Hi there, I've been having some problems on startup (Win XP) whereby on entering Windows after about 10-20 seconds the desktop and taskbar simply disappears. Sometimes it reappears after another 10-20 seconds but then it usually goes again for good.

If I open a program before it disappears the first time, such as IE or TuneUp Utils sometimes the desktop/taskbar stay longer (about 5 mins). It's very odd.

I scanned with Ad-aware Personal and Kaspersky. Found some trojans and deleted them. One of them came back a few more times "iifggde.dll" but it hasn't resurfaced again after I disinfected with KAV.

I have also noticed that multiple (around 7) svchost.exe processes keep coming up as you can see from the HJ log. Please, if anyone can find a solution to this I would be extremely grateful! I'm in the middle of a massive project which has now ceased. Will keep lurking around in the meantime.

Thanks,
Keenan

----------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:00:09 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mrofinu1044.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\PROGRA~1\COMMON~1\SKS~1\chkdsk.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.national.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1044.exe 61A847B5BBF72813329F3C466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Ohnw] "C:\PROGRA~1\COMMON~1\SKS~1\chkdsk.exe" -vt yazb
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Bytescout SWF To Video Scout - {ED67D390-1DBC-4A3A-A92E-289D4729335B} - C:\Program Files\Bytescout SWF To Video Scout\flashextract.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/n...tialSetup1.0.0.8-2.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/...eShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/...U/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.micros...site.cab?1115858167930
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/mi...site.cab?1133160044023
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/...atsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/...ry/ZIntro.cab56649.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/...sPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Recommended Answers

All 20 Replies

I'm bothered by c:\windows\mrofinu1044.exe .

Does that file have any author's signaure?

When did it appear? At the same time as the trojan?

Be suspicious of that file and any file of similar/identical size created within a few seconds of its creation time if that coincided with your trojan.

yes i noticed that one too. thought it best to confirm with someone else who knows what's going on. Should I fix with HJT??

After reading this thread on proper use of HJT (http://www.daniweb.com/forums/thread28196.html), here is a more up to date log. Also following that I have included a list of the running DLL's using Process Explorer (hopefully you can read it!)

ALSO, have recently found out that through Task Manager I can get acces to explorer by creating a new task. This works for a sufficient enough time for me to gain access to anything i may need (~10mins!)

----------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:42:14 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\PROGRA~1\COMMON~1\SKS~1\chkdsk.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=96&threadid=88188&enterthread=y
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Ohnw] "C:\PROGRA~1\COMMON~1\SKS~1\chkdsk.exe" -vt yazb
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Bytescout SWF To Video Scout - {ED67D390-1DBC-4A3A-A92E-289D4729335B} - C:\Program Files\Bytescout SWF To Video Scout\flashextract.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

