Posts by kevin wood

the log is going of the page again i will post this in the hope it goes to a new page.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ae5b2c8-22ca-420c-b799-a1a506d436be}]
C:\WINDOWS\System32\iifdcYst.dll


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Begone"="C:\spywarebegone\SpywareBeGone.exe" [2006-12-07 08:20 3712512]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-05-12 16:22 249856]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 13:12 473928]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50 155648]
"Miramar Systems, Inc."="C:\Program Files\Miramar\PC MACLAN\atmsg.exe" [2003-05-30 15:14 290816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 09:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-05-10 17:04 11776]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 03:24 184320]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-05 14:08 385024]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-02-06 18:47 1036640]
"iKnowPS"="C:\Program Files\iKnowPS\iKnowPS.exe" [2005-11-24 22:12 114688]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]


C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2001-04-07 09:25:17 110592]


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 05:37:56 217194]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2001-04-07 09:25:17 110592]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-04-07 01:14:32 335872]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MSUD"= msulvc06.dll
"VIDC.LAGS"= lagarith.dll


[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^TomTom HOME.lnk]
backup=C:\WINDOWS\pss\TomTom HOME.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 19:05 257088 C:\Program Files\iTunes\iTunesHelper.exe


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=


R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 atalk;Miramar AppleTalk Protocol;C:\WINDOWS\system32\DRIVERS\atalk.sys [2003-05-30 15:11]
R2 atfsd;Miramar AppleTalk File System Client;C:\WINDOWS\system32\DRIVERS\atfsd.sys [2003-05-30 15:17]
R2 Miramar AppleTalk File Server;Miramar AppleTalk File Server;C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE [2003-05-30 14:57]
R2 Miramar AppleTalk Print Server;Miramar AppleTalk Print Server;C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE [2003-05-30 15:05]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 22:59]
S2 ATMsg;AppleTalk Messenger;C:\Program …

why is this log so long i am not even half way through it yet. i will miss the rest of this out and jusy post the end if you need this part i will email it to you if you like.

+ 2002-08-29 02:40:56 598,071 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpmmc.dll
+ 2002-05-14 17:16:22 208,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpmmcsat.dll
+ 2002-08-29 02:41:24 20,538 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpremadm.exe
+ 2002-08-29 02:41:24 28,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpsrvadm.exe
+ 2002-08-29 02:40:44 8,832 -c----w C:\WINDOWS\$NtServicePackUninstall$\framebuf.dll
+ 2001-08-23 12:00:00 174,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\framedyn.dll
+ 2002-08-29 02:41:24 40,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\ftp.exe
+ 2001-08-23 12:00:00 5,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\ftpmib.dll
+ 2002-08-29 02:40:56 117,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\ftpsv251.dll
+ 2002-08-29 02:40:56 443,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsapi.dll
+ 2002-08-29 02:41:24 130,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsclnt.exe
+ 2001-08-23 12:00:00 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscom.dll
+ 2002-08-29 02:40:56 271,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscomex.dll
+ 2002-08-29 02:41:24 216,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscover.exe
+ 2002-08-29 02:40:56 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsdrv.dll
+ 2001-08-23 12:00:00 53,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsevent.dll
+ 2002-08-29 02:40:56 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsext32.dll
+ 2001-08-23 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsmon.dll
+ 2002-08-29 02:40:56 122,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsocm.dll
+ 2002-08-29 02:40:56 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsperf.dll
+ 2002-08-29 02:39:56 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsres.dll
+ 2002-08-29 02:40:56 559,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsst.dll
+ 2002-08-29 02:41:24 250,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe
+ 2002-08-29 02:40:56 236,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxst30.dll
+ 2002-08-29 02:40:56 391,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxstiff.dll
+ 2002-08-29 02:40:56 149,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsui.dll
+ 2002-08-29 02:40:56 185,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxswzrd.dll
+ 2002-08-29 02:40:56 395,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsxp32.dll
+ 2002-08-29 00:32:44 9,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\gameenum.sys
+ 2002-08-29 00:32:48 54,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\gckernel.sys
+ 2006-01-02 22:38:03 260,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\gdi32.dll
+ 2001-08-23 12:00:00 116,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\glu32.dll
+ 2001-08-23 12:00:00 488,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\gpedit.dll
+ 2001-08-23 12:00:00 9,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\gpkrsrc.dll
+ 2002-08-29 02:41:24 113,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\gpresult.exe
+ 2002-08-29 02:41:24 113,152 -c----w …

