Hi, I think my computer has some problrms.
I have something trying to change my home page when I start IE. More often than not it takes two ir three attempts before IE finally starts.
I also get spurious e mails returned which couldn't be sent, the problem is I never sent any of them.
There are a few other problems like my pc grinds to a halt.
I know I have bearshare which is suspect but I've had it a while with no problems.
I;ve ran adaware which removed stuff but spybot just crashes.
here's hjt log.
Please help if you can.

Logfile of HijackThis v1.99.1
Scan saved at 13:33:38, on 19/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\taskmgr.exe
C:\hjt\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: FreecycleMemberBHO - {C3E5E149-27B7-49D1-8420-B02AC52AF663} - C:\Program Files\Freecycle\FreecycleMember.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll (file missing)
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ZagrebLand] C:\DOCUME~1\Ronnie\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [uvc7jk640c] C:\WINDOWS\msa.exe
O4 - HKCU\..\Run: [WAB] C:\Documents and Settings\Ronnie\Application Data\Macromedia\Common\8506002619.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.8.05.cab
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\Ronnie\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Ronnie\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Recommended Answers

All 43 Replies

Hi, I think my computer has some problrms.
Please help if you can.

You've got some baddies.

-- Please delete your current HJT. It is outdated. No need for new version at this time.

-- Please post the scanlogs requested in the linky below and I or one of the other volunteers will have a look as time permits.

http://www.daniweb.com/forums/thread134865.html

Things are a bit hectic this time of year, so responses may be a bit slow.

PP:)

Hi thanks for your help.
I'm working my way through your suggestions.
I'll get back as
Cheers
Ronnie

Hi thanks for your help.
I'm working my way through your suggestions.

Allrightythen!

PP:)

I hope this is what you are looking for. Regards
Ronnie

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

22/12/2009 10:35:58
mbam-log-2009-12-22 (10-35-58).txt

Scan type: Quick Scan
Objects scanned: 21681
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16791 (vista_gdr.081217-1620)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=696225a78ba6cf41902dafa4c10469e8
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-21 12:19:17
# local_time=2009-12-21 12:19:17 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=3586 16764889 100 89 12183 264697567 0 0
# compatibility_mode=8192 67108863 100 0 3735 3735 0 0
# scanned=72187
# found=1
# cleaned=0
# scan_time=3321
C:\Documents and Settings\Ronnie\Desktop\LimeWire Downloads\ready for the weekend [new album].au a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=7.00.6000.16791 (vista_gdr.081217-1620)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=696225a78ba6cf41902dafa4c10469e8
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-22 12:18:30
# local_time=2009-12-22 12:18:30 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=3586 16764889 100 89 4859 264781363 0 0
# compatibility_mode=8192 67108863 100 0 87531 87531 0 0
# scanned=128255
# found=16
# cleaned=0
# scan_time=5879
C:\Documents and Settings\Ronnie\Desktop\LimeWire Downloads\ready for the weekend [new album].au a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe multiple threats 00000000000000000000000000000000 I
C:\Program Files\Orange\setup\Orange_icons.EXE Win32/Adware.BHO.MegaSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{82B8AF80-9ABC-4FBD-AC5A-2CF4AD5767EA}\RP137\A0118302.exe a variant of Win32/Riern.B trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{82B8AF80-9ABC-4FBD-AC5A-2CF4AD5767EA}\RP137\A0119302.exe a variant of Win32/Riern.B trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{82B8AF80-9ABC-4FBD-AC5A-2CF4AD5767EA}\RP137\A0119316.exe a variant of Win32/Kryptik.BIC trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{82B8AF80-9ABC-4FBD-AC5A-2CF4AD5767EA}\RP137\A0119321.exe a variant of Win32/Riern.B trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{82B8AF80-9ABC-4FBD-AC5A-2CF4AD5767EA}\RP137\A0119370.exe a variant of Win32/Riern.B trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{82B8AF80-9ABC-4FBD-AC5A-2CF4AD5767EA}\RP137\A0120369.exe a variant of Win32/Riern.B trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{82B8AF80-9ABC-4FBD-AC5A-2CF4AD5767EA}\RP137\A0121369.exe a variant of Win32/Riern.B trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{82B8AF80-9ABC-4FBD-AC5A-2CF4AD5767EA}\RP137\A0121453.exe a variant of Win32/Riern.B trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{82B8AF80-9ABC-4FBD-AC5A-2CF4AD5767EA}\RP137\A0121459.exe a variant of Win32/Riern.B trojan 00000000000000000000000000000000 I
C:\My Downloads\wuthering heights kate bush.wma WMA/TrojanDownloader.Wimad.N trojan 00000000000000000000000000000000 I
C:\My Downloads\wuthering heights kate bush(1).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\My Downloads\avril lavigne dont tell me.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\My Downloads\pink please dont leave me remix.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 21/02/2007 12:11:16
System Uptime: 22/12/2009 10:07:25 (2 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6340(VT8363)
Processor: AMD Athlon(tm) XP 2000+ | Slot A | 1666/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 73 GiB total, 14.741 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 149 GiB total, 140.068 GiB free.
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP133: 02/10/2009 10:32:19 - Configured OLYMPUS Master
RP134: 02/10/2009 10:40:34 - Removed Samsung Master
RP135: 09/10/2009 21:47:09 - Installed Microsoft Office 2000 Premium
RP136: 09/10/2009 21:54:01 - Installed Microsoft Office Web Components
RP137: 01/11/2009 14:38:16 - Installed DirectX
RP138: 22/12/2009 09:13:41 - Removed eBay Desktop

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop 6.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 9
Adobe Shockwave Player
Adobe SVG Viewer 2.0
Apple Mobile Device Support
Apple Software Update
Applet_App
Applet_Copy
Applet_Creativity
Applet_Email
Applet_Epp
Applet_File
Applet_OCR
Applet_Web
BBC iPlayer Download Manager
BearShare
Bejeweled 1.23
Bonjour
ccCommon
CloneCD
CopyToDVD
Critical Update for Windows Media Player 11 (KB959772)
Design Studio for Kids
Disc2Phone
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EPSON Photo Print
EPSON PhotoQuicker3.0
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN 5
ESET Online Scanner v3
Freecycle Internet Explorer Plugin
Google Earth
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
hp deskjet 5100
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
Icatch(IV) Camera Driver
Image Resizer Powertoy for Windows XP
Internet Worm Protection
iPIX ActiveX Viewer
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment Standard Edition v1.3.1_11
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Messenger Plus! 3
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Web Components
Microsoft Search Enhancement Pack
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Windows Journal Viewer
MN100 Digital Camera
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NAVShortcut
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Ghost
Norton Protection Center
Norton Security Scan
Norton Security Scan (Symantec Corporation)
Norton WMI Update
OneCare Advisor (Windows Live Toolbar)
OpenOffice.org Installer 1.0
Orange Search Toolbar
Popup Blocker (Windows Live Toolbar)
PowerDVD
QuickTime
RealPlayer
SafeCast Shared Components
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Samsung USB Driver
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Segoe UI
Smart Menus (Windows Live Toolbar)
Sony Ericsson PC Suite
SPBBC
Symantec
Symantec KB-DocID:2003093015493306
SymNet
Ulead Photo Express 3.0 SE
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoEgg Publisher
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
ViviCam 3695B
Wanadoo Search Toolbar
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip
XP Codec Pack
Yahoo! Address AutoComplete
Yahoo! Internet Mail
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

22/12/2009 09:32:00, error: Service Control Manager [7034] - The Automatic LiveUpdate Scheduler service terminated unexpectedly. It has done this 1 time(s).
20/12/2009 16:06:53, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
20/12/2009 15:48:39, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ewido security suite control service to connect.
20/12/2009 15:48:39, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
20/12/2009 15:48:39, error: Service Control Manager [7000] - The OrangeWare USB Enhanced Host Controller Service service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
20/12/2009 15:48:39, error: Service Control Manager [7000] - The hpdj service failed to start due to the following error: The system cannot find the file specified.
20/12/2009 15:48:39, error: Service Control Manager [7000] - The Dual Mode Video Camera Device service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
20/12/2009 15:09:59, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
20/12/2009 15:09:59, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/12/2009 13:41:14, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 2 time(s).
20/12/2009 13:35:48, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
20/12/2009 13:35:42, error: Service Control Manager [7034] - The GhostStartService service terminated unexpectedly. It has done this 1 time(s).
20/12/2009 13:35:30, error: Service Control Manager [7034] - The Symantec Network Drivers Service service terminated unexpectedly. It has done this 1 time(s).
20/12/2009 13:35:25, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
20/12/2009 13:35:11, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
20/12/2009 13:35:07, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
20/12/2009 13:34:45, error: Service Control Manager [7034] - The KService service terminated unexpectedly. It has done this 1 time(s).
20/12/2009 13:34:38, error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
19/12/2009 14:10:41, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19/12/2009 14:10:39, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
19/12/2009 14:10:30, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
19/12/2009 14:05:34, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
16/12/2009 16:40:48, error: Print [19] - Sharing printer failed + 1722, Printer hp deskjet 5100 series share name Printer.