----------------------------

Process: explorer.exe Pid: 656

Name Description Company Name Version
ctype.nls
index.dat
index.dat
index.dat
lgscroll.dll
locale.nls
sortkey.nls
sorttbls.nls
unicode.nls
WinStylerThemeHelper.dll
miscr3.dll Kaspersky Anti-Virus Ring 3 Hooker Helper Kaspersky Lab 7.00.0000.0119
scrchpg.dll Script Checker Kaspersky Lab 7.00.0000.0119
AcGenral.DLL Windows Compatibility DLL Microsoft Corporation 5.01.2600.2180
actxprxy.dll ActiveX Interface Marshaling Library Microsoft Corporation 6.00.2900.2180
ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180
apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180
ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000
BatMeter.dll Battery Meter Helper DLL Microsoft Corporation 6.00.2900.2180
browselc.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.2180
BROWSEUI.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.3059
CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308
comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.2982
comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180
COMRes.dll Microsoft Corporation 2001.12.4414.0258
credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.2180
CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180
CRYPTUI.dll Microsoft Trust UI Provider Microsoft Corporation 5.131.2600.2180
CSCDLL.dll Offline Network Agent Microsoft Corporation 5.01.2600.2180
cscui.dll Client Side Caching UI Microsoft Corporation 5.01.2600.2180
davclnt.dll Web DAV Client DLL Microsoft Corporation 5.01.2600.2180
drprov.dll Microsoft Terminal Server Network Provider Microsoft Corporation 5.01.2600.2180
DSOUND.dll DirectSound Microsoft Corporation 5.03.2600.2180
DUSER.dll Windows DirectUser Engine Microsoft Corporation 5.01.2600.2180
explorer.exe Windows Explorer Microsoft Corporation 6.00.2900.3156
GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3159
gdiplus.dll Microsoft GDI+ Microsoft Corporation 5.01.3102.2180
ieframe.dll Internet Explorer Microsoft Corporation 7.00.6000.16544
ieframe.dll.mui Internet Explorer Microsoft Corporation 7.00.6000.16414
iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6000.16544
IMAGEHLP.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180
IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180
iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119
LINKINFO.dll Windows Volume Tracking Microsoft Corporation 5.01.2600.2751
midimap.dll Microsoft MIDI Mapper Microsoft Corporation 5.01.2600.2180
MLANG.dll Multi Language Support DLL Microsoft Corporation 6.00.2900.2180
mpr.dll Multiple Provider Router DLL Microsoft Corporation 5.01.2600.2180
MSACM32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.01.2600.2180
msacm32.drv Microsoft Sound Mapper Microsoft Corporation 5.01.2600.0000
MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180
MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.2180
msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180
MSGINA.dll Windows NT Logon GINA DLL Microsoft Corporation 5.01.2600.2180
msi.dll Windows Installer Microsoft Corporation 3.01.4000.4039
MSIMG32.dll GDIEXT Client DLL Microsoft Corporation 5.01.2600.2180
mslbui.dll LangageBar Add In Microsoft Corporation 5.01.2600.2180
MSVCP71.dll Microsoft® C++ Runtime Library Microsoft Corporation 7.10.3077.0000
MSVCR71.dll Microsoft® C Runtime Library Microsoft Corporation 7.10.3052.0004
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180
mydocs.dll My Documents Folder UI Microsoft Corporation 6.00.2900.2180
NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976
NETRAP.dll Net Remote Admin Protocol DLL Microsoft Corporation 5.01.2600.2180
NETSHELL.dll Network Connections Shell Microsoft Corporation 5.01.2600.2180
NETUI0.dll NT LM UI Common Code - GUI Classes Microsoft Corporation 5.01.2600.2180
NETUI1.dll NT LM UI Common Code - Networking classes Microsoft Corporation 5.01.2600.2180
Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.00.5441.0000
ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180
ntlanman.dll Microsoft® Lan Manager Microsoft Corporation 5.01.2600.2180
NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation 5.01.2600.2180
ntshrui.dll Shell extensions for sharing Microsoft Corporation 5.01.2600.2180
ODBC32.dll Microsoft Data Access - ODBC Driver Manager Microsoft Corporation 3.525.1117.0000
odbcint.dll Microsoft Data Access - ODBC Resources Microsoft Corporation 3.525.1117.0000
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726
OLEAUT32.dll Microsoft Corporation 5.01.2600.3139
OLEPRO32.DLL Microsoft Corporation 5.01.2600.2180
PortableDeviceApi.dll Windows Portable Device API Components Microsoft Corporation 5.02.5721.5145
PortableDeviceTypes.dll Windows Portable Device (Parameter) Types Component Microsoft Corporation 5.02.5721.5145
POWRPROF.dll Power Profile Helper DLL Microsoft Corporation 6.00.2900.2180
PSAPI.DLL Process Status Helper Microsoft Corporation 5.01.2600.2180
RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161
rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180
SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180
Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180
SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180
shdoclc.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.2900.2180
SHDOCVW.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.2900.3059
SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241
ShimEng.dll Shim Engine DLL Microsoft Corporation 5.01.2600.2180
SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.3059
SSDPAPI.dll SSDP Client API DLL Microsoft Corporation 5.01.2600.2180
stobject.dll Systray shell service object Microsoft Corporation 5.01.2600.2180
SXS.DLL Fusion 2.5 Microsoft Corporation 5.01.2600.3019
themeui.dll Windows Theme API Microsoft Corporation 6.00.2900.2180
tsappcmp.dll Terminal Services Application Compatibility DLL Microsoft Corporation 5.01.2600.0000
upnp.dll Universal Plug and Play API Microsoft Corporation 5.01.2600.2180
upnpui.dll UPNP Tray Monitor and Folder Microsoft Corporation 5.01.2600.2180
urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6000.16544
urlmon.dll.mui OLE32 Extensions for Win32 Microsoft Corporation 7.00.5730.0011
USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099
USERENV.dll Userenv Microsoft Corporation 5.01.2600.2180
UxTheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180
VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180
wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.01.2600.2180
webcheck.dll Web Site Monitor Microsoft Corporation 7.00.6000.16544
WINHTTP.dll Windows HTTP Services Microsoft Corporation 5.01.2600.2180
WININET.dll Internet Extensions for Win32 Microsoft Corporation 7.00.6000.16544
WINMM.dll MCI API DLL Microsoft Corporation 5.01.2600.2180
WINSTA.dll Winstation Library Microsoft Corporation 5.01.2600.2180
WINTRUST.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.2180
WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180
WPDShServiceObj.dll Windows Portable Device Shell Service Object Microsoft Corporation 5.02.5721.5145
WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180
WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180
WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.2180
WZCSAPI.DLL Wireless Zero Configuration service API Microsoft Corporation 5.01.2600.2180
xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180
ConnectionManager_eng.nlr Connection Manager NLR Nokia 6.81.0046.0001
PCSCM.dll PCSCM Nokia 6.81.0068.0000
PhoneBrowser.dll Phone Browser Nokia 6.81.0046.0001
PhoneBrowser_eng.nlr Nokia Phone Browser language resources Nokia 6.81.0029.0000
PhoneBrowser_Nokia.ngr Nokia Phone Browser graphics resources Nokia 6.81.0011.0000
ConnAPI.DLL Nokia Connectivity API Nokia. 6.81.0062.0000
nview.dll NVIDIA nView Desktop and Window Manager 110.60 NVIDIA Corporation 6.14.0010.11060
nvwddi.dll NVIDIA nView Display Driver Interface Lib, Version 93.71 NVIDIA Corporation 6.14.0010.9371

