zedg

Hi, Yesterday i did a full scan, which in turn found 2 threats. PUP.CNET.Adware.Bundle C:\System Volume Information\_restore{....... Trojan.Patched C:\WINDOWS\system32\drivers\cdrom.sys I chose to remove/Quarantine them (Which i can see within Quarantine). The problem i now have is that both my dvd drives (D: & E:) are no longer appearing within My Computer. Any help in how i can get these back?! ps. Also, i have done a full scan again today and MB comes up with no detections. HOWEVER, during the process of scanning my system with MB, Avira pops up with messages (Detections of 4 TR/Crypt.XPACK.Gen8 found at C:\System Volume Information\_restore{....). Is this something that i can only get Avira to help me with? Any help is much appreciated! I posted in the Avira forum, but was told to get a solution here, so i will add some extra info.. I did a full Avira scan, and it found some things. I deleted them from Quarantine. I then did a scan with MB, which did not find any detections, however during the scanning process, Avira popped up with 2 messages, and i can now see 5 detections within Avira Quarantine. TR/Crypt.XPACK.Gen8 ..Source: C:\System Volume Information\_restore{B7...\A0172139.sys TR/Crypt.XPACK.Gen8 ..Source: C:\System Volume Information\_restore{B7...\A0173282.sys TR/Crypt.XPACK.Gen8 ..Source: C:\System Volume Information\_restore{B7...\A0173256.sys TR/Crypt.XPACK.Gen8 ..Source: C:\System Volume Information\_restore{B7...\A0171880.sys EXP/2010-0840.CH ..Source: C:\Documents & Settings\...App. Data\Sun\Java\Deployment\cache\6.0\14\7b3...... Any help with what my next step should be to remove these, together with the first issue noted would be much appreciated! (Windows XP SP3)

JavaRa 1.14 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Jun 02 14:28:04 2009 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\JavaPlugin.150_10 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: Software\Classes\JavaPlugin.160_01 Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} ------------------------------------ Finished reporting. Malwarebytes' Anti-Malware 1.37 Database version: 2211 Windows 5.1.2600 Service Pack 3 2/06/2009 2:39:06 PM mbam-log-2009-06-02 (14-39-06).txt Scan type: Quick Scan Objects scanned: 118064 Time elapsed: 4 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Thanks so much for your help with everything.. I find it quite amazing for you to take the time. The one thing i really Do Not want to do is Visit a Myspace page, however it would be comforting to know that if i did, Nothing Bad would happen as previously. I am thinkin that the previous Java versions were the culprit, but then again i really have no idea and i would assume that if and when you updated java, previous versions would get removed. Now i know. I would also like to finally use my CC online again, but i guess it is all safe now. So i have Avira, and MB which i update every day. I would be happy to purchase MB, however what is the difference with the free version? It would be good to have an all round all-in-one product for spam/virus/malware etc etc.. Does MB or Avira work for spam as well since i dont see any options there for it? What is the difference with the paid Avira also?.. or is that not necessarily recommended? I will update Java now and then see how everything goes during the week, which i will then do full scans to check. CHEERS, Neil.

O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF This is just a screensaver. It has an Active Desktop function (dont use.) DrWeb Log A0005568.reg;C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP15;Trojan.StartPage.1505;Deleted.; A0001629.reg;C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP5;Trojan.StartPage.1505;Deleted.; A0003293.bat;C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP7;Probably BATCH.Virus;Incurable.Moved.; A0003781.reg;C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP8;Trojan.StartPage.1505;Deleted.; FIND3M.bat;C:\Testing123;Probably BATCH.Virus;Incurable.Moved.; HiJackTHis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:13:19 PM, on 1/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Documents and Settings\Neil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\HJThis\TMH.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Neil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2DFA3F5C-C7D8-44C2-A420-EC11E00C3F28} (DLXControl Class) - http://healthcare.net-it.com/DisplayListX.CAB O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader2.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab O16 - DPF: {87C434E6-67DF-4D2C-9136-49E98C15FCD7} (BravaClientXView 6.0 Class) - http://sample.net-it.com/BravaClientX.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF -- End of file - 10540 bytes

Attach.zip DDS (Ver_09-05-14.01) - NTFSx86 Run by Neil at 14:48:53.57 on Mon 01/06/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03 Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2046.1457 [GMT 10:00] AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Documents and Settings\Neil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Neil\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com.au/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [Google Update] "c:\documents and settings\neil\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [updReg] c:\windows\UpdReg.EXE mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [tsnpstd3] c:\windows\tsnpstd3.exe mRun: [snpstd3] c:\windows\vsnpstd3.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab DPF: {2DFA3F5C-C7D8-44C2-A420-EC11E00C3F28} - hxxp://healthcare.net-it.com/DisplayListX.CAB DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader2.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab DPF: {87C434E6-67DF-4D2C-9136-49E98C15FCD7} - hxxp://sample.net-it.com/BravaClientX.