==== End Of File ===========================

DDS (Ver_09-12-01.01) - FAT32x86
Run by Ronnie at 12:52:31.51 on 22/12/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.479.161 [GMT 0:00]

AV: Norton AntiVirus 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Ronnie\Local Settings\Temporary Internet Files\Content.IE5\UB3P2VX3\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer provided by Orange UK
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
mDefault_Page_URL = hxxp://www.wanadoo.co.uk
mStart Page = hxxp://uk.yahoo.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\program files\bearshare applications\bearshare\BearShareIEHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: FreecycleMemberBHO Class: {c3e5e149-27b7-49d1-8420-b02ac52af663} - c:\program files\freecycle\FreecycleMember.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\progra~1\wanadoo\wsbar\WSBar.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Orange: {4e7bd74f-2b8d-469e-a1fb-f862b587b57d} - c:\progra~1\orange3\orange3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2D8D4E2C-4FF9-4ECE-869F-04B3CB7AFD13} - No File
TB: SuperBar: {f0c320cd-9888-4bea-b895-0390c2f00a51} - c:\program files\_superbar\_SUPERBAR.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ZagrebLand] c:\docume~1\ronnie\locals~1\temp\b.exe
uRun: [uvc7jk640c] c:\windows\msa.exe
uRun: [rundll32.exe]
uRun: [WAB] c:\documents and settings\ronnie\application data\macromedia\common\8506002619.exe
mRun: [SUPASTATUS] c:\program files\internet explorer\connection wizard\status.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
mRun: [NAV Agent] c:\progra~1\norton~1\navapw32.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd.exe
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [rundll32.exe]
dRun: [WAB] c:\documents and settings\ronnie\application data\macromedia\common\8506002619.exe
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Yahoo! Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: orange search - file://c:\program files\orange3\cache\SelectedContextSearch.htm
IE: Search with Wanadoo - c:\progra~1\wanadoo\wsbar\WSBar.dll/VSearch.htm
IE: Yahoo! &Dictionary
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} - file://c:\documents and settings\ronnie\local settings\temp\~dlfntmp0\imgSizer.ocx
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38010.1946064815
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido\security suite\shellhook.dll
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-14 64160]
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2003-5-28 5632]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2005-8-26 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-9-17 191848]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-9-17 169320]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2005-9-24 139888]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-1 1251720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-2 102712]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070124.024\NAVENG.Sys [2007-1-24 80472]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070124.024\NavEx15.Sys [2007-1-24 852280]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2005-8-26 334984]
S1 ewido security suite driver;ewido security suite driver;\??\c:\program files\ewido\security suite\guard.sys --> c:\program files\ewido\security suite\guard.sys [?]
S2 Ca533av;Dual Mode Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2004-12-30 515803]
S2 ewido security suite control;ewido security suite control;c:\program files\ewido\security suite\ewidoctrl.exe [2004-11-12 16448]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2006-1-9 44928]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1028432]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2006-1-9 55936]
S3 SAVScan;Symantec AVScan;c:\program files\norton antivirus\SAVScan.exe [2005-8-26 198368]
S4 ewido security suite guard;ewido security suite guard;c:\program files\ewido\security suite\ewidoguard.exe --> c:\program files\ewido\security suite\ewidoguard.exe [?]

=============== Created Last 30 ================

2009-12-21 11:21:42 0 d-----w- c:\program files\ESET
2009-12-20 18:57:12 0 d-----w- c:\docume~1\ronnie\applic~1\Malwarebytes
2009-12-20 18:57:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-20 18:56:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-20 18:56:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-20 18:56:55 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-19 13:58:40 0 d-sh--w- C:\FOUND.068
2009-12-19 13:24:51 0 d-----w- C:\My Shared Folder
2009-12-18 12:11:58 36 ----a-w- c:\windows\rasqervy.dll
2009-12-18 12:11:45 8 ----a-w- c:\windows\sdfinacs.dll
2009-12-18 12:10:32 5 ----a-w- c:\windows\sdfixwcs.dll
2009-12-17 19:43:01 106 ----a-w- c:\windows\wuasirvy.dll
2009-12-17 19:43:01 105472 ----a-w- c:\windows\msacm32.drv
2009-12-17 12:10:54 0 d-sh--w- C:\FOUND.067

==================== Find3M ====================

2009-12-19 11:12:32 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-11 18:19:02 74080 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2006-09-07 19:21:42 278528 ----a-w- c:\program files\common files\FDEUnInstaller.exe
2004-02-29 22:40:46 9216 --sha-w- c:\program files\common files\Thumbs.db

============= FINISH: 12:53:53.07 ===============

I hope this is what you are looking for.

That'll work :)

To start, please go into Add / Remove Programs and Uninstall these:

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment Standard Edition v1.3.1_11
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1

Messenger Plus! 3
Messenger Plus! Live

Then, please go to http://www.java.com/en/ to download and install the latest version of Java.

--- Has your Norton AV Subscription lapsed? You'll need up to date AV.....

If you already have Combofix on your machine, DELETE it.

Then follow the instructions in the link below to download a fresh copy of Combofix and run it:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Be sure to install Recovery Console (if you are able to do so) and disable any other security programs or Anti-Virus programs as per the linky before running Combofix!

Please post the combofix log for me.

Will check back as time permits.

Cheers :)
PP

Hi, thanks for your time.
Here's the log you requested
Cheers,
Ronnie.

ComboFix 09-12-22.03 - Ronnie 23/12/2009 11:15:00.1.1 - FAT32x86
Running from: c:\documents and settings\Ronnie\Desktop\ComboFix.exe
AV: Norton AntiVirus 2006 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\msacm32.drv
c:\windows\patch.exe
c:\windows\rasqervy.dll
c:\windows\sdfinacs.dll
c:\windows\sdfixwcs.dll
c:\windows\system32\_000229_.tmp.dll
c:\windows\system32\_004352_.tmp.dll
c:\windows\system32\_004353_.tmp.dll
c:\windows\system32\_004354_.tmp.dll
c:\windows\system32\_004355_.tmp.dll
c:\windows\system32\_004362_.tmp.dll
c:\windows\system32\_004363_.tmp.dll
c:\windows\system32\_004364_.tmp.dll
c:\windows\system32\_004365_.tmp.dll
c:\windows\system32\_004366_.tmp.dll
c:\windows\system32\_004367_.tmp.dll
c:\windows\system32\_004368_.tmp.dll
c:\windows\system32\_004369_.tmp.dll
c:\windows\system32\_004370_.tmp.dll
c:\windows\system32\_004371_.tmp.dll
c:\windows\system32\_004372_.tmp.dll
c:\windows\system32\_004373_.tmp.dll
c:\windows\system32\_004374_.tmp.dll
c:\windows\system32\_004375_.tmp.dll
c:\windows\system32\_004376_.tmp.dll
c:\windows\system32\_004378_.tmp.dll
c:\windows\system32\_004381_.tmp.dll
c:\windows\system32\_004382_.tmp.dll
c:\windows\system32\_004386_.tmp.dll
c:\windows\system32\_004387_.tmp.dll
c:\windows\system32\_004388_.tmp.dll
c:\windows\system32\_004389_.tmp.dll
c:\windows\system32\_004390_.tmp.dll
c:\windows\system32\_004391_.tmp.dll
c:\windows\system32\_004392_.tmp.dll
c:\windows\system32\_004394_.tmp.dll
c:\windows\system32\_004395_.tmp.dll
c:\windows\system32\_004396_.tmp.dll
c:\windows\system32\_004397_.tmp.dll
c:\windows\system32\_004398_.tmp.dll
c:\windows\system32\_004399_.tmp.dll
c:\windows\system32\_004400_.tmp.dll
c:\windows\system32\_004401_.tmp.dll
c:\windows\system32\_004402_.tmp.dll
c:\windows\system32\_004403_.tmp.dll
c:\windows\system32\_004404_.tmp.dll
c:\windows\system32\_004405_.tmp.dll
c:\windows\system32\_004408_.tmp.dll
c:\windows\system32\_004409_.tmp.dll
c:\windows\system32\_004410_.tmp.dll
c:\windows\system32\_004412_.tmp.dll
c:\windows\system32\_004413_.tmp.dll
c:\windows\system32\_004414_.tmp.dll
c:\windows\system32\_004415_.tmp.dll
c:\windows\system32\_004416_.tmp.dll
c:\windows\system32\_004418_.tmp.dll
c:\windows\system32\_004421_.tmp.dll
c:\windows\system32\_004422_.tmp.dll
c:\windows\system32\_004426_.tmp.dll
c:\windows\system32\_004427_.tmp.dll
c:\windows\system32\_004429_.tmp.dll
c:\windows\system32\_004432_.tmp.dll
c:\windows\system32\_004434_.tmp.dll
c:\windows\system32\_004435_.tmp.dll
c:\windows\system32\_004436_.tmp.dll
c:\windows\system32\_004437_.tmp.dll
c:\windows\system32\_004440_.tmp.dll
c:\windows\system32\_004441_.tmp.dll
c:\windows\system32\_004442_.tmp.dll
c:\windows\system32\_004443_.tmp.dll
c:\windows\system32\_004444_.tmp.dll
c:\windows\system32\_004449_.tmp.dll
c:\windows\system32\_004451_.tmp.dll
c:\windows\system32\_004452_.tmp.dll
c:\windows\system32\open.ico
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
c:\windows\tmlpcert2005
c:\windows\wuasirvy.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2009-11-23 to 2009-12-23 )))))))))))))))))))))))))))))))
.

2009-12-21 11:21 . 2009-12-21 11:21 -------- d-----w- c:\program files\ESET
2009-12-20 18:57 . 2009-12-20 18:57 -------- d-----w- c:\documents and settings\Ronnie\Application Data\Malwarebytes
2009-12-20 18:57 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-20 18:56 . 2009-12-20 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-20 18:56 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-20 18:56 . 2009-12-20 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-19 13:58 . 2009-12-19 13:58 -------- d-----w- C:\FOUND.068
2009-12-19 13:24 . 2009-12-19 13:24 -------- d-----w- C:\My Shared Folder
2009-12-17 12:10 . 2009-12-17 12:10 -------- d-----w- C:\FOUND.067