I have deleted the suspicious file c:\windows\mrofinu1044.exe upon seeing that it had no authentication. Also in Kaspersky I have noticed that since I have had this problem there has been countless blocks and unblocks of explorer. I added explorer to trusted apps now going to reboot.

C:\PROGRA~1\COMMON~1\SKS~1\chkdsk.exe
what's this? Was it created around the time of the other file you deleted? When was its directory created?

Looks dodgy to me.

The SVCHosts are fine and normal although there may be an underlying dodgy DLL being run.

When you've dealt with this potentially rogue chkdsk, I strongly recommend that you REPAIR windows from the windows CD. There's no accounting for windows files that have been hijacked seeing as I can't find the usual clutch of tell-tale dlls in your list (like the iifggde.dll you deleted).

I have downloaded and installed SuperAntispyware and it removed over 160 malwares. Chkdsk seems to be gone butexplorer.exe still crashes causing the desktop icons and taskbar to disappear. Significant slowing occurs too which suggests there are processes running I don't know about. Mozilla Firefox has also has a security error upon starting.

I have downloaded and installed SuperAntispyware and it removed over 160 malwares. Chkdsk seems to be gone butexplorer.exe still crashes causing the desktop icons and taskbar to disappear. Significant slowing occurs too which suggests there are processes running I don't know about. Mozilla Firefox has also has a security error upon starting.

Try creating a new user profile (as an administrator) on the computer and log in under the new user. See if you are still having the problem.

The anti-malware programs get rid (in theory) of non-active trojans etc, but not the one that's actually running and which re-spawns on boot up. There is no short route out of your predicament.

You have two method choices:

1/
The incremental (and recursive) procedure that you can glean from any post involving cruncjie in the virus forum.

2/
My own method posted tere on 3-Sep-07 (search under the mis-spelt term "Virtunonde").


You need now to be methodical and determined. The only shortcut I can think of that MIGHT work, is to Repair Windows in case that is the only problem left, which I think unlikely.

If the threat has already been removed and has left the profile corrupted, you may experience this same behavior. I have been able to repair this problem by creating a new profile and moving the documents and settings from the corrupt profile to the new one, IF the threat has already been removed.

The problem is still there unfortunately. Since then I have been getting a bad image error for explorer which mentions the file "sstqn.dll". I'm not sure what to do now but back up all my files and reload windows :(

Well, the methods I referred to in my earlier post will solve your problem. What actions have you taken?

On the other hand, as I've advised many others. cut-your-losses time is the fasted way to resolution. Do remember to toally zap your HDD.

Good luck.

I seem to have fixed of the problem of my explorer.exe crashing. I downloaded RegRun and SuperAntiSpyWare which I think did the trick. HOWEVER, since then I have had another problem of my CPU often running at 100%, sometimes taking 3-5mins to open Task Manager! Something is seriously slowing me down and I can't quite work it out.

I have noticed that I have a couple of instances of rundll32.exe running and I have read on other forums that this could be virus. If I end these processes the go away and things seem to be ok, but they come back so I suspect it is a virus.

So far I have updated all my databases, run Kaspersky to neutralise threats, dowloaded and installed SpyBlaster, DL/installed SpyBot (for some reason I didn't have it but thought I did!) and about to run Ad-aware.

I will post my HJT log after I close IE. If someone could pls have a look at it?

By the way, thanks for your kind help Suspishio. I'm not about to give up on this and reload Windows.... not just yet :)

Logfile of HijackThis v1.99.1
Scan saved at 3:42:23 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daniweb.com/forums/post474276.html#post474276
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {162C6BC2-E852-4D45-B139-E8A6737F1054} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Bytescout SWF To Video Scout - {ED67D390-1DBC-4A3A-A92E-289D4729335B} - C:\Program Files\Bytescout SWF To Video Scout\flashextract.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iifggde - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Just prior to running HJT on startup, my computer reset by itself halfway through a RegRun virus scan (twice). Something dodgy is happening. Any ideas what might be slowing my computer down??