+ 2004-12-07 17:43:02 143,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdfview.dll
+ 2002-08-29 02:40:50 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdm.dll
+ 2005-09-10 02:04:32 2,025,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdosys.dll
+ 2002-08-29 00:27:56 47,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
+ 2002-08-29 02:40:50 186,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\certcli.dll
+ 2001-08-23 12:00:00 436,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\certmgr.dll
+ 2002-08-29 02:40:50 179,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\cewmdm.dll
+ 2002-08-29 02:40:50 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgbkend.dll
+ 2001-08-23 12:00:00 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgmgr32.dll
+ 2002-08-29 02:41:20 188,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe
+ 2002-08-29 02:40:50 1,267,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\cimwin32.dll
+ 2002-08-28 20:39:42 201,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\cintime.dll
+ 2002-08-28 20:39:44 480,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\cintsetp.exe
+ 2006-06-22 05:19:48 64,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\ciodm.dll
+ 2001-08-23 12:00:00 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\cipher.exe
+ 2001-08-23 12:00:00 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe
+ 2002-08-29 01:08:44 46,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys
+ 2005-07-26 04:30:38 110,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll
+ 2005-07-26 04:30:41 497,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll
+ 2001-08-23 12:00:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe
+ 2001-08-23 12:00:00 127,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.dll
+ 2001-08-23 12:00:00 45,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe
+ 2002-08-29 02:41:20 98,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe
+ 2001-08-23 12:00:00 30,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe
+ 2002-08-29 02:40:50 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\clusapi.dll
+ 2002-08-29 00:09:06 13,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmbatt.sys
+ 2001-08-23 12:00:00 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmcfg32.dll
+ 2001-08-23 12:00:00 375,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
+ 2004-03-30 01:48:36 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdevtgprov.dll
+ 2002-08-29 02:40:50 324,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdial32.dll
+ 2002-08-29 02:41:22 41,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe
+ 2001-08-23 12:00:00 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe
+ 2001-08-23 12:00:00 174,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmprops.dll
+ 2001-08-23 12:00:00 54,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmstp.exe
+ 2001-08-23 12:00:00 36,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmutil.dll
+ 2001-08-23 12:00:00 45,568 -c----w …

((((((((((((((((((((((((((((( snapshot@2008-06-25_10.50.04.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-08-29 00:33:20 50,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\1394bus.sys
+ 2002-08-29 00:33:22 46,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\61883.sys
+ 2006-08-16 12:14:23 95,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\6to4svc.dll
+ 2001-08-23 12:00:00 179,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe
+ 2002-08-29 02:40:48 1,818,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\acgenral.dll
+ 2002-08-29 02:40:48 406,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclayers.dll
+ 2002-08-29 02:40:48 125,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclua.dll
+ 2001-08-23 12:00:00 107,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclui.dll
+ 2002-08-29 00:09:06 179,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
+ 2002-08-29 02:40:48 219,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\acspecfc.dll
+ 2001-08-23 12:00:00 181,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\activeds.dll
+ 2001-08-23 12:00:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\actmovie.exe
+ 2002-08-29 06:14:40 98,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\actxprxy.dll
+ 2002-08-29 02:40:48 255,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\acverfyr.dll
+ 2002-08-29 02:40:48 107,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\acxtrnal.dll
+ 2001-08-23 12:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\admexs.dll
+ 2002-08-29 02:40:48 20,540 -c----w C:\WINDOWS\$NtServicePackUninstall$\admin.dll
+ 2002-08-29 02:41:20 16,439 -c----w C:\WINDOWS\$NtServicePackUninstall$\admin.exe
+ 2001-08-23 12:00:00 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\admparse.dll
+ 2001-08-23 12:00:00 34,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\admwprox.dll
+ 2002-08-29 02:40:48 249,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsiis51.dll
+ 2002-08-29 02:40:48 162,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsldp.dll
+ 2002-08-29 02:40:48 139,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsldpc.dll
+ 2002-08-29 02:40:48 62,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsmsext.dll
+ 2002-08-29 02:40:48 239,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsnt.dll
+ 2002-08-29 02:40:48 558,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\advapi32.dll
+ 2002-08-29 02:40:48 91,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\advpack.dll
+ 2002-08-28 22:16:38 142,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\aec.sys
+ 2002-08-29 01:01:14 131,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\afd.sys
+ 2001-08-23 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentanm.dll
+ 2001-08-23 12:00:00 204,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentctl.dll
+ 2001-08-23 12:00:00 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentdp2.dll
+ 2001-08-23 12:00:00 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentmpx.dll
+ 2001-08-23 12:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentpsh.dll
+ 2001-08-23 12:00:00 39,936 -c----w …