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 10:42 . 2008-12-20 10:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-23 10:42 . 2009-12-23 10:42 152576 ----a-w- c:\documents and settings\Ronnie\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-23 10:41 . 2009-12-23 10:41 79488 ----a-w- c:\documents and settings\Ronnie\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-22 23:56 . 2009-12-17 19:41 24576 ----a-w- c:\documents and settings\Ronnie\Application Data\Macromedia\Common\8506002619.exe
2009-12-22 18:02 . 2009-12-17 19:41 103412 ----a-w- c:\documents and settings\Ronnie\Application Data\Macromedia\Common\850600261.dll
2009-12-22 16:34 . 2009-12-22 16:34 24576 ----a-w- c:\documents and settings\NetworkService\Application Data\Macromedia\Common\8506002619.exe
2009-10-11 18:19 . 2002-09-05 16:35 74080 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-09 21:50 . 2002-04-24 16:55 5058 ----a-w- c:\windows\Help\hhcolreg.dat
2006-09-07 19:21 . 2006-09-07 19:21 278528 ----a-w- c:\program files\Common Files\FDEUnInstaller.exe
2004-02-29 22:40 . 2004-02-29 22:40 9216 --sha-w- c:\program files\Common Files\Thumbs.db
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2009-05-04 11:56 398776 ----a-w- c:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAB"="c:\documents and settings\Ronnie\Application Data\Macromedia\Common\8506002619.exe" [2009-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SUPASTATUS"="c:\program files\Internet Explorer\Connection Wizard\status.exe" [2002-02-21 588288]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"NAV Agent"="c:\progra~1\NORTON~1\navapw32.exe" [2003-04-20 0]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 53096]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-19 520024]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 44032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-23 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"WAB"="c:\documents and settings\Ronnie\Application Data\Macromedia\Common\8506002619.exe" [2009-12-22 24576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Freeserve Connection Kit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Freeserve Connection Kit.lnk
backup=c:\windows\pss\Freeserve Connection Kit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ronnie^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Ronnie\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
2003-05-21 15:35 4608 ----a-w- c:\windows\system32\carpserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
2001-12-06 12:09 45056 ----a-w- c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
2003-05-28 19:11 94208 ----a-w- c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 06:32 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 13:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2008-02-27 17:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 10:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
2006-05-28 16:24 1003520 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-03-28 01:07 593920 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-03-02 14:54 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Kazaa Lite\\Kazaa.kpp"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/02/2009 16:48 64160]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [28/05/2003 19:01 5632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [02/10/2009 10:55 102712]
S1 ewido security suite driver;ewido security suite driver;\??\c:\program files\ewido\security suite\guard.sys --> c:\program files\ewido\security suite\guard.sys [?]
S2 Ca533av;Dual Mode Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [30/12/2004 20:38 515803]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [09/01/2006 10:14 44928]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 21:34 1028432]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [09/01/2006 10:14 55936]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
mStart Page = hxxp://uk.yahoo.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Yahoo! Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: orange search - file://c:\program files\ORANGE3\Cache\SelectedContextSearch.htm
IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
IE: Yahoo! &Dictionary
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} - file://c:\documents and settings\Ronnie\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{2D8D4E2C-4FF9-4ECE-869F-04B3CB7AFD13} - (no file)
WebBrowser-{F0C320CD-9888-4BEA-B895-0390C2F00A51} - c:\program files\_SUPERBAR\_SUPERBAR.dll
HKCU-Run-uvc7jk640c - c:\windows\msa.exe
HKCU-Run-rundll32.exe - (no file)
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-NoAds - c:\program files\NoAds\NoAds.exe
MSConfigStartUp-OM_Monitor - c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe
MSConfigStartUp-STManager - c:\program files\SpeedTouch\Dr SpeedTouch\drst.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
AddRemove-HijackThis - c:\docume~1\Ronnie\LOCALS~1\Temp\HijackThis.exe
AddRemove-{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A} - c:\program files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 11:30
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\htafile\CLSID]
@DACL=(02 0000)
@="{3050f4d8-98B5-11CF-BB82-00AA00BDCE0B}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1500)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\progra~1\Symantec\NORTON~1\GHOSTS~2.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Norton AntiVirus\IWP\NPFMntor.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Symantec\LiveUpdate\AUpdate.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2009-12-23 11:39:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-23 11:39

Pre-Run: 15,539,470,336 bytes free
Post-Run: 15,726,346,240 bytes free

- - End Of File - - BF049A4D362D8F54CC73B21C7455A617

I had problem where my internet browsers kept saying dns error. so you would think it was an isp problem but no. i used seacrh and destroy along with avast (slightly better than avg) which actually founf the malware problem and deleted it. So what im saying is use 2 virus searches download here http://download.cnet.com/Spybot-Search-Destroy/3000-8022_4-10289035.html. use that alongside your current .virus scanner and tell me the result/

Hi, I already use it and adaware.
What I've been directed to do seems to be working.
Cheers

Hi, thanks for your time.
Here's the log you requested

OK - That looks better. Still a few steps to do, though.


-- If your Norton has expired, you'll need to renew or replace it.
If you want a free alternative, uninstall Norton and replace it with Comodo Firewall + AV
But, you gotta have an up to date AV!

-- Is this folder still on your machine? --> c:\program files\ewido

-- I recommend uninstalling these as they pose security risks:
c:\\Program Files\Kontiki
c:\\Program Files\Kazaa Lite
c:\\Program Files\BearShare Applications

LASTLY:
-- Please delete your copy of ComboFix and download a fresh one to your Desktop
-- Download the attached file CFScript.txt to your Desktop as well
-- Close ALL browser windows and then drag CFScript.txt into ComboFix.exe just like this.

-- Let Combofix run as before and post me that log.

And . . . We'll go from there :)
PP

Hi there, I don't know how to uninstall, they don't show up in add/remove programs. I tried to delete but wouldn't let me. It says can't del. kservice.exe and I get a similar message with ewido.
Shall I carry on with your requests in the meantime.?
Cheers
Ronnie.
PS The comp. is working much better already.

Shall I carry on with your requests in the meantime.?

Go ahead with the CFScript / Combofix step and we'll deal with the others later.

What's up on the AV front?

PP:)

Hi, in the process of deleting av and downloading your suggested one.
I'll get back to you soon and let you know how I get on.
Thanks again and merry christmas.

Ronnie

Hi, here's my latest log.
Cheers.

ComboFix 09-12-24.02 - Ronnie 24/12/2009 22:58:55.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.479.86 [GMT 0:00]
Running from: c:\documents and settings\Ronnie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ronnie\Desktop\CFScript.txt.url
AV: COMODO Antivirus *On-access scanning enabled* (Outdated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
PEV Error: LocalAppDataFile

((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-24 )))))))))))))))))))))))))))))))
.

2009-12-24 22:22 . 2009-12-24 22:22 -------- d-----w- c:\documents and settings\Ronnie\Application Data\Comodo
2009-12-24 22:20 . 2009-12-24 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-12-24 22:20 . 2009-12-24 22:20 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-12-24 22:20 . 2009-12-24 22:20 171552 ----a-w- c:\windows\system32\guard32.dll
2009-12-24 22:20 . 2009-12-24 22:20 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-12-24 22:20 . 2009-12-24 22:20 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-12-24 22:20 . 2009-12-24 22:20 -------- d-----w- c:\program files\COMODO
2009-12-23 10:42 . 2009-12-23 10:42 152576 ----a-w- c:\documents and settings\Ronnie\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-23 10:41 . 2009-12-23 10:41 79488 ----a-w- c:\documents and settings\Ronnie\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-22 16:34 . 2009-12-22 16:34 24576 ----a-w- c:\documents and settings\NetworkService\Application Data\Macromedia\Common\8506002619.exe
2009-12-21 11:21 . 2009-12-21 11:21 -------- d-----w- c:\program files\ESET
2009-12-20 18:57 . 2009-12-20 18:57 -------- d-----w- c:\documents and settings\Ronnie\Application Data\Malwarebytes
2009-12-20 18:57 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-20 18:56 . 2009-12-20 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-20 18:56 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-20 18:56 . 2009-12-20 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-19 13:58 . 2009-12-19 13:58 -------- d-----w- C:\FOUND.068
2009-12-19 13:24 . 2009-12-19 13:24 -------- d-----w- C:\My Shared Folder
2009-12-19 11:12 . 2009-12-19 11:12 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\WSCUpdate.dll
2009-12-19 11:12 . 2009-12-19 11:12 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2009-12-17 19:41 . 2009-12-22 23:56 24576 ----a-w- c:\documents and settings\Ronnie\Application Data\Macromedia\Common\8506002619.exe
2009-12-17 19:41 . 2009-12-22 18:02 103412 ----a-w- c:\documents and settings\Ronnie\Application Data\Macromedia\Common\850600261.dll
2009-12-17 12:10 . 2009-12-17 12:10 -------- d-----w- C:\FOUND.067

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 10:42 . 2008-12-20 10:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-11 18:19 . 2002-09-05 16:35 74080 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-09 21:50 . 2002-04-24 16:55 5058 ----a-w- c:\windows\Help\hhcolreg.dat
2006-09-07 19:21 . 2006-09-07 19:21 278528 ----a-w- c:\program files\Common Files\FDEUnInstaller.exe
2004-02-29 22:40 . 2004-02-29 22:40 9216 --sha-w- c:\program files\Common Files\Thumbs.db
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2009-05-04 11:56 398776 ----a-w- c:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAB"="c:\documents and settings\Ronnie\Application Data\Macromedia\Common\8506002619.exe" [2009-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SUPASTATUS"="c:\program files\Internet Explorer\Connection Wizard\status.exe" [2002-02-21 588288]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-19 520024]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 44032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-23 149280]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-12-24 1800464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"WAB"="c:\documents and settings\Ronnie\Application Data\Macromedia\Common\8506002619.exe" [2009-12-22 24576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Freeserve Connection Kit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Freeserve Connection Kit.lnk
backup=c:\windows\pss\Freeserve Connection Kit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ronnie^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Ronnie\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
2003-05-21 15:35 4608 ----a-w- c:\windows\system32\carpserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
2001-12-06 12:09 45056 ----a-w- c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
2003-05-28 19:11 94208 ----a-w- c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 06:32 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 13:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2008-02-27 17:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 10:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
2006-05-28 16:24 1003520 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-03-28 01:07 593920 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-03-02 14:54 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/02/2009 16:48 64160]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [24/12/2009 22:20 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [24/12/2009 22:20 25160]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [28/05/2003 19:01 5632]
S1 ewido security suite driver;ewido security suite driver;\??\c:\program files\ewido\security suite\guard.sys --> c:\program files\ewido\security suite\guard.sys [?]
S2 Ca533av;Dual Mode Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [30/12/2004 20:38 515803]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [09/01/2006 10:14 44928]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [02/10/2009 10:55 102712]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 21:34 1028432]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [09/01/2006 10:14 55936]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CMDAGENT
*NewlyCreated* - CMDGUARD
*NewlyCreated* - CMDHLP
*NewlyCreated* - INSPECT
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
mStart Page = hxxp://uk.yahoo.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Yahoo! Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: orange search - file://c:\program files\ORANGE3\Cache\SelectedContextSearch.htm
IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
IE: Yahoo! &Dictionary
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} - file://c:\documents and settings\Ronnie\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NAV Agent - c:\progra~1\NORTON~1\navapw32.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 23:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\htafile\CLSID]
@DACL=(02 0000)
@="{3050f4d8-98B5-11CF-BB82-00AA00BDCE0B}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(520)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-24 23:27:40
ComboFix-quarantined-files.txt 2009-12-24 23:27
ComboFix2.txt 2009-12-23 11:39

Pre-Run: 15,330,246,656 bytes free
Post-Run: 15,696,003,072 bytes free

- - End Of File - - 63EBD7B1CA700383E4C87EA4AE7271C1

Hi, here's my latest log.
Cheers.

Hi Ronnie,

That did not run properly. You must download the CFScript .txt file to the desktop. Once the actual file is on the desktop, then you drag that over the combofix icon to start combofix.

Let's try that step again. I will attach a new CFScript.

-- Please delete your copy of ComboFix and download a fresh one to your Desktop
-- Download the attached file CFScript.txt to your Desktop as well
-- Close ALL browser windows and then drag CFScript.txt into ComboFix.exe just like this.

-- Let Combofix run as before and post me that log.


Cheers :)
PP

Hi, hope this worked this time.