I'm sure you have a Virtumonde infection.
---------------------------------------------------------
O2 - BHO: (no name) - {162C6BC2-E852-4D45-B139-E8A6737F1054} - (no file)

O2 - BHO: (no name) - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - (no file)
---------------------------------------------------------

Whenever you reboot, it renames/reproduces itself and none of the removal tools work fully unless they run in isolation of each other (i.e. others are unloaded when running one).

Also the current instance can't be removed while it's running.

Anyway, the below link was an end-to-end fix for Virtumonde with the same registry keys as you showed. So if you're not ready to reinstall, I guess this is your last hope:
http://www.bleepingcomputer.com/forums/topic117263-15.html

thanks mate, fingers crossed!

ComboFix 07-12-02.6 - Owner 2007-12-05 11:24:03.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.593 [GMT 11:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Common Files\sks~1
C:\Program Files\Common Files\sks~1\??sks\
C:\Program Files\sembly~1
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\WINDOWS\b128.exe.bin
C:\WINDOWS\mbols~1
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\msxml4.dll
C:\WINDOWS\system32\system\msxml4r.dll


.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


.
-------\npf



(((((((((((((((((((((((((   Files Created from 2007-11-05 to 2007-12-05  )))))))))))))))))))))))))))))))
.


2007-12-04 16:08 . 2007-12-04 16:08 <DIR>    d--------   C:\Documents and Settings\Owner\Application Data\Uniblue
2007-12-04 16:07 . 2007-12-04 16:07 <DIR>    d--------   C:\Program Files\Uniblue
2007-12-04 09:59 . 2007-12-04 11:14 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 03:19 . 2007-12-04 03:22 <DIR>    d--------   C:\Program Files\SpywareBlaster
2007-12-02 09:56 . 2007-12-02 09:56 <DIR>    d--------   C:\Program Files\GigaByte
2007-12-02 09:04 . 2007-12-05 11:02 25,773  --a------   C:\WINDOWS\system32\drivers\regguard.sys
2007-12-02 09:03 . 2007-12-02 09:03 31,170  --a------   C:\WINDOWS\system32\drivers\Partizan.sys
2007-12-02 09:03 . 2007-12-02 09:03 22,528  --a------   C:\WINDOWS\system32\Partizan.exe
2007-12-02 09:03 .  C:\WINDOWS\(2)      C:\ComboFix\winstart.bat
2007-12-02 09:02 . 2007-12-02 09:02 <DIR>    d--------   C:\Program Files\Greatis
2007-11-23 11:37 . 2007-11-23 11:37 <DIR>    d--------   C:\Documents and Settings\madKeen\Application Data\Windows Desktop Search
2007-11-23 11:35 . 2007-12-04 11:55 <DIR>    d--------   C:\Program Files\Windows Desktop Search
2007-11-23 10:11 . 2007-11-23 10:11 <DIR>    d--------   C:\Documents and Settings\madKeen\Application Data\SUPERAntiSpyware.com
2007-11-23 00:24 . 2007-11-23 00:24 <DIR>    d--------   C:\Documents and Settings\madKeen\Application Data\Logitech
2007-11-23 00:23 . 2007-11-23 00:23 <DIR>    d--------   C:\Documents and Settings\madKeen\Application Data\PC Suite
2007-11-21 10:03 . 2007-07-30 19:19 207,736 --a------   C:\WINDOWS\system32\muweb.dll
2007-11-21 02:00 . 2007-12-05 10:27 <DIR>    d--------   C:\Program Files\SUPERAntiSpyware
2007-11-21 02:00 . 2007-11-21 02:00 <DIR>    d--------   C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-11-21 02:00 . 2007-11-21 02:00 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-21 01:00 . 2007-11-21 01:00 <DIR>    d--------   C:\VundoFix Backups
2007-11-21 00:56 . 2007-11-21 00:56 6,656   --ahs----   C:\WINDOWS\system32\Thumbs.db
2007-11-20 23:53 . 2007-11-20 23:55 <DIR>    d--------   C:\ProcExp
2007-11-20 23:39 . 2007-12-05 11:20 <DIR>    d--------   C:\HiJackThis
2007-11-20 21:31 . 2007-11-20 23:36 <DIR>    d--------   C:\Program Files\HijackThis 1.99.1
2007-11-18 19:56 . 2007-12-02 08:37 139,402 --ahs----   C:\WINDOWS\system32\nqtss.ini2
2007-11-18 19:56 . 2007-12-02 08:39 137,233 --ahs----   C:\WINDOWS\system32\nqtss.ini
2007-11-14 02:49 . 2007-11-20 21:35 <DIR>    d--hs----   C:\found.001
2007-11-05 14:24 . 2007-11-05 14:24 <DIR>    d--------   C:\Program Files\ffdshow
2007-11-05 14:24 . 2006-10-02 13:44 5,120   --a------   C:\WINDOWS\system32\ff_vfw.dll
2007-11-05 14:24 . 2006-08-05 12:06 547 --a------   C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-11-05 13:53 . 2007-11-05 13:53 <DIR>    d--------   C:\WINDOWS\system32\quicktime
2007-11-05 13:53 . 2007-11-05 13:53 <DIR>    d--------   C:\Program Files\MP4 Video Player


