Solve : W32.SillyFDC?

1.	Solve : W32.SillyFDC?
Answer» Hi, I wonder if any of you kind people can help me. I have the W32.SillyFDC virus which I am rather keen to divest myself of. I have followed the steps in the sticky thread and here are the logs: Superantispyware SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/26/2009 at 09:30 PM Application Version : 4.26.1000 Core Rules Database Version : 3816 Trace Rules Database Version: 1770 Scan type : Complete Scan Total Scan Time : 01:56:24 Memory items scanned : 567 Memory threats detected : 0 Registry items scanned : 5870 Registry threats detected : 2 File items scanned : 91369 File threats detected : 7 Trojan.DNS-Changer (Hi-Jacked DNS) HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{FB776DD5-73D3-4AB5-BE59-060B53EB92BE}#NAMESERVER HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS\INTERFACES\{FB776DD5-73D3-4AB5-BE59-060B53EB92BE}#NAMESERVER Adware.GloboLook C:\DOCUMENTS AND SETTINGS\PETER\MY DOCUMENTS\P'S WORK\NEW WEB PAGES\ICONS\MISCA96[1].ICO F:\BACK UP FEB 5 2009\MY DOCS 7 FEB\P'S WORK\NEW WEB PAGES\ICONS\MISCA96[1].ICO F:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1559\A0385485.ICO F:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1559\A0385537.ICO F:\SYSTEM VOLUME INFORMATION\_RESTORE{4F1BD45F-C19C-4BED-B198-221788B46FCC}\RP63\A0026526.ICO F:\BACK UP JAN 2 2009\MY DOCUMENTS BACK UP\P'S WORK\NEW WEB PAGES\ICONS\MISCA96[1].ICO Trojan.VXGame-Variant/D C:\PROGRAM FILES\HIGHCRITERIA\TOTALRECORDER\TOTAL.RECORDER.4.X.GENERIC.CRACK-CHECKSUM_BAD.EXE Malwarebyte's Malwarebytes' Anti-Malware 1.35 Database version: 1904 Windows 5.1.2600 Service Pack 3 27/03/2009 06:30:39 mbam-log-2009-03-27 (06-30-39).txt Scan type: Quick Scan Objects scanned: 74803 Time elapsed: 8 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.147,85.255.112.103 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.147,85.255.112.103 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.147,85.255.112.103 -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Hijack This (Incidentally i couldn't rename this as I couldn't find the Program files and it's not in the Start menu) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:45:09, on 27/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\DU Meter\DUMeterSvc.exe C:\Program Files\M-Audio Fast Track\GBInst.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Norton Ghost\Agent\GhostTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DU Meter\DUMeter.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Nike+ Utility\Nike+ Utility.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Program Files\Symantec\LiveUpdate\AUpdate.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Peter\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: Groove GFS BROWSER Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar NOTIFIER BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKLM\..\Policies\Explorer\Run: [] O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user') O4 - Startup: Creative Element Power Tools Startup.lnk = C:\Program Files\Creative Element Power Tools\Startup.exe O4 - Global Startup: Nike+ Utility.lnk = C:\Program Files\Nike+ Utility\Nike+ Utility.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231069239312 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1237655938916&h=0d5fe288dbf8eb198d9bb1f51db06acf/&filename=jinstall-6u12-windows-i586-jc.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/PETERE~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg -- End of file - 13562 bytes All help very gratefully received! (I'm running Windows XP and Norton Antivirus). Many thanks.Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) O4 - HKLM\..\Policies\Explorer\Run: [] O4 - HKUS\S-1-5-19\..