Cheers,
Ronnie

ComboFix 09-12-26.04 - Ronnie 27/12/2009 11:10:45.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.479.290 [GMT 0:00]
Running from: c:\documents and settings\Ronnie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ronnie\Desktop\CFScript.txt.url
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-24 22:22 . 2009-12-24 22:22 -------- d-----w- c:\documents and settings\Ronnie\Application Data\Comodo
2009-12-24 22:20 . 2009-12-24 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-12-24 22:20 . 2009-12-24 22:20 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-12-24 22:20 . 2009-12-24 22:20 171552 ----a-w- c:\windows\system32\guard32.dll
2009-12-24 22:20 . 2009-12-24 22:20 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-12-24 22:20 . 2009-12-24 22:20 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-12-24 22:20 . 2009-12-24 22:20 -------- d-----w- c:\program files\COMODO
2009-12-23 10:42 . 2009-12-23 10:42 152576 ----a-w- c:\documents and settings\Ronnie\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-23 10:41 . 2009-12-23 10:41 79488 ----a-w- c:\documents and settings\Ronnie\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-22 16:34 . 2009-12-22 16:34 24576 ----a-w- c:\documents and settings\NetworkService\Application Data\Macromedia\Common\8506002619.exe
2009-12-21 11:21 . 2009-12-21 11:21 -------- d-----w- c:\program files\ESET
2009-12-20 18:57 . 2009-12-20 18:57 -------- d-----w- c:\documents and settings\Ronnie\Application Data\Malwarebytes
2009-12-20 18:57 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-20 18:56 . 2009-12-20 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-20 18:56 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-20 18:56 . 2009-12-20 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-19 13:58 . 2009-12-19 13:58 -------- d-----w- C:\FOUND.068
2009-12-19 13:24 . 2009-12-19 13:24 -------- d-----w- C:\My Shared Folder
2009-12-19 11:12 . 2009-12-19 11:12 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\WSCUpdate.dll
2009-12-19 11:12 . 2009-12-19 11:12 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2009-12-17 19:41 . 2009-12-22 23:56 24576 ----a-w- c:\documents and settings\Ronnie\Application Data\Macromedia\Common\8506002619.exe
2009-12-17 19:41 . 2009-12-22 18:02 103412 ----a-w- c:\documents and settings\Ronnie\Application Data\Macromedia\Common\850600261.dll
2009-12-17 12:10 . 2009-12-17 12:10 -------- d-----w- C:\FOUND.067

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 10:42 . 2008-12-20 10:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-11 18:19 . 2002-09-05 16:35 74080 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-09 21:50 . 2002-04-24 16:55 5058 ----a-w- c:\windows\Help\hhcolreg.dat
2006-09-07 19:21 . 2006-09-07 19:21 278528 ----a-w- c:\program files\Common Files\FDEUnInstaller.exe
2004-02-29 22:40 . 2004-02-29 22:40 9216 --sha-w- c:\program files\Common Files\Thumbs.db
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAB"="c:\documents and settings\Ronnie\Application Data\Macromedia\Common\8506002619.exe" [2009-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SUPASTATUS"="c:\program files\Internet Explorer\Connection Wizard\status.exe" [2002-02-21 588288]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-19 520024]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 44032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-23 149280]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-12-24 1800464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"WAB"="c:\documents and settings\Ronnie\Application Data\Macromedia\Common\8506002619.exe" [2009-12-22 24576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Freeserve Connection Kit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Freeserve Connection Kit.lnk
backup=c:\windows\pss\Freeserve Connection Kit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ronnie^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Ronnie\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
2003-05-21 15:35 4608 ----a-w- c:\windows\system32\carpserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
2001-12-06 12:09 45056 ----a-w- c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
2003-05-28 19:11 94208 ----a-w- c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 06:32 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 13:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2008-02-27 17:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 10:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
2006-05-28 16:24 1003520 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-03-28 01:07 593920 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-03-02 14:54 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/02/2009 16:48 64160]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [24/12/2009 22:20 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [24/12/2009 22:20 25160]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [28/05/2003 19:01 5632]
S1 ewido security suite driver;ewido security suite driver;\??\c:\program files\ewido\security suite\guard.sys --> c:\program files\ewido\security suite\guard.sys [?]
S2 Ca533av;Dual Mode Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [30/12/2004 20:38 515803]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [09/01/2006 10:14 44928]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 21:34 1028432]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [09/01/2006 10:14 55936]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
mStart Page = hxxp://uk.yahoo.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Yahoo! Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: orange search - file://c:\program files\ORANGE3\Cache\SelectedContextSearch.htm
IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
IE: Yahoo! &Dictionary
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} - file://c:\documents and settings\Ronnie\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
.
- - - - ORPHANS REMOVED - - - -

AddRemove-orange3 - c:\program files\orange3\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 11:23
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\htafile\CLSID]
@DACL=(02 0000)
@="{3050f4d8-98B5-11CF-BB82-00AA00BDCE0B}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(3592)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-27 11:29:01
ComboFix-quarantined-files.txt 2009-12-27 11:28
ComboFix2.txt 2009-12-24 23:27
ComboFix3.txt 2009-12-23 11:39

Pre-Run: 15,770,484,736 bytes free
Post-Run: 15,756,886,016 bytes free

- - End Of File - - C91600FD1FA66D933FE457587A4C3347

Hi, hope this worked this time.
Command switches used :: c:\documents and settings\Ronnie\Desktop\CFScript.txt.url

Nope - Same problem.

RightClick on the attachment and choose to save it to the desktop as CFScript.txt
Then, please try again.

Hang in there - we'll get it :)

PP

Hi again,
if this doesn't work I don't know what I'm doing wrong.

Cheers
Ronnie

ComboFix 09-12-26.05 - Ronnie 27/12/2009 22:13:17.4.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.479.287 [GMT 0:00]
Running from: c:\documents and settings\Ronnie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ronnie\Desktop\CFScript.txt
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-24 22:22 . 2009-12-24 22:22 -------- d-----w- c:\documents and settings\Ronnie\Application Data\Comodo
2009-12-24 22:20 . 2009-12-24 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-12-24 22:20 . 2009-12-24 22:20 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-12-24 22:20 . 2009-12-24 22:20 171552 ----a-w- c:\windows\system32\guard32.dll
2009-12-24 22:20 . 2009-12-24 22:20 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-12-24 22:20 . 2009-12-24 22:20 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-12-24 22:20 . 2009-12-24 22:20 -------- d-----w- c:\program files\COMODO
2009-12-23 10:42 . 2009-12-23 10:42 152576 ----a-w- c:\documents and settings\Ronnie\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-23 10:41 . 2009-12-23 10:41 79488 ----a-w- c:\documents and settings\Ronnie\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-22 16:34 . 2009-12-22 16:34 24576 ----a-w- c:\documents and settings\NetworkService\Application Data\Macromedia\Common\8506002619.exe
2009-12-21 11:21 . 2009-12-21 11:21 -------- d-----w- c:\program files\ESET
2009-12-20 18:57 . 2009-12-20 18:57 -------- d-----w- c:\documents and settings\Ronnie\Application Data\Malwarebytes
2009-12-20 18:57 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-20 18:56 . 2009-12-20 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-20 18:56 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-20 18:56 . 2009-12-20 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-19 13:58 . 2009-12-19 13:58 -------- d-----w- C:\FOUND.068
2009-12-19 13:24 . 2009-12-19 13:24 -------- d-----w- C:\My Shared Folder
2009-12-19 11:12 . 2009-12-19 11:12 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\WSCUpdate.dll
2009-12-19 11:12 . 2009-12-19 11:12 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2009-12-17 19:41 . 2009-12-22 23:56 24576 ----a-w- c:\documents and settings\Ronnie\Application Data\Macromedia\Common\8506002619.exe
2009-12-17 19:41 . 2009-12-22 18:02 103412 ----a-w- c:\documents and settings\Ronnie\Application Data\Macromedia\Common\850600261.dll
2009-12-17 12:10 . 2009-12-17 12:10 -------- d-----w- C:\FOUND.067

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 10:42 . 2008-12-20 10:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-11 18:19 . 2002-09-05 16:35 74080 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-09 21:50 . 2002-04-24 16:55 5058 ----a-w- c:\windows\Help\hhcolreg.dat
2006-09-07 19:21 . 2006-09-07 19:21 278528 ----a-w- c:\program files\Common Files\FDEUnInstaller.exe
2004-02-29 22:40 . 2004-02-29 22:40 9216 --sha-w- c:\program files\Common Files\Thumbs.db
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAB"="c:\documents and settings\Ronnie\Application Data\Macromedia\Common\8506002619.exe" [2009-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SUPASTATUS"="c:\program files\Internet Explorer\Connection Wizard\status.exe" [2002-02-21 588288]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-19 520024]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 44032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-23 149280]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-12-24 1800464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"WAB"="c:\documents and settings\Ronnie\Application Data\Macromedia\Common\8506002619.exe" [2009-12-22 24576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Freeserve Connection Kit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Freeserve Connection Kit.lnk
backup=c:\windows\pss\Freeserve Connection Kit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ronnie^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Ronnie\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
2003-05-21 15:35 4608 ----a-w- c:\windows\system32\carpserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
2001-12-06 12:09 45056 ----a-w- c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
2003-05-28 19:11 94208 ----a-w- c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 06:32 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 13:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2008-02-27 17:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 10:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
2006-05-28 16:24 1003520 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-03-28 01:07 593920 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-03-02 14:54 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/02/2009 16:48 64160]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [24/12/2009 22:20 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [24/12/2009 22:20 25160]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [28/05/2003 19:01 5632]
S1 ewido security suite driver;ewido security suite driver;\??\c:\program files\ewido\security suite\guard.sys --> c:\program files\ewido\security suite\guard.sys [?]
S2 Ca533av;Dual Mode Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [30/12/2004 20:38 515803]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [09/01/2006 10:14 44928]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 21:34 1028432]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [09/01/2006 10:14 55936]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
mStart Page = hxxp://uk.yahoo.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Yahoo! Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: orange search - file://c:\program files\ORANGE3\Cache\SelectedContextSearch.htm
IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
IE: Yahoo! &Dictionary
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} - file://c:\documents and settings\Ronnie\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 22:26
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\htafile\CLSID]
@DACL=(02 0000)
@="{3050f4d8-98B5-11CF-BB82-00AA00BDCE0B}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(3352)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
.
Completion time: 2009-12-27 22:31:26
ComboFix-quarantined-files.txt 2009-12-27 22:31
ComboFix2.txt 2009-12-27 11:29
ComboFix3.txt 2009-12-24 23:27
ComboFix4.txt 2009-12-23 11:39

Pre-Run: 15,761,702,912 bytes free
Post-Run: 15,748,956,160 bytes free

- - End Of File - - 966166228315C0533AE080098054984E

Well . . . For some reason this isn't working.