.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 00:27    294,944 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-05 00:27    11,483,168  --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-05 00:15    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-05 00:01    28,532  --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-05 00:01    154,604 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-03 16:27    ---------   d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2007-12-03 11:12    ---------   d-----w C:\Program Files\Google
2007-12-01 21:57    ---------   d-----w C:\Program Files\TuneUp Utilities 2004
2007-11-20 23:54    ---------   d-----w C:\Program Files\mIRC
2007-11-20 14:59    ---------   d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 08:32    ---------   d-----w C:\Program Files\Vstplugins
2007-11-14 06:48    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-31 02:03    ---------   d-----w C:\Program Files\Build-A-Lot
2007-10-29 14:22    ---------   d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2007-10-29 14:16    ---------   d-----w C:\Program Files\Yahoo! Games
2007-10-29 05:55    ---------   d-----w C:\Documents and Settings\Owner\Application Data\U3
2007-10-24 15:10    ---------   d-----w C:\Program Files\PokerRoom.com
2007-10-24 14:19    ---------   d-----w C:\Program Files\iTunes
2007-10-24 14:19    ---------   d-----w C:\Program Files\iPod
2007-10-24 06:18    ---------   d-----w C:\Program Files\Soulseek
2007-10-24 03:38    ---------   d-----w C:\Program Files\YourWare Solutions
2007-10-24 02:32    ---------   d-----w C:\Program Files\SpeedFan
2007-10-23 10:31    ---------   d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-20 11:24    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-16 06:04    ---------   d-----w C:\Program Files\Native Instruments
2007-10-14 19:57    ---------   d-----w C:\Program Files\uTorrent
2007-10-14 11:42    ---------   d-----w C:\Documents and Settings\Owner\Application Data\Bytescout SWF To Video Scout
2007-10-14 11:31    ---------   d-----w C:\Program Files\Bytescout SWF To Video Scout
2007-10-12 09:15    ---------   d-----w C:\Program Files\SourceTec
2007-10-12 09:15    ---------   d-----w C:\Program Files\Common Files\SourceTec
2007-10-11 01:01    ---------   d-----w C:\Program Files\Lavasoft
2007-10-10 17:26    82,061  ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-10-10 17:26    81,549  ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-10-10 15:57    ---------   d-----w C:\Program Files\MSBuild
2007-10-08 03:40    ---------   d-----w C:\Program Files\Kaspersky Lab
2007-10-06 08:01    ---------   d-----w C:\Program Files\MagicISO
2007-09-17 18:23    823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23    823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22    802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-16 07:06    86,823  ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_09_16_15_42_14_small.dmp.zip
2007-09-16 07:06    80,820  ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_09_16_15_43_39_small.dmp.zip
2007-09-11 23:14    156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-11 03:35    23,620,680  ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_10_21_45_39_full.dmp.zip
2007-08-27 00:20    18,605,072  ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_26_20_54_16_full.dmp.zip
2007-08-27 00:20    132,946 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_26_20_48_59_small.dmp.zip
2007-04-12 08:17    76,952  ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_04_12_15_31_31_small.dmp.zip
2007-04-12 08:17    70,487  ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_04_12_15_31_23_small.dmp.zip
2006-11-27 12:46    1,024   -c--a-w C:\Documents and Settings\CDRWIN3\Cdrwin.dat
2000-11-30 13:00    970,752 -c--a-w C:\Documents and Settings\CDRWIN3\Cdrwin.exe
2000-11-30 13:00    82,864  -c--a-w C:\Documents and Settings\CDRWIN3\Cleanup.exe
2007-08-20 01:00    88  --sha-r C:\WINDOWS\system32\CA05B2109A.sys
.


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{162C6BC2-E852-4D45-B139-E8A6737F1054}]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 23:00 C:\WINDOWS\system32\rundll32.exe]


C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-07-04 07:17:35]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-08-29 11:40:23]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2005-05-12 08:33:09]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)


[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifggde]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdate]
C:\Program Files\Serials3k\s3k_autoupdate.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=2 (0x2)
"ose"=3 (0x3)
"NNSvc"=2 (0x2)
"iPodService"=3 (0x3)
"Autodesk Licensing Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
"USIUDF_Eject_Monitor"=C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime


R0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter;C:\WINDOWS\system32\Drivers\LUsbKbd.Sys
R3 RegGuard;RegGuard;\??\C:\WINDOWS\system32\Drivers\regguard.sys
S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys
S3 pohci13F;pohci13F;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\pohci13F.sys
S3 z10xbus;Sony Ericsson driver (WDM);C:\WINDOWS\system32\DRIVERS\z10xbus.sys
S3 z10xmdfl;Sony Ericsson USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z10xmdfl.sys
S3 z10xmdm;Sony Ericsson USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z10xmdm.sys
S3 z10xmgmt;Sony Ericsson USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z10xmgmt.sys
S3 z10xobex;Sony Ericsson USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z10xobex.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\AutoRun.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{146758a5-6b94-11da-ba05-000fb5dccb6b}]
\Shell\AutoRun\command - I:\AutoRun.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3e76f6-de91-11db-bc6c-0011d83b2e9c}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3e76f7-de91-11db-bc6c-0011d83b2e9c}]
\Shell\AutoRun\command - H:\MntDrCore.exe
\Shell\Open\command - H:\MntDrCore.exe
\Shell\Open With...\command - H:\MntDrCore.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2459e6c-7772-11db-bbca-0011d83b2e9c}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6c67fd5-33a7-11dc-bd07-0011d83b2e9c}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe9bb20f-7efa-11dc-bdaa-101111111111}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe


.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 06:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
"2007-12-04 00:40:33 C:\WINDOWS\Tasks\1button.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2007-11-21 11:56:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************


catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 11:27:14
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************
.
Completion time: 2007-12-05 11:28:50
.
--- E O F ---

2nd stage of ComboFix

ComboFix 07-12-02.6 - Owner 2007-12-05 11:55:27.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.616 [GMT 11:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point


FILE
C:\WINDOWS\system32\mcrh.tmp
.


(((((((((((((((((((((((((   Files Created from 2007-11-05 to 2007-12-05  )))))))))))))))))))))))))))))))
.


2007-12-04 16:08 . 2007-12-04 16:08 <DIR>    d--------   C:\Documents and Settings\Owner\Application Data\Uniblue
2007-12-04 16:07 . 2007-12-04 16:07 <DIR>    d--------   C:\Program Files\Uniblue
2007-12-04 09:59 . 2007-12-04 11:14 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 03:19 . 2007-12-04 03:22 <DIR>    d--------   C:\Program Files\SpywareBlaster
2007-12-02 09:56 . 2007-12-02 09:56 <DIR>    d--------   C:\Program Files\GigaByte
2007-12-02 09:04 . 2007-12-05 11:35 25,773  --a------   C:\WINDOWS\system32\drivers\regguard.sys
2007-12-02 09:03 . 2007-12-02 09:03 31,170  --a------   C:\WINDOWS\system32\drivers\Partizan.sys
2007-12-02 09:03 . 2007-12-02 09:03 22,528  --a------   C:\WINDOWS\system32\Partizan.exe
2007-12-02 09:03 .  C:\WINDOWS\(2)      C:\ComboFix\winstart.bat
2007-12-02 09:02 . 2007-12-02 09:02 <DIR>    d--------   C:\Program Files\Greatis
2007-11-23 11:37 . 2007-11-23 11:37 <DIR>    d--------   C:\Documents and Settings\madKeen\Application Data\Windows Desktop Search
2007-11-23 11:35 . 2007-12-04 11:55 <DIR>    d--------   C:\Program Files\Windows Desktop Search
2007-11-23 10:11 . 2007-11-23 10:11 <DIR>    d--------   C:\Documents and Settings\madKeen\Application Data\SUPERAntiSpyware.com
2007-11-23 00:24 . 2007-11-23 00:24 <DIR>    d--------   C:\Documents and Settings\madKeen\Application Data\Logitech
2007-11-23 00:23 . 2007-11-23 00:23 <DIR>    d--------   C:\Documents and Settings\madKeen\Application Data\PC Suite
2007-11-21 10:03 . 2007-07-30 19:19 207,736 --a------   C:\WINDOWS\system32\muweb.dll
2007-11-21 02:00 . 2007-12-05 10:27 <DIR>    d--------   C:\Program Files\SUPERAntiSpyware
2007-11-21 02:00 . 2007-11-21 02:00 <DIR>    d--------   C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-11-21 02:00 . 2007-11-21 02:00 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-21 01:00 . 2007-11-21 01:00 <DIR>    d--------   C:\VundoFix Backups
2007-11-21 00:56 . 2007-11-21 00:56 6,656   --ahs----   C:\WINDOWS\system32\Thumbs.db
2007-11-20 23:53 . 2007-11-20 23:55 <DIR>    d--------   C:\ProcExp
2007-11-20 23:39 . 2007-12-05 11:51 <DIR>    d--------   C:\HiJackThis
2007-11-20 21:31 . 2007-11-20 23:36 <DIR>    d--------   C:\Program Files\HijackThis 1.99.1
2007-11-18 19:56 . 2007-12-02 08:37 139,402 --ahs----   C:\WINDOWS\system32\nqtss.ini2
2007-11-18 19:56 . 2007-12-02 08:39 137,233 --ahs----   C:\WINDOWS\system32\nqtss.ini
2007-11-14 02:49 . 2007-11-20 21:35 <DIR>    d--hs----   C:\found.001
2007-11-05 14:24 . 2007-11-05 14:24 <DIR>    d--------   C:\Program Files\ffdshow
2007-11-05 14:24 . 2006-10-02 13:44 5,120   --a------   C:\WINDOWS\system32\ff_vfw.dll
2007-11-05 14:24 . 2006-08-05 12:06 547 --a------   C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-11-05 13:53 . 2007-11-05 13:53 <DIR>    d--------   C:\WINDOWS\system32\quicktime
2007-11-05 13:53 . 2007-11-05 13:53 <DIR>    d--------   C:\Program Files\MP4 Video Player