ComboFix 08-06-20.4 - Admin 2008-06-27 10:44:55.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.431 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMbf924418.xml
C:\WINDOWS\pskt.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-27 10:16 . 2008-06-13 14:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-27 10:09 . 2008-06-27 10:18 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-27 09:39 . 2004-08-04 08:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-27 09:37 . 2008-06-27 09:37 <DIR> d-------- C:\WINDOWS\provisioning
2008-06-27 09:37 . 2008-06-27 09:37 <DIR> d-------- C:\WINDOWS\peernet
2008-06-26 16:47 . 2004-08-04 06:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-06-26 16:46 . 2004-08-04 08:56 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-06-26 16:45 . 2004-08-04 08:56 380,416 --------- C:\WINDOWS\system32\irprops.cpl
2008-06-26 16:44 . 2004-08-04 06:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-06-26 16:43 . 2004-08-04 08:56 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-06-26 16:42 . 2004-08-04 08:56 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-06-26 16:27 . 2005-10-20 23:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-06-26 15:35 . 2008-06-27 10:37 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-26 15:35 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-26 14:41 . 2008-06-26 14:41 13,646 --a------ C:\WINDOWS\system32\wpa.bak
…

the combofix log is massive it keeps messing up the post that i put up i will email this to you.

ComboFif log

ComboFix 08-06-20.4 - Admin 2008-06-27 10:44:55.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.431 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMbf924418.xml
C:\WINDOWS\pskt.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-27 10:16 . 2008-06-13 14:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-27 10:09 . 2008-06-27 10:18 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-27 09:39 . 2004-08-04 08:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-27 09:37 . 2008-06-27 09:37 <DIR> d-------- C:\WINDOWS\provisioning
2008-06-27 09:37 . 2008-06-27 09:37 <DIR> d-------- C:\WINDOWS\peernet
2008-06-26 16:47 . 2004-08-04 06:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-06-26 16:46 . 2004-08-04 08:56 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-06-26 16:45 . 2004-08-04 08:56 380,416 --------- C:\WINDOWS\system32\irprops.cpl
2008-06-26 16:44 . 2004-08-04 06:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-06-26 16:43 . 2004-08-04 08:56 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-06-26 16:42 . 2004-08-04 08:56 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-06-26 16:27 . 2005-10-20 23:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-06-26 15:35 . 2008-06-27 10:37 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-26 15:35 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-26 14:41 . 2008-06-26 14:41 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-06-26 14:35 …

just ran a Malwarebytes scan and this is the log for that

Malwarebytes' Anti-Malware 1.18
Database version: 890

15:35:48 26/06/2008
mbam-log-6-26-2008 (15-35-48).txt

Scan type: Quick Scan
Objects scanned: 40271
Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

the latest log from hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:37, on 26/06/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iKnowPS\iKnowPS.exe
C:\spywarebegone\SpywareBeGone.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0ae5b2c8-22ca-420c-b799-a1a506d436be} - C:\WINDOWS\System32\iifdcYst.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - …

this msnlive.exe was not present on my system but this one prtthtty.dll was which i have deleted in safe mode it has now gone i will run hijackthis again now and post the log on here.