That last one should've worked.
We'll just go ahead and remove those remaining items manually. I'll put something together to do that as soon as I get a bit of time.

PP:)

Hi there,
I don't understand why it's not working.
Everything seem ok, I drag the .txt file over, the green bar shows then the program runs.
I wait for your instruction.
Cheers
Ronnie

Hi there,
I don't understand why it's not working.
Everything seem ok, I drag the .txt file over, the green bar shows then the program runs.

That should've worked.

No worries - let's do this:

Let's remove Combofix and the files/folders it created:
• Click Start > Run
• Type or Copy&Paste ComboFix /Uninstall into the Run box. (Be sure there is a space between the x and the / if you type it)
• Click OK

This will remove Combofix and it’s components from your machine.
It will also reset your clock, re-hide System and Hidden Files and hide File Extensions.
Last, but certainly not least, doing this will reset System Restore.


-- Then, please download the attached FixIt.zip and RightClick it and extract the FixIt.bat from the ZIP to the Desktop.
DoubleClick FixIt.bat to run it - should go really quickly.
A log will pop up upon completion - please post that for me.

PP:)

Hi again,
I've done what you asked but nothing happens.
A dos window open and nothing happens. The heading is c:\windows\system32\cmd.exe
Hope I'm not doing something wrong.

Cheers,

Ronnie

Hope I'm not doing something wrong.

I don't understand how you could possibly be doing anything wrong - not much to mess up :)

That is odd . . . No log pops up? Even if the batch file doesn't do anything, a log ought to pop up.

Based on the previous scanlogs, your machine is for the most part free of malware. Just a few minor cleanup items. So, I'm not sure what the problem could be in executing a simple batch file......

-- Were you able to uninstall combofix with no problems?

-- What does it say in the dos box when you run the batch file?

PP:)

Hi there,
Uninstalled combofix ok.
The dos (headed c:\windows\system32\cmd.exe) is blank with the cursor flashing (if that's the correct expression).
Task manager showes it running but it's been a couple of hours with no change?
I do have an old system if it makes any odds? (almost nine years and a couple of memory upgrades)
I look forward to your reply.
Cheers,
Ronnie

The dos (headed c:\windows\system32\cmd.exe) is blank with the cursor flashing (if that's the correct expression).
Task manager showes it running but it's been a couple of hours with no change?

A batch file is the simplest of the simple - this one takes about 2-3 seconds to complete.

Works just fine on my XP box.

Try this - RightClick FixIt.bat and rename it FixIt.cmd and see if it will run properly.


If that fails, please try this:
Open a command prompt (START > RUN > type cmd > ENTER)
At the prompt, Copy & Paste each line in Red below one at a time and hit ENTER after each line (lines end with peek.txt).
(You could do it all at once, but I'd rather try line by line)

Please post the peek.txt and let me know if any errors occurred.

del /f "C:\FOUND.068" >>%systemdrive%\Peek.txt

del /f "C:\FOUND.067" >>%systemdrive%\Peek.txt

del /f "C:\documents and settings\Ronnie\Application Data\Macromedia\Common\8506002619.exe" >>%systemdrive%\Peek.txt

del /f "C:\documents and settings\Ronnie\Application Data\Macromedia\Common\850600261.dll" >>%systemdrive%\Peek.txt

del /f "C:\documents and settings\NetworkService\Application Data\Macromedia\Common\8506002619.exe" >>%systemdrive%\Peek.txt

reg delete HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v WAB /f >>%systemdrive%\Peek.txt

reg delete HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /v WAB /f >>%systemdrive%\Peek.txt

dir /a /s "C:\Program Files\Kontiki" >>%systemdrive%\Peek.txt

dir /a /s "C:\Program Files\Kazaa Lite" >>%systemdrive%\Peek.txt

dir /a /s "C:\Program Files\BearShare Applications" >>%systemdrive%\Peek.txt

dir /a /s "C:\program files\ewido" >>%systemdrive%\Peek.txt

notepad %systemdrive%\Peek.txt

PP:)

Hi there,
Nothing seem to work from the dos box.
I pasted the lines as you instructed and hit enter, the cursor moved down a line and nothing else.
I tried manually deleting the first two you detailed and .068 couldn't delete because something else mey be using it. .067 deleted ok.
I didn't want to go any further.
I await you instructione.
Cheers,
Ronnie
PS
I think the following address might be wrong: del /f "C:\documents and settings\NetworkService\Application Data\Macromedia\Common\8506002619.exe" >>%systemdrive%\Peek.txt
Instead of networkService it should be ronnie.
Done a search but didn't delete it before your ok.

I think the following address might be wrong: del /f "C:\documents and settings\NetworkService\Application Data\Macromedia\Common\8506002619.exe" >>%systemdrive%\Peek.txt
Instead of networkService it should be ronnie.
Done a search but didn't delete it before your ok.

Your logs indicated the Network Service Folder. Are you certain it is not there?
- See if C:\peek.txt was created. If so, please post that for me.

I want to look at those C:\FOUND.* items. If my memory serves correctly, they are baddies.
Please upload them for analysis here --> http://virusscan.jotti.org/

Let me know what you find.

Cheers :)
pp

Hi there,
Thanks for your perseverance.
I only scanned the one file for now just to make sure the results are what you expect. I scanned .068, the results are below along with the peek.txt.
Is it ok for me to try and delete the Found files manually (I managed to delete .067 ok) and maybe try and do the same with the ones you highlighted in red.
Cheers,
Ronnie

peek.txt
Microsoft Windows XP [Version 5.1.2600]
31/12/2009
14:22
C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)?

FILE0000.CHK
Status: Scan finished. 9 out of 20 scanners reported malware.
Scan taken on: Sat 2 Jan 2010 10:53:00 (CET) Permalink

01 Found nothing 2010-01-02 Trojan.Win32.Agent.ddcs
2010-01-02 Trojan.Win32.Riern!IK 2010-01-02 Win32:Trojan-gen
2009-12-31 Win32:Trojan-gen 2010-01-02 Trojan.Win32.Riern
2010-01-01 Found nothing 2010-01-02 Trojan.Win32.Agent.ddcs
2010-01-01 Found nothing 2010-01-01 Win32/Riern.D
2010-01-02 Found nothing 2010-01-01 Found nothing
2010-01-01 Found nothing 2009-12-31 Trojan.Agent.ddcs
2010-01-02 Found nothing 2010-01-02 Troj/Agent-MAN
2010-01-02 Found nothing 2010-01-01 Found nothing
2010-01-01 Found nothing 2010-01-01 Found nothing

Hi there,
Thanks for your perseverance.
I only scanned the one file for now just to make sure the results are what you expect. I scanned .068, the results are below along with the peek.txt.
Is it ok for me to try and delete the Found files manually (I managed to delete .067 ok) and maybe try and do the same with the ones you highlighted in red.

All those in red are related baddies and need to go.

-- Try booting to Safe Mode and then open the command prompt and try all of the commands again and post the new C:\peek.txt.

I am surprised MBAM doesn't get this. You should also try updating MBAM to the latest definitions and running the Full Scan in Normal Windows boot.
Please post me that log.

Reboot after running MBAM.

This particular baddie should not be putting up such a fight....


Happy New Year :)
Pp

Hi again,
Tried in safe mode but still the same.
Ran MBAM again, deleted quarantine files. Manually deleted all FOUND folders including .068. ( i hope it was ok to do this)
Tried cmd box again and some worked and some not found.
I did not do it in any particular order as I didn't expect it to work.
It did create a log.
Please find below the peek log and the MBAM one.
Note there is a before and after log for MBAM.
I hope this is ok for you.
Cheers,
Ronnie

C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? C:\FOUND.068\*, Are you sure (Y/N)? Volume in drive C is MF20G-4
Volume Serial Number is A8E5-E897

Directory of C:\Program Files\Kontiki

14/06/2008 16:19 <DIR> .
14/06/2008 16:19 <DIR> ..
14/06/2008 16:19 <DIR> iplayer_live
27/02/2008 17:56 1,032,376 KHost.exe
27/02/2008 17:56 3,072,184 KService.exe
27/02/2008 17:56 1,040 kdx.inf
27/02/2008 17:56 1,975 errorlog.cfg
4 File(s) 4,107,575 bytes

Directory of C:\Program Files\Kontiki\iplayer_live

14/06/2008 16:19 <DIR> .
14/06/2008 16:19 <DIR> ..
14/06/2008 16:19 <DIR> cache
27/02/2008 17:56 118,784 copykdxfile.exe
27/02/2008 17:56 1,975 errorlog.cfg
27/02/2008 17:56 1,040 kdxcopy.inf
27/02/2008 17:56 31,009 zprefs_db_netman.xml.read
4 File(s) 152,808 bytes