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15034/CTPID.cab DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\neil\applic~1\mozilla\firefox\profiles\cxz8a061.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll FF - component: c:\program files\mozilla firefox\components\FFComm.dll FF - plugin: c:\documents and settings\neil\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll ============= SERVICES / DRIVERS =============== R0 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2006-10-19 14592] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-30 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-30 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-30 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-30 55640] S2 gcamlz;gcamlz;c:\windows\system32\drivers\ftxnf.sys --> c:\windows\system32\drivers\ftxnf.sys [?] =============== Created Last 30 ================ 2009-06-01 14:34 <DIR> --d----- C:\HJThis 2009-06-01 14:14 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-01 14:14 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-06-01 14:14 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-05-30 15:32 87,608 a------- c:\docume~1\neil\applic~1\inst.exe 2009-05-30 14:52 55,640 a------- c:\windows\system32\drivers\avgntflt.sys 2009-05-30 14:52 <DIR> --d----- c:\program files\Avira 2009-05-30 14:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira 2009-05-29 15:35 <DIR> -cd-h--- c:\windows\ie8 2009-05-29 15:33 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-05-29 01:16 132 a------- C:\httpdwl.dat 2009-05-29 01:05 <DIR> --d----- c:\windows\system32\wbem\Repository 2009-05-29 01:03 <DIR> --ds---- C:\Testing123 2009-05-29 00:25 154,624 a------- c:\windows\PEV.exe 2009-05-29 00:25 389,120 a------- c:\windows\system32\CF8229.exe 2009-05-27 19:19 <DIR> --dsh--- c:\documents and settings\neil\PrivacIE 2009-05-27 19:18 <DIR> --dsh--- c:\documents and settings\neil\IETldCache 2009-05-27 19:16 <DIR> --d----- c:\windows\ie8updates 2009-05-27 19:15 <DIR> -cd----- c:\windows\ie8(2) 2009-05-27 18:07 <DIR> --d----- c:\windows\system32\NtmsData 2009-05-27 16:09 389,120 a------- c:\windows\system32\CF22230.exe 2009-05-27 16:08 389,120 a------- c:\windows\system32\CF21883.exe 2009-05-26 20:23 449 a------- c:\windows\system32\BDUpdateV1.xml 2009-05-26 16:33 389,120 a------- c:\windows\system32\CF6884.exe 2009-05-25 20:03 121 a------- c:\windows\bdagent.INI 2009-05-24 21:33 81,984 a------- c:\windows\system32\bdod.bin 2009-05-24 21:25 850 a------- c:\windows\system32\ProductTweaks.xml 2009-05-24 21:25 385 a------- c:\windows\system32\user_gensett.xml 2009-05-24 21:22 <DIR> --d----- c:\program files\BitDefender 2009-05-24 21:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender 2009-05-24 21:20 <DIR> --d----- c:\program files\common files\BitDefender 2009-05-24 20:01 <DIR> a-dshr-- C:\cmdcons 2009-05-24 00:22 54,156 a---h--- c:\windows\QTFont.qfn 2009-05-24 00:22 1,409 a------- c:\windows\QTFont.for 2009-05-22 16:41 32 a--s---- c:\windows\system32\1827815544.dat 2009-05-20 14:26 <DIR> --d----- c:\program files\Acro Software 2009-05-19 22:20 <DIR> --d----- c:\program files\Trend Micro 2009-05-19 18:34 <DIR> --d----- c:\windows\system32\appmgmt 2009-05-19 14:34 <DIR> --d----- c:\docume~1\neil\applic~1\Malwarebytes 2009-05-19 14:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes ==================== Find3M ==================== 2009-05-30 15:32 47,360 a------- c:\docume~1\neil\applic~1\pcouffin.sys 2009-04-29 16:46 2,516 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys 2009-03-20 21:24 297 a--shr-- C:\BOOTFILE.DAT 2009-03-08 14:22 1,241,088 a------- c:\windows\system32\SETD9.tmp 2009-03-08 14:22 1,241,088 a------- c:\windows\system32\SET13F.tmp 2009-03-08 14:22 1,241,088 a------- c:\windows\system32\SET10C.tmp 2009-03-08 14:21 10,240 a------- c:\windows\system32\SETF1.tmp 2009-03-08 14:21 10,240 a------- c:\windows\system32\SET124.tmp 2009-03-08 14:21 10,240 -------- c:\windows\system32\SETC7.tmp 2009-03-08 14:09 391,536 a------- c:\windows\system32\SETD6.tmp 2009-03-08 14:09 391,536 a------- c:\windows\system32\SET13C.tmp 2009-03-08 14:09 391,536 a------- c:\windows\system32\SET109.tmp 2009-03-08 04:41 5,937,152 a------- c:\windows\system32\SETEB.tmp 2009-03-08 04:41 5,937,152 a------- c:\windows\system32\SET151.tmp 2009-03-08 04:41 5,937,152 a------- c:\windows\system32\SET11E.tmp 2009-03-08 04:39 11,063,808 a------- c:\windows\system32\SETD8.tmp 2009-03-08 04:39 11,063,808 a------- c:\windows\system32\SET13E.tmp 2009-03-08 04:39 11,063,808 a------- c:\windows\system32\SET10B.tmp 2009-03-08 04:35 385,024 a------- c:\windows\system32\SETFF.tmp 2009-03-08 04:35 385,024 a------- c:\windows\system32\SETCB.tmp 2009-03-08 04:35 385,024 a------- c:\windows\system32\SET132.tmp 2009-03-08 04:33 18,944 a------- c:\windows\system32\SETFC.tmp 2009-03-08 04:32 72,704 a------- c:\windows\system32\SETD7.tmp 2009-03-08 04:31 183,808 a------- c:\windows\system32\SETDA.tmp 2009-03-08 04:30 66,560 a------- c:\windows\system32\SETF5.tmp 2009-03-08 04:30 66,560 a------- c:\windows\system32\SET15B.tmp 2009-03-08 04:30 66,560 a------- c:\windows\system32\SET128.tmp 2009-03-08 04:22 164,352 a------- c:\windows\system32\SET144.tmp 2009-03-08 04:22 164,352 a------- c:\windows\system32\SET111.tmp 2009-03-08 04:22 164,352 -------- c:\windows\system32\SETDE.tmp 2009-03-08 04:22 156,160 a------- c:\windows\system32\SETEF.tmp 2009-03-08 04:22 156,160 a------- c:\windows\system32\SET155.tmp 2009-03-08 04:22 156,160 a------- c:\windows\system32\SET122.tmp 2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll 2009-03-08 04:15 57,667 a------- c:\windows\system32\SETDF.tmp 2009-03-08 04:15 57,667 a------- c:\windows\system32\SET145.tmp 2009-03-08 04:15 57,667 a------- c:\windows\system32\SET112.tmp 2009-03-08 04:11 445,952 a------- c:\windows\system32\SETD5.tmp 2009-03-08 04:11 445,952 a------- c:\windows\system32\SET13B.tmp 2009-03-08 04:11 445,952 a------- c:\windows\system32\SET108.tmp 2009-03-07 00:22 284,160 a------- c:\windows\system32\pdh.dll 2008-05-09 04:50 88 ---shr-- c:\docume~1\alluse~1\applic~1\D17D8E686B.sys 2007-12-09 20:55 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat 2007-01-22 19:08 848 a--sh--- c:\windows\system32\KGyGaAvL.sys 2008-09-23 12:16 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat ============= FINISH: 14:49:40.28 =============== Attach.zip