\RunOnce: [] (User \'LOCAL SERVICE\') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User \'NETWORK SERVICE\') . Important:* Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ---------- Download Lop S&D by Eric_71 and save it to your Desktop. Lop S&D will only run on Windows XP and Windows Vista Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. If needed see: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Double click LopSD.exe - If you are using Windows Vista, right-click on the LopSD icon and select Run as administrator to perform this scan. Choose the language by typing of the corresponding letter and press Enter Click OK at the informative window Type 1, to choose Option 1 (Search) then press Enter Wait until the end of the scan A report will be generated, post the contents of it in your next reply. . A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt Many thanks indeed for your help evilfantasy, here is the log: --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A07 USER : Peter ( Administrator ) BOOT : Normal boot Antivirus : Norton Internet Security 2006 2006 (Not Activated) Firewall : Norton Internet Security 2006 2006 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:74 Go (Free:38 Go) D:\ (USB) - FAT - Total:1967 Mo (Free:1 Go) E:\ (CD or DVD) F:\ (Local Disk) - FAT32 - Total:232 Go (Free:9 Go) "C:\Lop SD" ( MAJ : 19-12-2008\|23:40 ) Option : [1] ( 27/03/2009\| 9:20 ) --------------------\\ Listing folders in APPLIC~1 [04/01/2009\|10:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [25/01/2009\|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [27/03/2009\|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\~0 [14/03/2009\|08:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [25/01/2009\|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [25/01/2009\|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [04/01/2009\|13:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [01/02/2009\|08:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hagel Technologies [25/03/2009\|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [27/03/2009\|06:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [15/02/2009\|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [08/02/2009\|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [04/01/2009\|16:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS [28/02/2009\|09:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype [26/03/2009\|19:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com [16/03/2009\|06:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [23/03/2009\|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [04/01/2009\|11:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [14/02/2009\|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip [04/01/2009\|10:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [11/01/2009\|08:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [04/01/2009\|11:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [05/01/2009\|15:38] C:\DOCUME~1\PETERE~1\APPLIC~1\Adobe [25/01/2009\|13:06] C:\DOCUME~1\PETERE~1\APPLIC~1\Apple Computer [04/01/2009\|14:23] C:\DOCUME~1\PETERE~1\APPLIC~1\Google [04/01/2009\|11:08] C:\DOCUME~1\PETERE~1\APPLIC~1\Identities [04/01/2009\|14:58] C:\DOCUME~1\PETERE~1\APPLIC~1\Macromedia [27/03/2009\|06:14] C:\DOCUME~1\PETERE~1\APPLIC~1\Malwarebytes [05/03/2009\|19:52] C:\DOCUME~1\PETERE~1\APPLIC~1\Microsoft [24/03/2009\|18:27] C:\DOCUME~1\PETERE~1\APPLIC~1\Skype [24/03/2009\|17:13] C:\DOCUME~1\PETERE~1\APPLIC~1\skypePM [25/01/2009\|08:00] C:\DOCUME~1\PETERE~1\APPLIC~1\Steinberg [21/03/2009\|17:18] C:\DOCUME~1\PETERE~1\APPLIC~1\Sun [26/03/2009\|19:26] C:\DOCUME~1\PETERE~1\APPLIC~1\SUPERAntiSpyware.com [10/01/2009\|12:53] C:\DOCUME~1\PETERE~1\APPLIC~1\Symantec [14/02/2009\|08:14] C:\DOCUME~1\PETERE~1\APPLIC~1\uniblue [05/02/2009\|12:35] C:\DOCUME~1\PETERE~1\APPLIC~1\vlc --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [25/03/2009 19:23][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [16/03/2009 10:51][--a------] C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job [14/02/2009 08:14][--a------] C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job [24/03/2009 16:37][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [21/03/2009 00:22][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Peter.job [27/03/2009 