Directory of C:\Program Files\Kontiki\iplayer_live\cache

14/06/2008 16:19 <DIR> .
14/06/2008 16:19 <DIR> ..
27/02/2008 17:56 6,838 atk.js
27/02/2008 17:56 1,227 bbc_capability.js
27/02/2008 17:56 14,218 bbc_dom.js
27/02/2008 17:56 10,302 bbc_effect.js
27/02/2008 17:56 3,257 bbc_events.js
27/02/2008 17:56 2,548 bbc_plugins.js
27/02/2008 17:56 3,065 bbc_request.js
27/02/2008 17:56 7,739 bbc_utilities.js
27/02/2008 17:56 1,740 bbcip_download_bbc_one.gif
27/02/2008 17:56 762 bbcip_download_bbc_two.gif
27/02/2008 17:56 608 bbcip_download_bbcblocks.gif
27/02/2008 17:56 1,493 bbcip_download_bbcfour.gif
27/02/2008 17:56 1,547 bbcip_download_bbcnews.gif
27/02/2008 17:56 1,667 bbcip_download_bbcnews24.gif
27/02/2008 17:56 1,681 bbcip_download_bbcparliament.gif
27/02/2008 17:56 2,159 bbcip_download_bbcthree.gif
27/02/2008 17:56 1,167 bbcip_download-button.gif
27/02/2008 17:56 1,734 bbcip_download_cbbc.gif
27/02/2008 17:56 1,754 bbcip_download_cbeebies.gif
27/02/2008 17:56 1,198 bbcip_download_circle_animation.gif
27/02/2008 17:56 1,650 bbcip_download-default_thumbnail.jpg
27/02/2008 17:56 1,033 bbcip_download-delete.gif
27/02/2008 17:56 138 bbcip_download-delete-btn.gif
27/02/2008 17:56 73 bbcip_download-expiry_clock.gif
27/02/2008 17:56 108 bbcip_download-expiry_green.gif
27/02/2008 17:56 92 bbcip_download-expiry_new.gif
27/02/2008 17:56 99 bbcip_download-expiry_new1.gif
27/02/2008 17:56 108 bbcip_download-expiry_yellow.gif
27/02/2008 17:56 169 bbcip_download-folder_closed.gif
27/02/2008 17:56 168 bbcip_download-folder_open.gif
27/02/2008 17:56 465 bbcip_download-guidance.gif
27/02/2008 17:56 452 bbcip_download-guidance_black.gif
27/02/2008 17:56 1,102 bbcip_download-help.gif
27/02/2008 17:56 53 bbcip_download-panel_closed.gif
27/02/2008 17:56 51 bbcip_download-panel_open.gif
27/02/2008 17:56 1,010 bbcip_download-pause.gif
27/02/2008 17:56 91 bbcip_download-pause-btn.gif
27/02/2008 17:56 34,472 bbcip_download-progress-bg.gif
27/02/2008 17:56 110 bbcip_download-progress-pink.gif
27/02/2008 17:56 1,786 bbcip_download-progress-stop-bg.gif
27/02/2008 17:56 319 bbcip_download-resume-btn.gif
27/02/2008 17:56 94 bbcip_download-selected-bg.gif
27/02/2008 17:56 550 bbcip_download-status-offline.gif
27/02/2008 17:56 550 bbcip_download-status-online.gif
27/02/2008 17:56 211 bbcip_download-table-bg.gif
27/02/2008 17:56 1,463 bip_logo_lrg_grad_bg.gif
27/02/2008 17:56 686 bip_logo_med_blk_bg.gif
27/02/2008 17:56 1,425 bip_logo_med_grad_bg.gif
27/02/2008 17:56 2,021 blq_iplayer_tpl.css
27/02/2008 17:56 255 blq_iplayer_tpl_linear.css
27/02/2008 17:56 1,146 colour_scheme01.css
27/02/2008 17:56 1,130 colour_scheme02.css
27/02/2008 17:56 1,134 colour_scheme03.css
27/02/2008 17:56 1,129 colour_scheme04.css
27/02/2008 17:56 1,131 colour_scheme05.css
27/02/2008 17:56 1,151 colour_scheme06.css
27/02/2008 17:56 1,130 colour_scheme07.css
27/02/2008 17:56 1,130 colour_scheme08.css
27/02/2008 17:56 1,127 colour_scheme09.css
27/02/2008 17:56 1,118 colour_scheme10.css
27/02/2008 17:56 1,127 colour_scheme11.css
27/02/2008 17:56 8,338 console_application_console-controller.js
27/02/2008 17:56 7,923 console_application_custom-controls.js
27/02/2008 17:56 139 console_application_media-object.js
27/02/2008 17:56 10,148 console_application_player.js
27/02/2008 17:56 3,158 console_application_subtitles.js
27/02/2008 17:56 4,920 console_console.css
27/02/2008 17:56 372 console_console-ie-lte-6.css
27/02/2008 17:56 190 console_controls_bg.gif
27/02/2008 17:56 3,546 console_core.js
27/02/2008 17:56 23,274 console_download.html
27/02/2008 17:56 910 console_fullscreen.gif
27/02/2008 17:56 1,368 console_layout.css
27/02/2008 17:56 125 console_media-links-transparency.png
27/02/2008 17:56 888 console_pause.gif
27/02/2008 17:56 898 console_play.gif
27/02/2008 17:56 913 console_restart.gif
27/02/2008 17:56 49 console_slider_bg.gif
27/02/2008 17:56 935 console_subtitles.gif
27/02/2008 17:56 49 console_timeline_bg.gif
27/02/2008 17:56 3,540 console_ui_drag.js
27/02/2008 17:56 509 console_ui_mouse-event.js
27/02/2008 17:56 1,178 console_vol_display_full.gif
27/02/2008 17:56 1,124 console_vol_display_half.gif
27/02/2008 17:56 1,066 console_vol_display_low.gif
27/02/2008 17:56 1,057 console_vol_display_mute.gif
27/02/2008 17:56 1,139 console_vol_down.gif
27/02/2008 17:56 1,153 console_vol_up.gif
27/02/2008 17:56 149 console_wm_launch.gif
27/02/2008 17:56 2,517,617 default_ident.wmv
27/02/2008 17:56 2,072 dialog_about.html
27/02/2008 17:56 5,405 dialog_bg.jpg
27/02/2008 17:56 7,830 dialog_complete.html
27/02/2008 17:56 14,130 dialog_core.js
27/02/2008 17:56 1,313 dialog_error.html
27/02/2008 17:56 7,462 dialog_indiv.html
27/02/2008 17:56 2,115 dialog_menu-tray.html
27/02/2008 17:56 5,616 dialog_notify.html
27/02/2008 17:56 5,478 dialog_progress.html
27/02/2008 17:56 4,290 dialog_splash.html
27/02/2008 17:56 1,304 dialogs.css
27/02/2008 17:56 9,807 download.css
27/02/2008 17:56 149 download_button-background.gif
27/02/2008 17:56 95 download_button-bg-pink.gif
27/02/2008 17:56 1,102 download_button-play.gif
27/02/2008 17:56 106 download_control.js
27/02/2008 17:56 8,492 download_core.js
27/02/2008 17:56 1,330 download_core_media-array-manage.js
27/02/2008 17:56 1,766 download_core-ui.js
27/02/2008 17:56 725 download_core-ui-animationcontroller.js
27/02/2008 17:56 1,934 download_core-ui-animations-processors-abstract.js
27/02/2008 17:56 1,399 download_core-ui-animations-processors-bounce.js
27/02/2008 17:56 1,055 download_core-ui-animations-processors-sincurve.js
27/02/2008 17:56 2,661 download_core-ui-animations-tween.js
27/02/2008 17:56 1,307 download_core-ui-animations-verticaltween.js
27/02/2008 17:56 2,505 download_core-ui-columnheading.js
27/02/2008 17:56 853 download_core-ui-elementcache.js
27/02/2008 17:56 1,409 download_core-ui-infopanelcontroller.js
27/02/2008 17:56 8,870 download_core-ui-library.js
27/02/2008 17:56 7,351 download_core-ui-status.js
27/02/2008 17:56 174 download_core_ui-update.js
27/02/2008 17:56 970 download_core-ui-updates.js
27/02/2008 17:56 2,313 download_events.js
27/02/2008 17:56 11,102 download_index.html
27/02/2008 17:56 67 download_input-background.gif
27/02/2008 17:56 335 download_library-above.gif
27/02/2008 17:56 157 download_notify-bottom.gif
27/02/2008 17:56 157 download_notify-top.gif
27/02/2008 17:56 1,484 download_write.js
27/02/2008 17:56 2,015 download_write_download.js
27/02/2008 17:56 2,900 download_write_info-panel.js
27/02/2008 17:56 96 download_write_library.js
27/02/2008 17:56 910 fullscreen.gif
27/02/2008 17:56 4,206 global.css
27/02/2008 17:56 9,568 global_control.js
27/02/2008 17:56 29,628 global_core.js
27/02/2008 17:56 12,066 global_core_client-update.js
27/02/2008 17:56 4,100 global_core_data.js
27/02/2008 17:56 2,997 global_core_disk-usage.js
27/02/2008 17:56 4,485 global_core-display.css
27/02/2008 17:56 20,127 global_core-display.js
27/02/2008 17:56 13,063 global_core-display-dialog.js
27/02/2008 17:56 1,614 global_core-display-dialog-alert.js
27/02/2008 17:56 1,880 global_core-display-dialog-confirm.js
27/02/2008 17:56 32,096 global_core-display-dialog-content.js
27/02/2008 17:56 4,799 global_core-display-displayoptions.js
27/02/2008 17:56 6,977 global_core_format-date.js
27/02/2008 17:56 2,671 global_core-guidance.js
27/02/2008 17:56 18,246 global_core-library.js
27/02/2008 17:56 1,937 global_core-library-arraysort.js
27/02/2008 17:56 610 global_core-library-events.js
27/02/2008 17:56 12,376 global_core-library-mediamanager.js
27/02/2008 17:56 884 global_core-library-metadatamap.js
27/02/2008 17:56 11,144 global_core-library-moiddownloadhandler.js
27/02/2008 17:56 5,100 global_core-library-moidinfopanel.js
27/02/2008 17:56 5,224 global_core-library-moidlibraryhandler.js
27/02/2008 17:56 18,077 global_core-library-moidobject.js
27/02/2008 17:56 277 global_core-library-watch-downloadcontrols.js
27/02/2008 17:56 739 global_core-library-watch-itemdeleted.js
27/02/2008 17:56 1,275 global_core-library-watch-itemselect.js
27/02/2008 17:56 978 global_core-library-watch-metadataupdated.js
27/02/2008 17:56 550 global_core-library-watch-seriesopened.js
27/02/2008 17:56 419 global_core-library-watch-seriesselect.js
27/02/2008 17:56 454 global_core-library-watch-seriesupdated.js
27/02/2008 17:56 688 global_core-library-watch-sortorderchanged.js
27/02/2008 17:56 1,699 global_core-mediaitem.js
27/02/2008 17:56 6,665 global_core-pin.js
27/02/2008 17:56 1,124 global_event-template.html
27/02/2008 17:56 3,667 global_events.js
27/02/2008 17:56 17,264 global_profile-core.js
27/02/2008 17:56 12,752 global_profile-template.html
27/02/2008 17:56 4,705 global_template.html
27/02/2008 17:56 3,597 global_write.js
27/02/2008 17:56 13,094 indiv.wmv
27/02/2008 17:56 17,425 inet_manager.js
27/02/2008 17:56 17,542 iPlayer.ico
27/02/2008 17:56 25,214 iPlayer_old.ico
27/02/2008 17:56 17,542 iPlayer-uninst.ico
27/02/2008 17:56 20,629 kdx.js
27/02/2008 17:56 19,090 kdx_init.js
27/02/2008 17:56 9,672 kdx_util.js
27/02/2008 17:56 6,237 LicenceDelivery.wsdl
27/02/2008 17:56 118 link_highlighter00.css
27/02/2008 17:56 118 link_highlighter01.css
27/02/2008 17:56 118 link_highlighter02.css
27/02/2008 17:56 118 link_highlighter03.css
27/02/2008 17:56 124 link_highlighter04.css
27/02/2008 17:56 124 link_highlighter05.css
27/02/2008 17:56 124 link_highlighter06.css
27/02/2008 17:56 124 link_highlighter07.css
27/02/2008 17:56 124 link_highlighter08.css
27/02/2008 17:56 124 link_highlighter09.css
27/02/2008 17:56 124 link_highlighter10.css
27/02/2008 17:56 124 link_highlighter11.css
27/02/2008 17:56 1,308 logger.css
27/02/2008 17:56 16,171 logger.html
27/02/2008 17:56 7,745 logger.js
27/02/2008 17:56 122 logger_slide_close.png
27/02/2008 17:56 130 logger_slide_open.png
27/02/2008 17:56 171 low_graphics.css
27/02/2008 17:56 57 page_font_arial.css
27/02/2008 17:56 64 page_font_courier.css
27/02/2008 17:56 62 page_font_times.css
27/02/2008 17:56 65 page_font_verdana.css
27/02/2008 17:56 888 pause.gif
27/02/2008 17:56 898 play.gif
27/02/2008 17:56 913 restart.gif
27/02/2008 17:56 4,491 RevokedEnquiryService.wsdl
27/02/2008 17:56 12,845 settings.html
27/02/2008 17:56 5,112 settings_control.js
27/02/2008 17:56 1,914 settings_control-slider.js
27/02/2008 17:56 5,818 settings_core.css
27/02/2008 17:56 2,417 settings_core.js
27/02/2008 17:56 9,397 settings_core-pin.js
27/02/2008 17:56 2,313 settings_write.js
27/02/2008 17:56 935 subtitles.gif
27/02/2008 17:56 75 text_size01.css
27/02/2008 17:56 77 text_size02.css
27/02/2008 17:56 75 text_size03.css
27/02/2008 17:56 76 text_size04.css
27/02/2008 17:56 76 text_size05.css
27/02/2008 17:56 76 text_size06.css
27/02/2008 17:56 75 text_size11.css
27/02/2008 17:56 75 text_size12.css
27/02/2008 17:56 228 text_spacing01.css
27/02/2008 17:56 228 text_spacing02.css
27/02/2008 17:56 228 text_spacing03.css
27/02/2008 17:56 937 tray.gif
27/02/2008 17:56 17,542 tray0.ico
27/02/2008 17:56 2,862 tray1.ico
27/02/2008 17:56 2,862 tray2.ico
27/02/2008 17:56 97,566 tvtest.ico
27/02/2008 17:56 835 vol_down.gif
27/02/2008 17:56 879 vol_up.gif
27/02/2008 17:56 149 wm_launch.gif
27/02/2008 17:56 14,168 wmrm.js
27/02/2008 17:56 10,470 wmrr.js
237 File(s) 3,511,279 bytes