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:36:52 PM, on 1/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Documents and Settings\Neil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\HJThis\TMH.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Neil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2DFA3F5C-C7D8-44C2-A420-EC11E00C3F28} (DLXControl Class) - http://healthcare.net-it.com/DisplayListX.CAB O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader2.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab O16 - DPF: {87C434E6-67DF-4D2C-9136-49E98C15FCD7} (BravaClientXView 6.0 Class) - http://sample.net-it.com/BravaClientX.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\ComboFix\HIDEC.exe" "C:\ComboFix\SWREG.EXE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q (file missing) O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF -- End of file - 10811 bytes

Thanks so much for your help once again.. Sorry for the dealy as was out of town. Have uninstalled all AV software Mccafee BitDefender MB Spybot Installed Avira - updated. Full System Scan found SOB's see below: (ps. follow-on steps will be continued after this post..) Avira AntiVir Personal Report file date: Saturday, 30 May 2009 15:40 Scanning for 1440481 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : EDG Version information: BUILD.DAT : 9.0.0.394 17962 Bytes 17/04/2009 11:20:00 AVSCAN.EXE : 9.0.3.5 466689 Bytes 16/04/2009 23:57:30 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 01:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 02:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 01:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 03:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 11:33:26 ANTIVIR2.VDF : 7.1.4.38 2692096 Bytes 29/05/2009 04:58:33 ANTIVIR3.VDF : 7.1.4.39 2048 Bytes 29/05/2009 04:58:33 Engineversion : 8.2.0.180 AEVDF.DLL : 8.1.1.1 106868 Bytes 30/05/2009 04:59:06 AESCRIPT.DLL : 8.1.2.0 389497 Bytes 30/05/2009 04:59:04 AESCN.DLL : 8.1.2.3 127347 Bytes 30/05/2009 04:59:01 AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 09:24:41 AEPACK.DLL : 8.1.3.18 401783 Bytes 30/05/2009 04:59:00 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 11:01:56 AEHEUR.DLL : 8.1.0.129 1761655 Bytes 30/05/2009 04:58:55 AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 11:01:56 AEGEN.DLL : 8.1.1.44 348532 Bytes 30/05/2009 04:58:39 AEEMU.DLL : 8.1.0.9 393588 Bytes 9/10/2008 05:32:40 AECORE.DLL : 8.1.6.12 180599 Bytes 30/05/2009 04:58:36 AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2008 05:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 11/12/2008 23:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 5/12/2008 01:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 05:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 01:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 06:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 01:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 06:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 1/02/2009 23:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 01:32:10 RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 9/02/2009 02:45:45 RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 01:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL, Start of the scan: Saturday, 30 May 2009 15:40 Starting search for hidden objects. '86528' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'searchfilterhost.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'searchprotocolhost.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'searchindexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned Scan process 'inetinfo.exe' - '1' Module(s) have been scanned Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned Scan process 'vsnpstd3.exe' - '1' Module(s) have been scanned Scan process 'tsnpstd3.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'ipoint.exe' - '1' Module(s) have been scanned Scan process 'itype.exe' - '1' Module(s) have been scanned Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'WgaTray.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 44 processes with 44 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '63' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Program Files\BitComet\fav\ad\previewwnd_en_us.htm [DETECTION] Contains HEUR/HTML.Malware suspicious code C:\Qoobox\Quarantine\C\WINDOWS\system32\sfcfiles.dll.vir [DETECTION] Is the TR/Dropper.Gen Trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\UACpyoujdkjayfaqgs.dll.vir [DETECTION] Is the TR/PCK.Tdss.M.80 Trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACjuvalnomxoeecmp.sys.vir [DETECTION] Contains recognition pattern of the RKIT/Agent.kzu root kit C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP15\A0005689.exe [DETECTION] Is the TR/Agent.bvjc Trojan C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP7\A0003149.sys [DETECTION] Contains recognition pattern of the RKIT/Agent.kzu root kit C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP7\A0003150.dll [DETECTION] Is the TR/PCK.Tdss.M.80 Trojan C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP7\A0003224.dll [DETECTION] Is the TR/Dropper.Gen Trojan C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP8\A0004006.