My comp is running the same as usual not errors or anything have came up as of yet anyway.

thanks for all your help.

here is the log after the service pack was installed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:16, on 26/06/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iKnowPS\iKnowPS.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\spywarebegone\SpywareBeGone.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0ae5b2c8-22ca-420c-b799-a1a506d436be} - C:\WINDOWS\System32\iifdcYst.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - …

here is the new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:49, on 25/06/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iKnowPS\iKnowPS.exe
C:\spywarebegone\SpywareBeGone.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Admin\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0ae5b2c8-22ca-420c-b799-a1a506d436be} - C:\WINDOWS\System32\iifdcYst.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} …

thanks for the reply i have just ran the malwarebytes program (might have got the name wrong) here is the log

Malwarebytes' Anti-Malware 1.18
Database version: 890

14:08:03 25/06/2008
mbam-log-6-25-2008 (14-08-03).txt

Scan type: Quick Scan
Objects scanned: 41238
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\wiftkrnd.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SystemErrorFixerDownloader (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bca17784 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMbf924418 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\wiftkrnd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dnrktfiw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Evil3 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\waxd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fxsyphxi.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Logfile of HijackThis v1.99.1
Scan saved at 10:52:34, on 25/06/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0ae5b2c8-22ca-420c-b799-a1a506d436be} - C:\WINDOWS\System32\iifdcYst.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {6b5d5ffc-a693-31c9-f4b4-c7122db69ba7} - {7ab96bd2-217c-4b4f-9c13-396acff5d5b6} - C:\WINDOWS\System32\prtthtty.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe …

ComboFix 08-06-20.4 - Admin 2008-06-25 10:37:52.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.0.1252.1.1033.18.448 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.


C:\WINDOWS\BMbf924418.xml
C:\WINDOWS\pskt.ini
.
---- Previous Run -------
.
C:\WINDOWS\BMbf924418.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AcLlonpo.ini
C:\WINDOWS\system32\AcLlonpo.ini2
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\dnrktfiw.ini
C:\WINDOWS\system32\dnrktfiw.ini2
C:\WINDOWS\system32\dnrktfiw.tmp
C:\WINDOWS\system32\fokrilaq.ini
C:\WINDOWS\system32\gumqlcsq.ini
C:\WINDOWS\system32\hghtxiqr.ini
C:\WINDOWS\system32\hRCLlnpo.ini
C:\WINDOWS\system32\hRCLlnpo.ini2
C:\WINDOWS\system32\ikjmnqss.ini
C:\WINDOWS\system32\ikjmnqss.ini2
C:\WINDOWS\system32\iqpxjghu.ini
C:\WINDOWS\system32\joxwwsmd.ini
C:\WINDOWS\system32\kbxwdlnu.ini
C:\WINDOWS\system32\lbneltfk.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opnlLCRh.dll
C:\WINDOWS\system32\rvemwtca.ini
C:\WINDOWS\system32\tsYcdfii.ini
C:\WINDOWS\system32\tsYcdfii.ini2
C:\WINDOWS\system32\uxrorshk.ini
C:\WINDOWS\system32\uyainuly.ini
C:\WINDOWS\system32\wjoclcbp.ini
C:\WINDOWS\system32\xsnnnduj.ini


.
(((((((((((((((((((((((((   Files Created from 2008-05-25 to 2008-06-25  )))))))))))))))))))))))))))))))
.


2008-06-25 10:07 . 2008-06-25 10:07 294 ---hs----   C:\WINDOWS\system32\dnrktfiw.ini
2008-06-24 16:06 . 2008-06-24 16:06 <DIR>    d--------   C:\WINDOWS\ERUNT
2008-06-24 15:58 . 2008-06-24 17:23 <DIR>    d--------   C:\SDFix
2008-06-24 15:36 . 2008-06-24 15:36 105,472 --a------   C:\WINDOWS\system32\prtthtty.dll
2008-06-24 15:33 . 2008-06-24 15:33 81,920  --a------   C:\WINDOWS\system32\wiftkrnd.dll
2008-06-24 15:28 . 2008-06-24 15:28 91,136  --a------   C:\WINDOWS\system32\fxsyphxi.dll
2008-06-24 15:07 . 2008-06-24 15:07 <DIR>    d--------   C:\TEMP\PendMoves
2008-06-24 14:17 . 2008-06-24 14:18 <DIR>    d--------   C:\TEMP\ListDLLS
2008-06-24 14:13 . 2008-06-24 14:13 <DIR>    d--------   C:\Program Files\Common Files\PC Tools
2008-06-24 14:13 . 2008-06-24 14:13 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-24 14:13 . 2008-06-02 15:19 159,880 --a------   C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-24 10:56 . 2008-06-24 10:57 <DIR>    d--------   C:\Program Files\iKnowPS
2008-06-24 10:02 . 2008-06-24 10:19 <DIR>    d--------   C:\spywarebegone
2008-06-24 10:02 . 2008-06-24 10:02 724,992 --a------   C:\WINDOWS\iun6002.exe
2008-06-24 10:02 . 2008-06-24 10:02 170 --a------   C:\WINDOWS\spywarebegone-fullversion-installed.html
2008-06-24 09:42 . 2008-06-24 09:58 <DIR>    d--------   C:\Program Files\SpyZooka
2008-06-24 09:40 . 2008-06-24 09:40 <DIR>    d--------   C:\Program Files\Common Files\Download Manager
2008-06-23 16:34 . 2008-06-23 16:34 81,408  --a------   C:\WINDOWS\system32\kftlenbl.dll
2008-06-23 16:33 . 2008-06-23 16:33 105,984 --a------ …