Total Files Listed:
245 File(s) 7,771,662 bytes
8 Dir(s) 15,737,323,520 bytes free
Volume in drive C is MF20G-4
Volume Serial Number is A8E5-E897

Directory of C:\Program Files\Kontiki

14/06/2008 16:19 <DIR> .
14/06/2008 16:19 <DIR> ..
14/06/2008 16:19 <DIR> iplayer_live
27/02/2008 17:56 1,032,376 KHost.exe
27/02/2008 17:56 3,072,184 KService.exe
27/02/2008 17:56 1,040 kdx.inf
27/02/2008 17:56 1,975 errorlog.cfg
4 File(s) 4,107,575 bytes

Directory of C:\Program Files\Kontiki\iplayer_live

14/06/2008 16:19 <DIR> .
14/06/2008 16:19 <DIR> ..
14/06/2008 16:19 <DIR> cache
27/02/2008 17:56 118,784 copykdxfile.exe
27/02/2008 17:56 1,975 errorlog.cfg
27/02/2008 17:56 1,040 kdxcopy.inf
27/02/2008 17:56 31,009 zprefs_db_netman.xml.read
4 File(s) 152,808 bytes

Directory of C:\Program Files\Kontiki\iplayer_live\cache

14/06/2008 16:19 <DIR> .
14/06/2008 16:19 <DIR> ..
27/02/2008 17:56 6,838 atk.js
27/02/2008 17:56 1,227 bbc_capability.js
27/02/2008 17:56 14,218 bbc_dom.js
27/02/2008 17:56 10,302 bbc_effect.js
27/02/2008 17:56 3,257 bbc_events.js
27/02/2008 17:56 2,548 bbc_plugins.js
27/02/2008 17:56 3,065 bbc_request.js
27/02/2008 17:56 7,739 bbc_utilities.js
27/02/2008 17:56 1,740 bbcip_download_bbc_one.gif
27/02/2008 17:56 762 bbcip_download_bbc_two.gif
27/02/2008 17:56 608 bbcip_download_bbcblocks.gif
27/02/2008 17:56 1,493 bbcip_download_bbcfour.gif
27/02/2008 17:56 1,547 bbcip_download_bbcnews.gif
27/02/2008 17:56 1,667 bbcip_download_bbcnews24.gif
27/02/2008 17:56 1,681 bbcip_download_bbcparliament.gif
27/02/2008 17:56 2,159 bbcip_download_bbcthree.gif
27/02/2008 17:56 1,167 bbcip_download-button.gif
27/02/2008 17:56 1,734 bbcip_download_cbbc.gif
27/02/2008 17:56 1,754 bbcip_download_cbeebies.gif
27/02/2008 17:56 1,198 bbcip_download_circle_animation.gif
27/02/2008 17:56 1,650 bbcip_download-default_thumbnail.jpg
27/02/2008 17:56 1,033 bbcip_download-delete.gif
27/02/2008 17:56 138 bbcip_download-delete-btn.gif
27/02/2008 17:56 73 bbcip_download-expiry_clock.gif
27/02/2008 17:56 108 bbcip_download-expiry_green.gif
27/02/2008 17:56 92 bbcip_download-expiry_new.gif
27/02/2008 17:56 99 bbcip_download-expiry_new1.gif
27/02/2008 17:56 108 bbcip_download-expiry_yellow.gif
27/02/2008 17:56 169 bbcip_download-folder_closed.gif
27/02/2008 17:56 168 bbcip_download-folder_open.gif
27/02/2008 17:56 465 bbcip_download-guidance.gif
27/02/2008 17:56 452 bbcip_download-guidance_black.gif
27/02/2008 17:56 1,102 bbcip_download-help.gif
27/02/2008 17:56 53 bbcip_download-panel_closed.gif
27/02/2008 17:56 51 bbcip_download-panel_open.gif
27/02/2008 17:56 1,010 bbcip_download-pause.gif
27/02/2008 17:56 91 bbcip_download-pause-btn.gif
27/02/2008 17:56 34,472 bbcip_download-progress-bg.gif
27/02/2008 17:56 110 bbcip_download-progress-pink.gif
27/02/2008 17:56 1,786 bbcip_download-progress-stop-bg.gif
27/02/2008 17:56 319 bbcip_download-resume-btn.gif
27/02/2008 17:56 94 bbcip_download-selected-bg.gif
27/02/2008 17:56 550 bbcip_download-status-offline.gif
27/02/2008 17:56 550 bbcip_download-status-online.gif
27/02/2008 17:56 211 bbcip_download-table-bg.gif
27/02/2008 17:56 1,463 bip_logo_lrg_grad_bg.gif
27/02/2008 17:56 686 bip_logo_med_blk_bg.gif
27/02/2008 17:56 1,425 bip_logo_med_grad_bg.gif
27/02/2008 17:56 2,021 blq_iplayer_tpl.css
27/02/2008 17:56 255 blq_iplayer_tpl_linear.css
27/02/2008 17:56 1,146 colour_scheme01.css
27/02/2008 17:56 1,130 colour_scheme02.css
27/02/2008 17:56 1,134 colour_scheme03.css
27/02/2008 17:56 1,129 colour_scheme04.css
27/02/2008 17:56 1,131 colour_scheme05.css
27/02/2008 17:56 1,151 colour_scheme06.css
27/02/2008 17:56 1,130 colour_scheme07.css
27/02/2008 17:56 1,130 colour_scheme08.css
27/02/2008 17:56 1,127 colour_scheme09.css
27/02/2008 17:56 1,118 colour_scheme10.css
27/02/2008 17:56 1,127 colour_scheme11.css
27/02/2008 17:56 8,338 console_application_console-controller.js
27/02/2008 17:56 7,923 console_application_custom-controls.js
27/02/2008 17:56 139 console_application_media-object.js
27/02/2008 17:56 10,148 console_application_player.js
27/02/2008 17:56 3,158 console_application_subtitles.js
27/02/2008 17:56 4,920 console_console.css
27/02/2008 17:56 372 console_console-ie-lte-6.css
27/02/2008 17:56 190 console_controls_bg.gif
27/02/2008 17:56 3,546 console_core.js
27/02/2008 17:56 23,274 console_download.html
27/02/2008 17:56 910 console_fullscreen.gif
27/02/2008 17:56 1,368 console_layout.css
27/02/2008 17:56 125 console_media-links-transparency.png
27/02/2008 17:56 888 console_pause.gif
27/02/2008 17:56 898 console_play.gif
27/02/2008 17:56 913 console_restart.gif
27/02/2008 17:56 49 console_slider_bg.gif
27/02/2008 17:56 935 console_subtitles.gif
27/02/2008 17:56 49 console_timeline_bg.gif
27/02/2008 17:56 3,540 console_ui_drag.js
27/02/2008 17:56 509 console_ui_mouse-event.js
27/02/2008 17:56 1,178 console_vol_display_full.gif
27/02/2008 17:56 1,124 console_vol_display_half.gif
27/02/2008 17:56 1,066 console_vol_display_low.gif
27/02/2008 17:56 1,057 console_vol_display_mute.gif
27/02/2008 17:56 1,139 console_vol_down.gif
27/02/2008 17:56 1,153 console_vol_up.gif
27/02/2008 17:56 149 console_wm_launch.gif
27/02/2008 17:56 2,517,617 default_ident.wmv
27/02/2008 17:56 2,072 dialog_about.html
27/02/2008 17:56 5,405 dialog_bg.jpg
27/02/2008 17:56 7,830 dialog_complete.html
27/02/2008 17:56 14,130 dialog_core.js
27/02/2008 17:56 1,313 dialog_error.html
27/02/2008 17:56 7,462 dialog_indiv.html
27/02/2008 17:56 2,115 dialog_menu-tray.html
27/02/2008 17:56 5,616 dialog_notify.html
27/02/2008 17:56 5,478 dialog_progress.html
27/02/2008 17:56 4,290 dialog_splash.html
27/02/2008 17:56 1,304 dialogs.css
27/02/2008 17:56 9,807 download.css
27/02/2008 17:56 149 download_button-background.gif
27/02/2008 17:56 95 download_button-bg-pink.gif
27/02/2008 17:56 1,102 download_button-play.gif
27/02/2008 17:56 106 download_control.js
27/02/2008 17:56 8,492 download_core.js
27/02/2008 17:56 1,330 download_core_media-array-manage.js
27/02/2008 17:56 1,766 download_core-ui.js
27/02/2008 17:56 725 download_core-ui-animationcontroller.js
27/02/2008 17:56 1,934 download_core-ui-animations-processors-abstract.js
27/02/2008 17:56 1,399 download_core-ui-animations-processors-bounce.js
27/02/2008 17:56 1,055 download_core-ui-animations-processors-sincurve.js
27/02/2008 17:56 2,661 download_core-ui-animations-tween.js
27/02/2008 17:56 1,307 download_core-ui-animations-verticaltween.js
27/02/2008 17:56 2,505 download_core-ui-columnheading.js
27/02/2008 17:56 853 download_core-ui-elementcache.js
27/02/2008 17:56 1,409 download_core-ui-infopanelcontroller.js
27/02/2008 17:56 8,870 download_core-ui-library.js
27/02/2008 17:56 7,351 download_core-ui-status.js
27/02/2008 17:56 174 download_core_ui-update.js
27/02/2008 17:56 970 download_core-ui-updates.js
27/02/2008 17:56 2,313 download_events.js
27/02/2008 17:56 11,102 download_index.html
27/02/2008 17:56 67 download_input-background.gif
27/02/2008 17:56 335 download_library-above.gif
27/02/2008 17:56 157 download_notify-bottom.gif
27/02/2008 17:56 157 download_notify-top.gif
27/02/2008 17:56 1,484 download_write.js
27/02/2008 17:56 2,015 download_write_download.js
27/02/2008 17:56 2,900 download_write_info-panel.js
27/02/2008 17:56 96 download_write_library.js