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP8\A0004007.dll [DETECTION] Is the TR/Killav.28714 Trojan C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP8\A0004008.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP8\A0004009.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP8\A0004011.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP8\A0004012.sys [DETECTION] Is the TR/Trash.Gen Trojan Beginning disinfection: C:\Program Files\BitComet\fav\ad\previewwnd_en_us.htm [DETECTION] Contains HEUR/HTML.Malware suspicious code [NOTE] The detection was classified as suspicious. [NOTE] The file was moved to '4a85ddc0.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\sfcfiles.dll.vir [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '4a83ddb4.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\UACpyoujdkjayfaqgs.dll.vir [DETECTION] Is the TR/PCK.Tdss.M.80 Trojan [NOTE] The file was moved to '4a63dd8f.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACjuvalnomxoeecmp.sys.vir [DETECTION] Contains recognition pattern of the RKIT/Agent.kzu root kit [NOTE] The file was moved to '49d191e0.qua'! C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP15\A0005689.exe [DETECTION] Is the TR/Agent.bvjc Trojan [NOTE] The file was moved to '4a50dd7e.qua'! C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP7\A0003149.sys [DETECTION] Contains recognition pattern of the RKIT/Agent.kzu root kit [NOTE] The file was moved to '49e5beb7.qua'! C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP7\A0003150.dll [DETECTION] Is the TR/PCK.Tdss.M.80 Trojan [NOTE] The file was moved to '49e199d7.qua'! C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP7\A0003224.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49fef02f.qua'! C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP8\A0004006.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49e6b6ef.qua'! C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP8\A0004007.dll [DETECTION] Is the TR/Killav.28714 Trojan [NOTE] The file was moved to '4a50dd7f.qua'! C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP8\A0004008.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4f3311a8.qua'! C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP8\A0004009.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4f340e70.qua'! C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP8\A0004011.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4f350638.qua'! C:\System Volume Information\_restore{B7C9ED84-5D99-41EC-83C5-64C0CC3E8341}\RP8\A0004012.sys [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4f363e00.qua'! End of the scan: Saturday, 30 May 2009 17:16 Used time: 1:35:17 Hour(s) The scan has been done completely. 35031 Scanned directories 588820 Files were scanned 13 Viruses and/or unwanted programs were found 1 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 14 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 588805 Files not concerned 2320 Archives were scanned 1 Warnings 15 Notes 86528 Objects were scanned with rootkit scan 0 Hidden objects were found

Did a Full MB Scan that found issues. Log below: Malwarebytes' Anti-Malware 1.37 Database version: 2188 Windows 5.1.2600 Service Pack 3 29/05/2009 12:56:46 PM mbam-log-2009-05-29 (12-56-46).txt Scan type: Full Scan (C:\|) Objects scanned: 415907 Time elapsed: 1 hour(s), 13 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Qoobox\quarantine\C\WINDOWS\system32\UACgtweuuryeyhsiub.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\system32\UACjokncxquvhrtutu.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\system32\UACmiyswleqxjkbepm.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\system32\UACydqrotvfhldspmn.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. c:\system volume information\_restore{b7c9ed84-5d99-41ec-83c5-64c0cc3e8341}\RP7\A0003154.dll (Trojan.TDSS) -> Quarantined and deleted successfully. c:\system volume information\_restore{b7c9ed84-5d99-41ec-83c5-64c0cc3e8341}\RP7\A0003151.dll (Trojan.TDSS) -> Quarantined and deleted successfully. c:\system volume information\_restore{b7c9ed84-5d99-41ec-83c5-64c0cc3e8341}\RP7\A0003152.dll (Trojan.TDSS) -> Quarantined and deleted successfully. c:\system volume information\_restore{b7c9ed84-5d99-41ec-83c5-64c0cc3e8341}\RP7\A0003153.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

After all above, i thought that i should maybe Restore my pc to the new Restore Point created after we had solved all my problems. So i did so, and first thing did a MB search.. and it found a few SOB's!!!?? I cleaned them, but then tried restoring back to where i was Before i went back.. but it said it did not work. I have done a quick scan and it has found nothing, but when i try to run IE, it pops up for a fraction of a second and then closes. Now i am assuming this has something to do with the fact that i had updated to IE8 just yesterday (a day after solving my issues) however i am not sure. I am using Chrome at the moment. I just really don't understand how all these SOB's get installed if i go to a Myspace page.. Does not matter which one, as both times they were different, and only the 2nd time did i actually log in. !! Would there be something hidden on my pc that no scanner can find, and is setting off a malware installer when a myspace.com address is entered into the url?? Am i forever cursed to visit a Myspace page.. I also don't understand how i can restore the pc to a 'clean' time but it still finds issues on restore. I Extremely Appreciated your help once again on what should be my next step at this point.