SDFix: Version 1.196
Run by Admin on 24/06/2008 at 16:28

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
d130fa0b

Path :
\SystemRoot\System32\drivers\d130fa0b.sys

d130fa0b - Deleted

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\geBtSJyy.dll - Deleted
C:\WINDOWS\system32\geBtSJyy.dll - Deleted
C:\WINDOWS\system32\jkcom32.dll - Deleted
C:\WINDOWS\system32\jzcom32.dll - Deleted
C:\WINDOWS\system32\sklh.dat - Deleted
C:\WINDOWS\system32\drivers\d130fa0b.sys - Deleted

Removing Temp Files

ADS Check :

C:\WINDOWS
:AFP_AfpInfo 60
Total size: 60 bytes.
WINDOWS: deleted 60 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS
No streams found.

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 17:13:04
Windows 5.1.2600 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="ywypcmma.dll prtthtty.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

C:\Documents and Settings\Admin\ntuser.dat:AFP_AfpInfo 60 bytes hidden from API
C:\Documents and Settings\Admin\ntuser.dat.LOG:AFP_AfpInfo 60 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2

Remaining Services :

Authorized Application Key Export:

Remaining Files :

File Backups: …

look at next post sorry.

I have ran Hijackthis, SDfix and Combofix. i now need someone to help with getting rid of the rest of the viruses infecting the computer. I will post all the report logs as replies to the thread any help is needed greatly i do not understand what the logs are telling me.

Peter_budo thanks for that link that will work for what i need. i will have a play around with that and see what different results i can get. it will look good if it wil work with animated gifs for the roll-over. if it works i want the image that shows up to expand then go to the size i want it to after the expansion.

the only way i can think of explaining myself properly is like and elastic band once stretched it goes back to it original size which is what i want my images to do on the roll-over. if that dont work i will just use flash to get the effect i want. but that will have to work on a button click unless i can get it to work with the roll-over.

i though the that the dani pop ups where with done using some ajax techniques as i now this is possible to do with this. I think i read that somewhere anyway.

this is just testing the ground stages for a new website i may still go down the php route yet just working out which will be easier to complete with the best look.

could you post a link for the php for doing this?

thanks for the flash actionScript going to test now.

anyone know where to get the code for a flash rollover for an image to display.

i have been looking around the web to find a site which has a good tutorial to show how to get the effect

when a user rolls over a link or image on a site another image pops up next to the link displaying an image

i know i am working on a website someone else has built and i need to know all everything about the tables he has created. he made the tables then deleted the code so it is not available to me to update the site

i have found this code and would like to know how i can get the column titles to show up at the top of the page.

$result = mysql_query( "SELECT * FROM merc_users" ) 
or die("SELECT Error: ".mysql_error()); 
$num_rows = mysql_num_rows($result); 
print "There are $num_rows records.<P>"; 
print "<table width=1000 height=400 border=1>\n"; 
while ($get_info = mysql_fetch_row($result)){ 
print "<tr>\n"; 
foreach ($get_info as $field) 
print "\t<td><font face=arial size=2/>$field</font></td>\n"; 
print "</tr>\n"; 
} 
print "</table>\n";

this code simply just prints out all the data without the titles to the columns

i am trying to resize a button using the following code and it has had no effect on the button it has remained the same size.