27/02/2008 17:56 910 fullscreen.gif
27/02/2008 17:56 4,206 global.css
27/02/2008 17:56 9,568 global_control.js
27/02/2008 17:56 29,628 global_core.js
27/02/2008 17:56 12,066 global_core_client-update.js
27/02/2008 17:56 4,100 global_core_data.js
27/02/2008 17:56 2,997 global_core_disk-usage.js
27/02/2008 17:56 4,485 global_core-display.css
27/02/2008 17:56 20,127 global_core-display.js
27/02/2008 17:56 13,063 global_core-display-dialog.js
27/02/2008 17:56 1,614 global_core-display-dialog-alert.js
27/02/2008 17:56 1,880 global_core-display-dialog-confirm.js
27/02/2008 17:56 32,096 global_core-display-dialog-content.js
27/02/2008 17:56 4,799 global_core-display-displayoptions.js
27/02/2008 17:56 6,977 global_core_format-date.js
27/02/2008 17:56 2,671 global_core-guidance.js
27/02/2008 17:56 18,246 global_core-library.js
27/02/2008 17:56 1,937 global_core-library-arraysort.js
27/02/2008 17:56 610 global_core-library-events.js
27/02/2008 17:56 12,376 global_core-library-mediamanager.js
27/02/2008 17:56 884 global_core-library-metadatamap.js
27/02/2008 17:56 11,144 global_core-library-moiddownloadhandler.js
27/02/2008 17:56 5,100 global_core-library-moidinfopanel.js
27/02/2008 17:56 5,224 global_core-library-moidlibraryhandler.js
27/02/2008 17:56 18,077 global_core-library-moidobject.js
27/02/2008 17:56 277 global_core-library-watch-downloadcontrols.js
27/02/2008 17:56 739 global_core-library-watch-itemdeleted.js
27/02/2008 17:56 1,275 global_core-library-watch-itemselect.js
27/02/2008 17:56 978 global_core-library-watch-metadataupdated.js
27/02/2008 17:56 550 global_core-library-watch-seriesopened.js
27/02/2008 17:56 419 global_core-library-watch-seriesselect.js
27/02/2008 17:56 454 global_core-library-watch-seriesupdated.js
27/02/2008 17:56 688 global_core-library-watch-sortorderchanged.js
27/02/2008 17:56 1,699 global_core-mediaitem.js
27/02/2008 17:56 6,665 global_core-pin.js
27/02/2008 17:56 1,124 global_event-template.html
27/02/2008 17:56 3,667 global_events.js
27/02/2008 17:56 17,264 global_profile-core.js
27/02/2008 17:56 12,752 global_profile-template.html
27/02/2008 17:56 4,705 global_template.html
27/02/2008 17:56 3,597 global_write.js
27/02/2008 17:56 13,094 indiv.wmv
27/02/2008 17:56 17,425 inet_manager.js
27/02/2008 17:56 17,542 iPlayer.ico
27/02/2008 17:56 25,214 iPlayer_old.ico
27/02/2008 17:56 17,542 iPlayer-uninst.ico
27/02/2008 17:56 20,629 kdx.js
27/02/2008 17:56 19,090 kdx_init.js
27/02/2008 17:56 9,672 kdx_util.js
27/02/2008 17:56 6,237 LicenceDelivery.wsdl
27/02/2008 17:56 118 link_highlighter00.css
27/02/2008 17:56 118 link_highlighter01.css
27/02/2008 17:56 118 link_highlighter02.css
27/02/2008 17:56 118 link_highlighter03.css
27/02/2008 17:56 124 link_highlighter04.css
27/02/2008 17:56 124 link_highlighter05.css
27/02/2008 17:56 124 link_highlighter06.css
27/02/2008 17:56 124 link_highlighter07.css
27/02/2008 17:56 124 link_highlighter08.css
27/02/2008 17:56 124 link_highlighter09.css
27/02/2008 17:56 124 link_highlighter10.css
27/02/2008 17:56 124 link_highlighter11.css
27/02/2008 17:56 1,308 logger.css
27/02/2008 17:56 16,171 logger.html
27/02/2008 17:56 7,745 logger.js
27/02/2008 17:56 122 logger_slide_close.png
27/02/2008 17:56 130 logger_slide_open.png
27/02/2008 17:56 171 low_graphics.css
27/02/2008 17:56 57 page_font_arial.css
27/02/2008 17:56 64 page_font_courier.css
27/02/2008 17:56 62 page_font_times.css
27/02/2008 17:56 65 page_font_verdana.css
27/02/2008 17:56 888 pause.gif
27/02/2008 17:56 898 play.gif
27/02/2008 17:56 913 restart.gif
27/02/2008 17:56 4,491 RevokedEnquiryService.wsdl
27/02/2008 17:56 12,845 settings.html
27/02/2008 17:56 5,112 settings_control.js
27/02/2008 17:56 1,914 settings_control-slider.js
27/02/2008 17:56 5,818 settings_core.css
27/02/2008 17:56 2,417 settings_core.js
27/02/2008 17:56 9,397 settings_core-pin.js
27/02/2008 17:56 2,313 settings_write.js
27/02/2008 17:56 935 subtitles.gif
27/02/2008 17:56 75 text_size01.css
27/02/2008 17:56 77 text_size02.css
27/02/2008 17:56 75 text_size03.css
27/02/2008 17:56 76 text_size04.css
27/02/2008 17:56 76 text_size05.css
27/02/2008 17:56 76 text_size06.css
27/02/2008 17:56 75 text_size11.css
27/02/2008 17:56 75 text_size12.css
27/02/2008 17:56 228 text_spacing01.css
27/02/2008 17:56 228 text_spacing02.css
27/02/2008 17:56 228 text_spacing03.css
27/02/2008 17:56 937 tray.gif
27/02/2008 17:56 17,542 tray0.ico
27/02/2008 17:56 2,862 tray1.ico
27/02/2008 17:56 2,862 tray2.ico
27/02/2008 17:56 97,566 tvtest.ico
27/02/2008 17:56 835 vol_down.gif
27/02/2008 17:56 879 vol_up.gif
27/02/2008 17:56 149 wm_launch.gif
27/02/2008 17:56 14,168 wmrm.js
27/02/2008 17:56 10,470 wmrr.js
237 File(s) 3,511,279 bytes

Total Files Listed:
245 File(s) 7,771,662 bytes
8 Dir(s) 15,737,323,520 bytes free
Volume in drive C is MF20G-4
Volume Serial Number is A8E5-E897

Directory of C:\program files\ewido

24/10/2005 09:57 <DIR> .
24/10/2005 09:57 <DIR> ..
24/10/2005 09:57 <DIR> security suite
0 File(s) 0 bytes

Directory of C:\program files\ewido\security suite

24/10/2005 09:57 <DIR> .
24/10/2005 09:57 <DIR> ..
12/11/2004 00:53 16,448 ewidoctrl.exe
30/09/2004 13:21 39,488 shellhook.dll
21/05/2005 17:13 69,632 context.dll
16/09/2005 21:31 24,640 l1ang.dll9
4 File(s) 150,208 bytes

Total Files Listed:
4 File(s) 150,208 bytes
5 Dir(s) 15,737,323,520 bytes free

The operation completed successfully
Volume in drive C is MF20G-4
Volume Serial Number is A8E5-E897
Volume in drive C is MF20G-4
Volume Serial Number is A8E5-E897

Directory of C:\program files\ewido

24/10/2005 09:57 <DIR> .
24/10/2005 09:57 <DIR> ..
24/10/2005 09:57 <DIR> security suite
0 File(s) 0 bytes

Directory of C:\program files\ewido\security suite

24/10/2005 09:57 <DIR> .
24/10/2005 09:57 <DIR> ..
12/11/2004 00:53 16,448 ewidoctrl.exe
30/09/2004 13:21 39,488 shellhook.dll
21/05/2005 17:13 69,632 context.dll
16/09/2005 21:31 24,640 l1ang.dll9
4 File(s) 150,208 bytes

Total Files Listed:
4 File(s) 150,208 bytes
5 Dir(s) 15,736,242,176 bytes free


Malwarebytes' Anti-Malware 1.43
Database version: 3486
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

03/01/2010 16:06:48
mbam-log-2010-01-03 (16-06-48).txt

Scan type: Quick Scan
Objects scanned: 119958
Time elapsed: 17 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.43
Database version: 3486
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

03/01/2010 14:26:40
mbam-log-2010-01-03 (14-26-39).txt

Scan type: Quick Scan
Objects scanned: 119789
Time elapsed: 40 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 22
Files Infected: 418

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaLoads (Adware.Medload) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uvc7jk640c (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wab (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Ronnie\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Loader\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Updater\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\spool\prtprocs\w32x86\00002941.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\00006683.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ronnie\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.