Ok i downloaded a fresh comp of ComboFix, and saved to desktop as Testing123.exe I ran it, found a heap of SOB's, logs below: ComboFix Log ComboFix 09-05-26.05 - Neil 29/05/2009 0:28.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2046.1474 [GMT 10:00] Running from: c:\documents and settings\Neil\Desktop\Testing123.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\drivers\UACjuvalnomxoeecmp.sys c:\windows\system32\UACbwingduuvgpsvgy.log c:\windows\system32\UACgtweuuryeyhsiub.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACjokncxquvhrtutu.dll c:\windows\system32\UACmeclkinaqjjliix.dat c:\windows\system32\UACmiyswleqxjkbepm.dll c:\windows\system32\UACncowyjjtvglfppq.log c:\windows\system32\UACpyoujdkjayfaqgs.dll c:\windows\system32\UACqycttbkohjqdtvb.log c:\windows\system32\UACydqrotvfhldspmn.dll ----- BITS: Possible infected sites ----- hxxp://downloadsoftwareserver.com Infected copy of c:\windows\system32\sfcfiles.dll was found and disinfected Restored copy from - c:\windows\$NtServicePackUninstall$\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_SFC -------\Service_sfc ((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 ))))))))))))))))))))))))))))))) . 2009-05-28 14:01 . 2009-05-28 14:02 -------- d-----w C:\HijackThis_2 2009-05-28 13:59 . 2009-05-28 13:59 401720 ----a-w C:\HiJackThis.exe 2009-05-28 11:47 . 2009-05-28 11:47 -------- d-----w c:\documents and settings\Administrator.EDG.000\Application Data\BitDefender 2009-05-28 11:47 . 2009-05-28 11:47 -------- d-sh--w c:\documents and settings\Administrator.EDG.000\PrivacIE 2009-05-28 11:47 . 2009-05-28 11:47 -------- d-sh--w c:\documents and settings\Administrator.EDG.000\IETldCache 2009-05-28 11:18 . 2009-05-28 11:18 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache 2009-05-28 11:16 . 2009-05-28 11:16 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache 2009-05-27 09:19 . 2009-05-27 09:19 -------- d-sh--w c:\documents and settings\LocalService\IETldCache 2009-05-27 09:19 . 2009-05-27 09:19 -------- d-sh--w c:\documents and settings\Neil\PrivacIE 2009-05-27 09:18 . 2009-05-27 09:18 -------- d-sh--w c:\documents and settings\Neil\IETldCache 2009-05-27 09:16 . 2009-05-27 09:16 -------- d-----w c:\windows\ie8updates 2009-05-27 09:16 . 2009-05-12 05:11 102912 -c----w c:\windows\system32\dllcache\iecompat.dll 2009-05-27 09:15 . 2009-05-27 09:16 -------- dc-h--w c:\windows\ie8 2009-05-27 08:07 . 2009-05-28 14:33 -------- d-----w c:\windows\system32\NtmsData 2009-05-27 02:26 . 2009-05-27 02:26 3371383 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-24 11:33 . 2009-05-28 14:31 81984 ----a-w c:\windows\system32\bdod.bin 2009-05-24 11:23 . 2009-05-24 11:23 -------- d-----w c:\documents and settings\Neil\Application Data\BitDefender 2009-05-24 11:22 . 2009-05-24 11:25 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender 2009-05-24 11:22 . 2009-05-24 11:22 -------- d-----w c:\program files\BitDefender 2009-05-24 11:20 . 2009-05-24 11:22 -------- d-----w c:\program files\Common Files\BitDefender 2009-05-24 10:38 . 2009-05-24 10:42 -------- d-----w C:\HijackThis 2009-05-24 04:10 . 2009-05-24 04:10 -------- d-----w c:\documents and settings\Administrator.EDG.000\Application Data\Malwarebytes 2009-05-22 06:41 . 2009-05-22 06:41 32 --s-a-w c:\windows\system32\1827815544.dat 2009-05-20 04:30 . 2009-05-20 04:30 -------- d-----w c:\documents and settings\Neil\Local Settings\Application Data\CutePDF Writer 2009-05-20 04:26 . 2009-05-20 04:42 -------- d-----w c:\program files\Acro Software 2009-05-19 12:20 . 2009-05-19 12:20 -------- d-----w c:\program files\Trend Micro 2009-05-19 09:13 . 2009-05-19 09:13 -------- d-----w c:\documents and settings\Neil\Application Data\Nero 2009-05-19 09:12 . 2009-05-19 09:12 -------- d-----w c:\documents and settings\Neil\Local Settings\Application Data\Xenocode 2009-05-19 04:34 . 2009-05-19 04:34 -------- d-----w c:\documents and settings\Neil\Application Data\Malwarebytes 2009-05-19 04:28 . 2009-05-26 03:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-19 04:28 . 2009-05-26 03:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-19 04:28 . 2009-05-19 04:28 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-19 04:28 . 2009-05-28 11:32 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-19 02:25 . 2009-05-02 14:32 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll 2009-05-19 02:25 . 2009-05-02 14:32 354584 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll 2009-05-19 02:25 . 2009-05-02 14:32 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe 2009-05-19 02:25 . 2009-05-02 14:32 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll 2009-05-19 02:25 . 2009-05-02 14:32 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll 2009-05-19 02:25 . 2009-05-02 14:32 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll 2009-05-19 02:25 . 2009-05-02 14:32 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe 2009-05-19 02:23 . 2009-05-02 08:23 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll 2009-05-19 02:23 . 2009-05-02 08:23 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll 2009-05-14 04:15 . 2009-05-02 14:32 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll 2009-05-14 04:15 . 2009-05-02 14:32 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe 2009-05-01 14:05 . 2009-05-01 14:05 -------- d-----w c:\documents and settings\SAM\Local Settings\Application Data\Mozilla . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-27 08:08 . 2006-10-16 12:33 167624 ----a-w c:\documents and settings\Neil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-27 06:59 . 2009-03-23 01:11 -------- d-----w c:\program files\MultipleIEs 2009-05-25 03:44 . 2008-06-09 07:43 -------- d-----w c:\documents and settings\Neil\Application Data\Vso 2009-05-24 14:46 . 