:\Program Files\Messenger\msmsgs.exe:Enabled:Windows Messenger
"C:\\Program Files\\MSN Messenger\\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:Enabled:Windows Live Messenger 8.1
"C:\\Program Files\\SopCast\\SopCast.exe"= C:\Program Files\SopCast\SopCast.exe:EnabledopCast Main Application
"C:\\Program Files\\TVAnts\\Tvants.exe"= C:\Program Files\TVAnts\Tvants.exe:Enabled:TVAnts
"C:\\utorrent\\utorrent.exe"= C:\utorrent\utorrent.exe:Enabled:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"137:UDP"= 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"139:TCP"= 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"1900:UDP"= 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"445:TCP"= 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005

R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 15:12]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R3 HabuFltr;Habu Mouse;C:\Windows\system32\drivers\habu.sys [2006-08-14 11:21]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-11-05 17:27]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-05-06 16:03]
S3 uisp;Freescale USB JW32 driver;C:\Windows\system32\Drivers\usbicp.sys [2005-12-21 12:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_MULTI_SZ WUDFSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-02 16:17:20 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-05-11 11:45:01 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-02 15:00:00 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 13:17:31
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-05-11 13:24:34

Pre-Run: 49,773,588,480 bytes free
Post-Run: 49,729,724,416 bytes free

417 --- E O F --- 2008-05-06 09:40:48


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:25, on 11/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\RAM Def\ramdef.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Common Files\AOL\1210505470\ee\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\system32\SearchFilterHost.exe
c:\program files\common files\aol\1210505470\ee\anotify.exe
C:\Users\Dave\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RAMDef] C:\Program Files\RAM Def\ramdef.exe -tray
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210505470\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/wind...?1186512785546
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F444044-83BB-4F4D-8783-7F81A1EC6162}: NameServer = 205.188.146.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 10778 bytes

Please go to Jotti's or to virustotal and have these files scanned.


=======

If they come back bad as I suspect they will, do the following;


==

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt
• A new HijackThis log.

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Hmmmm im once i have dragged the CFSscript.txt file into combofix its just saying trying to create a system restore point for 10 mins and does nothing. am i being impatient or is something wrong?

Try in safe mode and if that does not work, we will try something else.