.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 01:00    297,248 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-05 00:59    11,517,216  --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-05 00:37    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-05 00:33    28,748  --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-05 00:33    154,988 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-03 16:27    ---------   d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2007-12-03 11:12    ---------   d-----w C:\Program Files\Google
2007-12-01 21:57    ---------   d-----w C:\Program Files\TuneUp Utilities 2004
2007-11-20 23:54    ---------   d-----w C:\Program Files\mIRC
2007-11-20 14:59    ---------   d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 08:32    ---------   d-----w C:\Program Files\Vstplugins
2007-11-14 06:48    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-31 02:03    ---------   d-----w C:\Program Files\Build-A-Lot
2007-10-29 14:22    ---------   d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2007-10-29 14:16    ---------   d-----w C:\Program Files\Yahoo! Games
2007-10-29 05:55    ---------   d-----w C:\Documents and Settings\Owner\Application Data\U3
2007-10-24 15:10    ---------   d-----w C:\Program Files\PokerRoom.com
2007-10-24 14:19    ---------   d-----w C:\Program Files\iTunes
2007-10-24 14:19    ---------   d-----w C:\Program Files\iPod
2007-10-24 06:18    ---------   d-----w C:\Program Files\Soulseek
2007-10-24 03:38    ---------   d-----w C:\Program Files\YourWare Solutions
2007-10-24 02:32    ---------   d-----w C:\Program Files\SpeedFan
2007-10-23 10:31    ---------   d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-20 11:24    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-16 06:04    ---------   d-----w C:\Program Files\Native Instruments
2007-10-14 19:57    ---------   d-----w C:\Program Files\uTorrent
2007-10-14 11:42    ---------   d-----w C:\Documents and Settings\Owner\Application Data\Bytescout SWF To Video Scout
2007-10-14 11:31    ---------   d-----w C:\Program Files\Bytescout SWF To Video Scout
2007-10-12 09:15    ---------   d-----w C:\Program Files\SourceTec
2007-10-12 09:15    ---------   d-----w C:\Program Files\Common Files\SourceTec
2007-10-11 01:01    ---------   d-----w C:\Program Files\Lavasoft
2007-10-10 17:26    82,061  ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-10-10 17:26    81,549  ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-10-10 15:57    ---------   d-----w C:\Program Files\MSBuild
2007-10-08 03:40    ---------   d-----w C:\Program Files\Kaspersky Lab
2007-10-06 08:01    ---------   d-----w C:\Program Files\MagicISO
2007-09-17 18:23    823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23    823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22    802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-16 07:06    86,823  ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_09_16_15_42_14_small.dmp.zip
2007-09-16 07:06    80,820  ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_09_16_15_43_39_small.dmp.zip
2007-09-11 23:14    156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-11 03:35    23,620,680  ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_10_21_45_39_full.dmp.zip
2007-08-27 00:20    18,605,072  ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_26_20_54_16_full.dmp.zip
2007-08-27 00:20    132,946 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_26_20_48_59_small.dmp.zip
2007-04-12 08:17    76,952  ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_04_12_15_31_31_small.dmp.zip
2007-04-12 08:17    70,487  ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_04_12_15_31_23_small.dmp.zip
2006-11-27 12:46    1,024   -c--a-w C:\Documents and Settings\CDRWIN3\Cdrwin.dat
2000-11-30 13:00    970,752 -c--a-w C:\Documents and Settings\CDRWIN3\Cdrwin.exe
2000-11-30 13:00    82,864  -c--a-w C:\Documents and Settings\CDRWIN3\Cleanup.exe
2007-08-20 01:00    88  --sha-r C:\WINDOWS\system32\CA05B2109A.sys
.