2006-11-25 09:10 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2009-05-22 07:35 . 2006-10-28 05:31 -------- d-----w c:\documents and settings\Neil\Application Data\Skype 2009-05-22 06:03 . 2007-12-09 10:55 -------- d-----w c:\documents and settings\Neil\Application Data\skypePM 2009-05-19 13:48 . 2007-05-16 00:09 -------- d-----w c:\documents and settings\Neil\Application Data\U3 2009-05-19 09:51 . 2006-10-23 12:16 -------- d-----w c:\program files\Common Files\Ahead 2009-05-19 04:04 . 2008-03-15 09:26 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-05-19 03:12 . 2007-07-22 08:46 -------- d-----w c:\documents and settings\SAM\Application Data\Ahead 2009-05-15 17:04 . 2008-02-14 10:38 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-02 14:32 . 2009-03-10 09:49 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-02 14:32 . 2009-03-10 09:49 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-02 14:32 . 2009-03-10 09:49 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys 2009-05-02 14:32 . 2009-03-10 09:49 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-01 17:15 . 2007-04-02 15:46 -------- d-----w c:\documents and settings\Neil\Application Data\RipIt4Me 2009-04-30 08:18 . 2006-12-23 06:06 -------- d-----w c:\program files\FlashFXP 2009-04-29 06:46 . 2008-05-06 18:00 2516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-04-29 06:46 . 2008-05-06 18:00 2516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-04-08 11:59 . 2006-10-16 12:27 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-08 11:20 . 2009-04-08 11:20 -------- d-----w c:\documents and settings\All Users\Application Data\FlashFXP 2009-04-04 06:19 . 2006-12-30 04:23 167624 ----a-w c:\documents and settings\SAM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-20 11:24 . 2009-03-20 10:56 297 --sha-r C:\BOOTFILE.DAT 2009-03-20 11:24 . 2009-03-20 10:56 297 --sh--r c:\windows\system32\PROTSTOR.DAT 2009-03-20 11:24 . 2009-03-20 10:56 297 --sh--r c:\windows\MOSPS.SYS 2009-03-18 11:48 . 2009-03-18 11:48 488576 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\9.0\1033\ResourceCache.dll 2009-03-18 11:46 . 2009-03-18 11:46 416 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll 2009-03-08 04:22 . 2009-03-08 04:22 1241088 ----a-w c:\windows\system32\SETD9.tmp 2009-03-08 04:22 . 2009-03-08 04:22 1241088 ----a-w c:\windows\system32\SET13F.tmp 2009-03-08 04:22 . 2009-03-08 04:22 1241088 ----a-w c:\windows\system32\SET10C.tmp 2009-03-08 04:21 . 2009-03-08 04:21 2771706 ----a-w c:\windows\inf\SETE7.tmp 2009-03-08 04:21 . 2009-03-08 04:21 2771706 ----a-w c:\windows\inf\SETB8.tmp 2009-03-08 04:21 . 2009-03-08 04:21 2771706 ----a-w c:\windows\inf\SETA7.tmp 2009-03-08 04:21 . 2009-03-08 04:21 13460 ----a-w c:\windows\inf\IEM\0409\SETE8.tmp 2009-03-08 04:21 . 2009-03-08 04:21 13460 ----a-w c:\windows\inf\IEM\0409\SETB9.tmp 2009-03-08 04:21 . 2009-03-08 04:21 13460 ------w c:\windows\inf\IEM\0409\SETA8.tmp 2009-03-08 04:21 . 2009-03-08 04:21 10240 ----a-w c:\windows\system32\SETF1.tmp 2009-03-08 04:21 . 2009-03-08 04:21 10240 ----a-w c:\windows\system32\SET124.tmp 2009-03-08 04:21 . 2009-03-08 04:21 10240 ------w c:\windows\system32\SETC7.tmp 2009-03-08 04:09 . 2009-03-08 04:09 391536 ----a-w c:\windows\system32\SETD6.tmp 2009-03-08 04:09 . 2009-03-08 04:09 391536 ----a-w c:\windows\system32\SET13C.tmp 2009-03-08 04:09 . 2009-03-08 04:09 391536 ----a-w c:\windows\system32\SET109.tmp 2009-03-07 18:41 . 2009-03-07 18:41 5937152 ----a-w c:\windows\system32\SETEB.tmp 2009-03-07 18:41 . 2009-03-07 18:41 5937152 ----a-w c:\windows\system32\SET151.tmp 2009-03-07 18:41 . 2009-03-07 18:41 5937152 ----a-w c:\windows\system32\SET11E.tmp 2009-03-07 18:39 . 2009-03-07 18:39 11063808 ----a-w c:\windows\system32\SETD8.tmp 2009-03-07 18:39 . 2009-03-07 18:39 11063808 ----a-w c:\windows\system32\SET13E.tmp 2009-03-07 18:39 . 2009-03-07 18:39 11063808 ----a-w c:\windows\system32\SET10B.tmp 2009-03-07 18:35 . 2009-03-07 18:35 385024 ----a-w c:\windows\system32\SETFF.tmp 2009-03-07 18:35 . 2009-03-07 18:35 385024 ----a-w c:\windows\system32\SETCB.tmp 2009-03-07 18:35 . 2009-03-07 18:35 385024 ----a-w c:\windows\system32\SET132.tmp 2009-03-07 18:33 . 2009-03-07 18:33 18944 ----a-w c:\windows\system32\SETFC.tmp 2009-03-07 18:32 . 2009-03-07 18:32 72704 ----a-w c:\windows\system32\SETD7.tmp 2009-03-07 18:31 . 2009-03-07 18:31 183808 ----a-w c:\windows\system32\SETDA.tmp 2009-03-07 18:30 . 2009-03-07 18:30 66560 ----a-w c:\windows\system32\SETF5.tmp 2009-03-07 18:30 . 2009-03-07 18:30 66560 ----a-w c:\windows\system32\SET15B.tmp 2009-03-07 18:30 . 2009-03-07 18:30 66560 ----a-w c:\windows\system32\SET128.tmp 2009-03-07 18:22 . 2009-03-07 18:22 164352 ----a-w c:\windows\system32\SET144.tmp 2009-03-07 18:22 . 2009-03-07 18:22 164352 ----a-w c:\windows\system32\SET111.tmp 2009-03-07 18:22 . 2009-03-07 18:22 164352 ------w c:\windows\system32\SETDE.tmp 2009-03-07 18:22 . 2009-03-07 18:22 156160 ----a-w c:\windows\system32\SETEF.tmp 2009-03-07 18:22 . 2009-03-07 18:22 156160 ----a-w c:\windows\system32\SET155.tmp 2009-03-07 18:22 . 2009-03-07 18:22 156160 ----a-w c:\windows\system32\SET122.tmp 2009-03-07 18:22 . 2001-08-23 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-07 18:15 . 2009-03-07 18:15 57667 ----a-w c:\windows\system32\SETDF.tmp 2009-03-07 18:15 . 2009-03-07 18:15 57667 ----a-w c:\windows\system32\SET145.tmp 2009-03-07 18:15 . 2009-03-07 18:15 57667 ----a-w c:\windows\system32\SET112.tmp 2009-03-07 18:11 . 2009-03-07 18:11 445952 ----a-w c:\windows\system32\SETD5.tmp 2009-03-07 18:11 . 2009-03-07 18:11 445952 ----a-w c:\windows\system32\SET13B.tmp 2009-03-07 18:11 . 2009-03-07 18:11 445952 ----a-w c:\windows\system32\SET108.tmp 2009-03-06 14:22 . 2004-08-04 04:56 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-05 08:08 . 