<button style="width:126" style="height:29" onclick="history.go(0)" ><img src="admin/images/reset_btn.gif" /></button>

that code is still opening a new window. it resets the first page but still opens a new window. also can i put a width on the button as the background button is bigger than the image i am putting over the top of it.

i have set up a page with some button on which load different pages up. the buttons are held within a form and the target is set to blank. this part is fine for the first set of buttons but i need one of them to reload the page but stay in the same window. the code that is getting used at the minute looks like this

<input name="reset" type="image" onclick="broad.php" src="admin/images/reset_btn.gif" /> // this is the button i need to refresh the page in same window

<form id="buttons" method="post" enctype="multipart/form-data" action="<?php echo $PHP_SELF; ?>" target="_blank"> // the code for the form

function changeAction(ins)
{var form1 = document.getElementById('buttons');
if(ins==0)
form1.action = "broad_prev.php";
if(ins==1)
form1.action = "broad_send.php";
if(ins==2)
form1.action = "broad.php" ;
form1.submit();
}

is it possible to get the button to refresh the page without opening a new window?

$sent_mail is assigned a value from a mysql db here is the code

$query = "SELECT sent_messages FROM email_count"or die(mysql_error());
$results = mysql_query($query);
$arr = mysql_fetch_array($results);
$sent_mail = $arr[0];

$time_diff = time() - $sent;

$time_diff = intval($time_diff / 60);

if($sent_mail < 30) {

// in here is a page built will php which contains its own if statements

}elseif ($time_dif >= 1) {

mysql_query("Truncate table time");
mysql_query("Truncate table email_count");
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=maillists.php">'; //should load page user wanted to go to.
}
else{
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=limit.php">'; //redierct user when they can't send any more emails.
}

i want the code to check if the messages sent is greater than 30 if it is not it displays the code from the page. this part works fine.

the elseif statement should check if the time passed is greater than 1 minute since last message sent then it should truncate the tables and display the page stated which is the page that the code is on.

if the messages sent is less than 30 and i wait 5 minutes it still sends me to the limit.php page how can i get it to load the page the code is held on if the time passed is greater than 1 minute.

if you need to look at anymore of my code please ask and i will upload it.

the end code look like this

$query = "SELECT sent_messages FROM email_count"or die(mysql_error());
$results = mysql_query($query);
$arr = mysql_fetch_array($results);
$sent_mail = $arr[0];

thanks for the reply though

yes sorry i worke it out before then got distracted with something else here is the code that i ended up with.

mysql_query("UPDATE email_count SET sent_messages = sent_messages + $i")

i have not got the where clause in there as this is the only data inside the table.

thanks again for your reply you is always very helpful.

is it possible to add a number to a number that is stored in mysql db without extracting the stored number first.

i have a count and i am updating the count periodically but i would like to know if i can update the count while it is in side the table still.

i am not asking about how to update a field completely but to just add the new value to the already stored number.

i got the code working using this

$query = "SELECT sent_messages FROM email_count"or die(mysql_error());
$results = mysql_query($query);
$arr = mysql_fetch_array($results);
$sent_mail = $arr[0];

i have created a table to store the number of a count which i need for some subtraction at a later date. when i try to get the information out of the table instead of getting the number 5 i am getting resource id # 5.

the table has been set up like this

$sql="CREATE TABLE IF NOT EXISTS `email_count` (
			
			`id` INT NOT NULL AUTO_INCREMENT,
			`sent_messages` INT not null,
			primary key (id)
		)";
		mysql_query($sql) or die (mysql_error());

selecting the information out of the table looks like this

$query = "SELECT sent_messages FROM email_count";
$result=mysql_query($query)or die(mysql_error());
$sent_mail = $results;

how can i get it to just display the number?

that looks like it has done the trick thanks for the reply. just having a bit of a problem with the sql i am adding to it.

is it correct and this is why i get no reply. or is no one playing out?

after i have run my query on a mysql db how can i set the result to equal a variable that i will use later on in the page.