(((((((((((((((((((((((((((((   snapshot@2007-12-05_11.27.45.04   )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-05 00:06:43   67,220  ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-05 00:38:31   67,220  ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-05 00:06:43   430,496 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-05 00:38:31   430,496 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-05 00:02:35   14,090  ----a-w C:\WINDOWS\system32\tablet.dat
+ 2007-12-05 00:34:32   14,090  ----a-w C:\WINDOWS\system32\tablet.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{162C6BC2-E852-4D45-B139-E8A6737F1054}]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 23:00 C:\WINDOWS\system32\rundll32.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-05-19 23:36]


C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-07-04 07:17:35]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-08-29 11:40:23]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2005-05-12 08:33:09]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)


[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifggde]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdate]
C:\Program Files\Serials3k\s3k_autoupdate.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=2 (0x2)
"ose"=3 (0x3)
"NNSvc"=2 (0x2)
"iPodService"=3 (0x3)
"Autodesk Licensing Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
"USIUDF_Eject_Monitor"=C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime


R0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter;C:\WINDOWS\system32\Drivers\LUsbKbd.Sys
R3 RegGuard;RegGuard;\??\C:\WINDOWS\system32\Drivers\regguard.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys
S3 pohci13F;pohci13F;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\pohci13F.sys
S3 z10xbus;Sony Ericsson driver (WDM);C:\WINDOWS\system32\DRIVERS\z10xbus.sys
S3 z10xmdfl;Sony Ericsson USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z10xmdfl.sys
S3 z10xmdm;Sony Ericsson USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z10xmdm.sys
S3 z10xmgmt;Sony Ericsson USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z10xmgmt.sys
S3 z10xobex;Sony Ericsson USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z10xobex.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\AutoRun.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{146758a5-6b94-11da-ba05-000fb5dccb6b}]
\Shell\AutoRun\command - I:\AutoRun.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3e76f6-de91-11db-bc6c-0011d83b2e9c}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3e76f7-de91-11db-bc6c-0011d83b2e9c}]
\Shell\AutoRun\command - H:\MntDrCore.exe
\Shell\Open\command - H:\MntDrCore.exe
\Shell\Open With...\command - H:\MntDrCore.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2459e6c-7772-11db-bbca-0011d83b2e9c}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6c67fd5-33a7-11dc-bd07-0011d83b2e9c}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe9bb20f-7efa-11dc-bdaa-101111111111}]
\Shell\AutoRun\command - MntDrCore.exe
\Shell\Open\command - MntDrCore.exe
\Shell\Open With...\command - MntDrCore.exe


.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 06:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
"2007-12-05 00:40:00 C:\WINDOWS\Tasks\1button.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2007-11-21 11:56:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************


catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 12:00:22
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************
.
Completion time: 2007-12-05 12:01:52
C:\ComboFix2.txt ... 2007-12-05 11:28
.
--- E O F ---



Logfile of HijackThis v1.99.1
Scan saved at 12:06:49 PM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HiJackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daniweb.com/forums/thread97627-2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {162C6BC2-E852-4D45-B139-E8A6737F1054} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Bytescout SWF To Video Scout - {ED67D390-1DBC-4A3A-A92E-289D4729335B} - C:\Program Files\Bytescout SWF To Video Scout\flashextract.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iifggde - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Uninstall List

Ableton Live v5.0.3
Active Security Monitor 2.0.0.18
Ad-Aware 2007
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Extension Manager CS3
Adobe Extension Manager CS3
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Setup
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Advanced WindowsCare 2.55 Personal
Apple Mobile Device Support
Apple Software Update
BlueSoleil
Build-a-lot (remove only)
Bytescout SWF To Video Scout
Corel Painter X
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
ERUNT 1.1j
e-tax 2007
EZ MPEG TO AVI Converter 1.00
ffdshow [rev 610] [2006-12-01]
GIGABYTE VGA Utility Manager
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iTunes
Kaspersky Anti-Virus 7.0
Kaspersky Anti-Virus 7.0
Magic ISO Maker v5.4 (build 0251)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.9)
MP4 Video Player
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
N.I. Reaktor v5.1.1
Native Instruments Absynth 4
Native Instruments Electronic Instruments 2 XT
Native Instruments Massive
Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia Map Loader
Nokia MTP driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia Software Launcher
Nokia Software Updater
Notepad++
NVIDIA Drivers
Open Video Converter version 3.0.3
Play89
QuickTime
RegRun Security Suite Pro
Rosoft Audio Recorder, Sponsored Edition, Release, 4.1.5
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Sothink SWF Decompiler
Spybot - Search & Destroy
SpywareBlaster v3.5.1
SUPERAntiSpyware Free Edition
SWiSHmax
Symbian Developer Certificate Request
System Requirements Lab
Tablet
Uniblue RegistryBooster 2
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB933493)
Update for Outlook 2007 Junk Email Filter (kb943559)
Update for Windows XP (KB904942)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Word 2007 (KB934173)
VPN Client
Winamp (remove only)
Windows Communication Foundation
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Mail desktop
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation

Those BHO entries are still there. There were some other tools used in that link I gave you.

I stand by my original advice that a data stream, disk wipe and reinstall is the best way given how many days it's taken us so far!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.