2009-05-24 11:25 49664 ----a-w c:\program files\mozilla firefox\components\FFComm.dll 2007-01-22 09:08 . 2006-10-24 13:40 848 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MtdAcq"="c:\program files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2005-09-14 229466] "Google Update"="c:\documents and settings\Neil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-22 133104] "Creative MediaSource Go"="c:\program files\Creative\MediaSource\Go\CTCMSGo.exe" [2005-10-19 135168] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 827392] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208] "Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-06 147514] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-05 139320] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-05-11 151552] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-08 778240] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-02 1947928] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 344064] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-04-24 1448960] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-04 16206848] "CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2005-10-29 18944] "CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-10-29 16384] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-02 14:32 11952 ----a-w c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"= "c:\\Program Files\\Corel\\CorelDRAW Graphics Suite 13\\Programs\\CorelPP.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "c:\\Program Files\\Adobe\\Adobe Contribute CS3\\Contribute.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10155:TCP"= 10155:TCP:BitComet 10155 TCP "10155:UDP"= 10155:UDP:BitComet 10155 UDP "13584:TCP"= 13584:TCP:BitComet 13584 TCP "13584:UDP"= 13584:UDP:BitComet 13584 UDP R0 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [19/10/2006 8:38 PM 14592] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/03/2009 7:49 PM 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/03/2009 7:49 PM 108552] R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [22/10/2006 8:51 PM 58464] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/03/2009 7:49 PM 298776] R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [6/10/2008 6:16 PM 82696] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 12:09 PM 111112] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [12/02/2009 4:52 PM 104328] S2 gcamlz;gcamlz;c:\windows\system32\drivers\ftxnf.sys --> c:\windows\system32\drivers\ftxnf.sys [?] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 7:16 PM 172032] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-2049760794-839522115-1003.job - c:\documents and settings\Neil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-22 14:53] . - - - - ORPHANS REMOVED - - - - HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe HKLM-Run-trioService - c:\program files\Living Marine Aquarium\trioService.exe SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.au/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {2DFA3F5C-C7D8-44C2-A420-EC11E00C3F28} - hxxp://healthcare.net-it.com/DisplayListX.CAB DPF: {87C434E6-67DF-4D2C-9136-49E98C15FCD7} - hxxp://sample.net-it.com/BravaClientX.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} FF - ProfilePath - c:\documents and settings\Neil\Application Data\Mozilla\Firefox\Profiles\cxz8a061.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au FF - prefs.js: network.proxy.ftp - 165.228.128.10 FF - prefs.js: network.proxy.ftp_port - 3128 FF - prefs.js: network.proxy.gopher - 165.228.128.10 FF - prefs.js: network.proxy.gopher_port - 3128 FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 7171 FF - prefs.js: network.proxy.socks - 165.228.128.10 FF - prefs.js: network.proxy.socks_port - 3128 FF - prefs.js: network.proxy.ssl - 165.228.128.10 FF - prefs.js: network.proxy.ssl_port - 3128 FF - prefs.js: network.proxy.type - 1 FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll FF - plugin: c:\documents and settings\Neil\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-29 00:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(988) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(5432) c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2009\vsserv.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\WgaTray.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Network Associates\Common Framework\FrameworkService.exe c:\program files\Network Associates\VirusScan\VsTskMgr.exe c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\searchindexer.exe c:\windows\system32\rundll32.exe c:\program files\AVG\AVG8\avgtray.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\windows\system32\searchprotocolhost.exe c:\program files\BitDefender\BitDefender 2009\seccenter.exe c:\windows\system32\searchfilterhost.exe . ************************************************************************** . Completion time: 2009-05-28 0:38 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-28 14:38 Pre-Run: 273,067,868,160 bytes free Post-Run: 273,296,117,760 bytes free 342 ________________________________ Please note that when i ran HiJackThis i got the same error message as i did in my initial post at this same time in the process. Hijack This Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:43:20 AM, on 29/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\WgaTray.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\SkyTel.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe C:\Documents and Settings\Neil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\HijackThis_2\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Neil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2DFA3F5C-C7D8-44C2-A420-EC11E00C3F28} (DLXControl Class) - http://healthcare.net-it.com/DisplayListX.CAB O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader2.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab O16 - DPF: {87C434E6-67DF-4D2C-9136-49E98C15FCD7} (BravaClientXView 6.0 Class) - http://sample.net-it.com/BravaClientX.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF -- End of file - 14255 bytes