i have set the query up like this

<?php
$rand = rand (0, 100);	
$query = "SELECT broad1 FROM images_broad";
$result=mysql_query($query);

while($row=mysql_fetch_array($result, MYSQL_ASSOC)){
$send_mail =$row['broad1'];
}
		     
?>

i dont think the last line is correct though. could anyone please help.

no it is not.

has anyone ever written a piece of code like this before? probably people have just not the ones looking at this.

just to clarify my problem.

i need to be able to stop the emails being sent out when the counter reaches 200. there is already a count set up so that it counts the number of emails sent out, so i need to put some sort of an if statement in to stop it from sending the mail.

everything i have tried has failed.

the code above didnt do all i needed so i have been away working on the solution still not sure if i have it tho.

my code now looks like this

$merc_list = explode(",",$merc_mailingList);

if ($send_mail < 200) {

// deploy the emails
for($i=0; $i<count($merc_list); $i++){

// email message body

$send_mail = $send_mail + $i
	} // END for
	} // END if
	else {
	include ("limit.php");
	} // END else

is the code i have used valid

i have created an email distribution system for creating and sending out newsletters. i want to be able to limit the user to only be able to send out 200 emails per day. the reason for this is the highest number of emails some servers will allow to be sent each day is 200.

also to try and stop this from being used for spamming.

is this possible to do?

if ($sent_mail <= 200 ($limit))
{
// construct mailing list array
$merc_list = explode(",",$merc_mailingList);

// deploy the emails
for($i=0; $i<count($merc_list); $i++){

// email body inside here

} // END for
$sent_mail = $sent_mail + $i;
} // END if condition
	
else{
include("limit.php");
}

i need to write a piece of code so that when the counter reaches 500 hundred the user is directed to a limit hit page. or if it is under 500 hundred it directs the user to the page they wanted to go to. i have used if statement to ech thing out before but in need it to either direct or redirect the user.

if anyone knows were there is a tutorial on this then please post it here.

i sorted this out with a bigger iframe. still not sorted out the problem with the border tho.

anyone no of a good tutorial which will help me stop using iframes as ie does not like them (or much else).

i have created a web page which uses iframes to display data and display the titles on my website. the problem that i am having is that in ie6 is is displaying borders and the titles are being displayed properly.

if i want the titles displayed properly then i need to change the size of the iframe which then puts it out in all other browsers.

what is an alternative to an iframe. the titles and content of the page change as the buttons click is this still possible to achieve without the use of iframes.

is it possible to only truncate one row from a table or can this only be done with the whole table.

thanks for the reply i ended up appeding a random number on the end of the file for display only. the code i used to accomplish this was something like this i will put the proper code up on monday.

$broad_img1='<img src="' . $path."/".$image_path."?".$rand .'" />';

as the number was not getting stored with the file anymore i just used if file exists function to retrieve the file before the random number was added.

it is all working. yay

sorry for wrecking your head it is all the same code that is why i posted twice. i was showing the lines of code as i talked about them but didnt put them in the correct order. when i put the post up and looked at it i realised it didnt look right. i put it up in full so it could be read through more easily.

all the code together looks like this

$query = "SELECT broad1 FROM images_broad";
$result=mysql_query($query);

while($row=mysql_fetch_array($result)){
$image_path="{$row['broad1']}";
}

$path= 'http://www.acmeart.co.uk/mercury';
$broad_img1='<img src="' . $path."/".$image_path .'" />';

to display the image inside the body of the email i have used this code

' . $broad_img1 .'

i know this works as i have had images showing up but had to change the code because of images being cached.

i have created this piece of code to retrieve the path to a file from a mysql db, the file exists and can be displayed directly from the sql query. the code looks like this

$query = "SELECT broad1 FROM images_broad";
$result=mysql_query($query);

while($row=mysql_fetch_array($result)){
$image_path="{$row['broad1']}";
}

i now want to display this image inside an email. so the next part of the code use a variable to hold the first part of the path as only the relative path is stored in the db. they are the appended together to give the absolute path of the image to be displayed. the code looks like this

$path= 'http://www.acmeart.co.uk/mercury';
$broad_img1='<img src="' . $path."/".$image_path .'" />';

when the source code of the email is viewed on the $path is showing in the source, would the $image_path still hold a value inside.