HiJack THis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:02:17 AM, on 29/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\SkyTel.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Documents and Settings\Neil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Neil\Desktop\ComboFix.exe C:\Documents and Settings\Neil\Desktop\ComboFix.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\HijackThis_2\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [trioService] "C:\Program Files\Living Marine Aquarium\trioService.exe " O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Neil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2DFA3F5C-C7D8-44C2-A420-EC11E00C3F28} (DLXControl Class) - http://healthcare.net-it.com/DisplayListX.CAB O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader2.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab O16 - DPF: {87C434E6-67DF-4D2C-9136-49E98C15FCD7} (BravaClientXView 6.0 Class) - http://sample.net-it.com/BravaClientX.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF -- End of file - 14693 bytes

THIS IS UNF***ING BELIEVABLE. Its ALL Back. SOB When my initial issue arose, i was trying to work out how it ahppened as i had no clickec onto anything.. the Only Webpage i had open was a Myspace page. I had music playin from it.. and thats when i got some message saying this rubbish had been installed.. and my pc went downhill from there.. Well i had assumed that it may have been Myspace even though i didnt click on anything specific.. Anyway.. now my system was all clean. I was in a predicament not long ago as i needed to contact someone urgently, and my only possible solution left was to send a msg through Myspace (i rarely use it). So i did so, and i noticed that my hd's were crunching away.. and low and behold.. my pc froze up.. restarted, then froze again.. MalwareBytes would not run.. so i renamed the exe.. did a scan and it found a whole heap of MFer's!.. I am now stuck with that same uacinit.dll AND some Rootkit.. that both reappear on restart.. Now i have wanted to start your Very Helpful instructions again as per the start of this Post.. however ComboFix does Not Want to execute!!.. How on earth does this rubbish get installed just from visiting a page.. even though i have the right software running.!? PLEASE HELP (again!) Malwarebytes' Anti-Malware 1.37 Database version: 2187 Windows 5.1.2600 Service Pack 3 28/05/2009 11:49:49 PM mbam-log-2009-05-28 (23-49-49).txt Scan type: Quick Scan Objects scanned: 117541 Time elapsed: 4 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Not selected for removal.

Popup error now gone. Thanks very much for all your help. I did a Full MB scan: Malwarebytes' Anti-Malware 1.37 Database version: 2184 Windows 5.1.2600 Service Pack 3 27/05/2009 9:18:21 PM mbam-log-2009-05-27 (21-18-21).txt Scan type: Full Scan (C:\|) Objects scanned: 387259 Time elapsed: 1 hour(s), 43 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I wanted to get your opinion on what you believe to be the best paid virus/malware/spyware software available. I initially had McAfee VirusScan 8, which i had for over two years which then expired 2 months back. I have also had Spybot running. I was recommended to d/l and use AVG however i dont think that is really that great since i got the malware issue we have now fixed. I did a review search and discovered BitDefender to be the best via one review site, which i am currently using for a 1 month trial. Your suggestion would be most helpful. Thanks again.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:23:09 PM, on 27/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Documents and Settings\Neil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Neil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2DFA3F5C-C7D8-44C2-A420-EC11E00C3F28} (DLXControl Class) - http://healthcare.net-it.com/DisplayListX.CAB O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader2.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab O16 - DPF: {87C434E6-67DF-4D2C-9136-49E98C15FCD7} (BravaClientXView 6.0 Class) - http://sample.net-it.com/BravaClientX.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\ComboFix\HIDEC.exe" "C:\ComboFix\SWREG.EXE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF -- End of file - 14033 bytes

Hi, Just letting you know that when i tried Step B, i got a error message saying file could not be found. Also, when my pc restarts, i get a popup error message saying: Windows cannot find the file c:\ComboFix\HIDEC.exe Make sure that you typed it correctly then try again..... I restarted a second time and got the same thing. Could you please help with this? Neil.

Below is the MB log. (It appears that the files it found where the ones BitDefender found and had already quaranteened?) Malwarebytes' Anti-Malware 1.36 Database version: 2179 Windows 5.1.2600 Service Pack 3 26/05/2009 8:43:46 PM mbam-log-2009-05-26 (20-43-46).txt Scan type: Full Scan (C:\|) Objects scanned: 462868 Time elapsed: 2 hour(s), 22 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Qoobox\Quarantine\C\WINDOWS\system32\UACfotkbtaohoxbclc.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\UACggfwvmndpjamrou.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqesgxfmuvonnlyx.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\UACsarqjkvnkvkiirk.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\UACuuqqwdluhtoskuj.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACkutvwqxwkdfoxwk.sys.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.