06:34][--ah-----] C:\WINDOWS\tasks\SA.DAT [16/07/2003 20:36][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [25/01/2009\|07:19] C:\Program Files\7-Zip [14/03/2009\|08:05] C:\Program Files\Adobe [04/01/2009\|11:34] C:\Program Files\Analog Devices [25/01/2009\|11:18] C:\Program Files\Apple Software Update [27/03/2009\|09:16] C:\Program Files\BitComet [25/01/2009\|11:22] C:\Program Files\Bonjour [26/03/2009\|19:06] C:\Program Files\CCleaner [26/03/2009\|19:25] C:\Program Files\Common Files [04/01/2009\|10:46] C:\Program Files\ComPlus Applications [04/01/2009\|12:58] C:\Program Files\CONEXANT [18/03/2009\|20:12] C:\Program Files\Creative Element Power Tools [01/02/2009\|08:47] C:\Program Files\DU Meter [27/03/2009\|07:07] C:\Program Files\Enigma Software Group [04/01/2009\|19:06] C:\Program Files\GenoPro [04/01/2009\|13:09] C:\Program Files\Google [04/01/2009\|18:23] C:\Program Files\HighCriteria [18/01/2009\|16:41] C:\Program Files\InstallShield Installation Information [04/01/2009\|11:36] C:\Program Files\Intel [14/02/2009\|08:35] C:\Program Files\Internet Explorer [25/01/2009\|11:25] C:\Program Files\iPod [25/01/2009\|11:26] C:\Program Files\iTunes [21/03/2009\|17:20] C:\Program Files\Java [25/03/2009\|19:12] C:\Program Files\Lavasoft [04/01/2009\|12:54] C:\Program Files\Lexmark 5200 Series [27/03/2009\|06:14] C:\Program Files\Malwarebytes' Anti-Malware [24/01/2009\|09:28] C:\Program Files\M-Audio Fast Track [06/01/2009\|20:24] C:\Program Files\Messenger [04/01/2009\|11:01] C:\Program Files\microsoft frontpage [04/01/2009\|13:18] C:\Program Files\Microsoft Office [04/01/2009\|13:32] C:\Program Files\Microsoft Visual Studio [04/01/2009\|13:34] C:\Program Files\Microsoft Works [06/01/2009\|20:18] C:\Program Files\Movie Maker [13/02/2009\|19:56] C:\Program Files\MSBuild [04/01/2009\|10:45] C:\Program Files\MSN [04/01/2009\|10:45] C:\Program Files\MSN Gaming Zone [06/01/2009\|20:14] C:\Program Files\NetMeeting [04/01/2009\|17:27] C:\Program Files\Nike+ Utility [21/03/2009\|07:08] C:\Program Files\Norton Ghost [16/03/2009\|10:19] C:\Program Files\Norton Internet Security [04/01/2009\|16:27] C:\Program Files\NOS [04/01/2009\|10:47] C:\Program Files\Online Services [06/01/2009\|20:14] C:\Program Files\Outlook Express [04/01/2009\|12:59] C:\Program Files\PowerISO [25/01/2009\|11:21] C:\Program Files\QuickTime [13/02/2009\|19:56] C:\Program Files\Reference Assemblies [28/02/2009\|09:34] C:\Program Files\Skype [14/02/2009\|08:14] C:\Program Files\SpeedupmyPC [15/02/2009\|10:29] C:\Program Files\Steinberg [26/03/2009\|19:26] C:\Program Files\SUPERAntiSpyware [06/01/2009\|06:28] C:\Program Files\Symantec [25/01/2009\|07:44] C:\Program Files\Syncrosoft [04/01/2009\|17:26] C:\Program Files\TClockEx [14/02/2009\|08:14] C:\Program Files\Uniblue [04/01/2009\|11:08] C:\Program Files\Uninstall Information [05/02/2009\|12:28] C:\Program Files\VideoLAN [07/01/2009\|10:27] C:\Program Files\Windows Desktop Search [06/01/2009\|21:25] C:\Program Files\Windows Media Connect 2 [06/01/2009\|21:25] C:\Program Files\Windows Media Player [06/01/2009\|20:14] C:\Program Files\Windows NT [04/01/2009\|11:41] C:\Program Files\WindowsUpdate [14/02/2009\|08:10] C:\Program Files\WinZip [04/01/2009\|11:01] C:\Program Files\xerox [04/01/2009\|15:27] C:\Program Files\Yahoo! --------------------\\ Listing Folders in C:\Program Files\Common Files [14/03/2009\|08:05] C:\Program Files\Common Files\Adobe [04/01/2009\|15:04] C:\Program Files\Common Files\Adobe AIR [25/01/2009\|11:25] C:\Program Files\Common Files\Apple [04/01/2009\|13:32] C:\Program Files\Common Files\DESIGNER [24/01/2009\|09:27] C:\Program Files\Common Files\InstallShield [04/01/2009\|12:59] C:\Program Files\Common Files\logishrd [04/01/2009\|13:33] C:\Program Files\Common Files\Microsoft Shared [04/01/2009\|10:46] C:\Program Files\Common Files\MSSoap [04/01/2009\|10:37] C:\Program Files\Common Files\ODBC [04/01/2009\|10:47] C:\Program Files\Common Files\Services [28/02/2009\|09:34] C:\Program Files\Common Files\Skype [04/01/2009\|10:37] C:\Program Files\Common Files\SpeechEngines [27/03/2009\|06:16] C:\Program Files\Common Files\Symantec Shared [06/01/2009\|20:14] C:\Program Files\Common Files\System [26/03/2009\|19:25] C:\Program Files\Common Files\Wise Installation Wizard --------------------\\ Process ( 48 Processes ) iexplore.exe ~ [PID:1044] --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders C:\DOCUME~1\PETERE~1\Cookies\[emailprotected][1].txt C:\DOCUME~1\PETERE~1\Cookies\[emailprotected][1].txt C:\DOCUME~1\PETERE~1\Cookies\[emailprotected][1].txt C:\DOCUME~1\PETERE~1\Cookies\[emailprotected][1].txt --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-27 09:19:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-27 09:22:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\PETERE~1\Favorites\SpyHunter Security Suite v3.4.9+Crack-HeartBug (download torrent) - TPB.url C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG C:\DOCUME~1\PETERE~1\My Documents\Software\Total Recorder 4.2 Pro. with crack.Sfx.exe C:\DOCUME~1\PETERE~1\My Documents\Software\Total Recorder 4.3 + Keygen.exe C:\DOCUME~1\PETERE~1\My Documents\Software\Total_Recorder_v4.x_Generic_Crack.zip C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\keygen.exe C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\setup.exe C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\ssg.nfo C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\Torrent downloaded from Demonoid.com.txt [F:104][D:9]-> C:\DOCUME~1\PETERE~1\LOCALS~1\Temp [F:409][D:0]-> C:\DOCUME~1\PETERE~1\Cookies [F:1336][D:5]-> C:\DOCUME~1\PETERE~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 27/03/2009\| 9:24 - Option : [1] --------------------\\ Scan completed at 9:24:32 You are going to have to remove the cracks before I can continue helping. Download the OTMoveIt3 by OldTimer Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator. * Save it to your Desktop. * Double-click OTMoveIt3.exe to run it. * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy) Code: [Select]:Processes explorer.exe :services :reg :files C:\DOCUME~1\PETERE~1\Favorites\SpyHunter Security Suite v3.4.9+Crack-HeartBug (download torrent) - TPB.url C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG C:\DOCUME~1\PETERE~1\My Documents\Software\Total Recorder 4.2 Pro. with crack.Sfx.exe C:\DOCUME~1\PETERE~1\My Documents\Software\Total Recorder 4.3 + Keygen.exe C:\DOCUME~1\PETERE~1\My Documents\Software\Total_Recorder_v4.x_Generic_Crack.zip C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\keygen.exe C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\setup.exe C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\ssg.nfo C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\Torrent downloaded from Demonoid.com.txt :Commands [purity] [emptytemp] [start explorer] [REBOOT] * Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. * Click the red Moveit! button. * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.Here it is evilfantasy (after reboot)... ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== File/Folder C:\DOCUME~1\PETERE~1\Favorites\SpyHunter Security Suite v3.4.9+Crack-HeartBug (download torrent) - TPB.url not found. C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG moved successfully. C:\DOCUME~1\PETERE~1\My Documents\Software\Total Recorder 4.2 Pro. with crack.Sfx.exe moved successfully. C:\DOCUME~1\PETERE~1\My Documents\Software\Total Recorder 4.3 + Keygen.exe moved successfully. C:\DOCUME~1\PETERE~1\My Documents\Software\Total_Recorder_v4.x_Generic_Crack.zip moved successfully. File/Folder C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\keygen.exe not found. File/Folder C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\setup.exe not found. File/Folder C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\ssg.nfo not found. File/Folder C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\Torrent downloaded from Demonoid.com.txt not found. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\PETERE~1\LOCALS~1\Temp\Perflib_Perfdata_844.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\PETERE~1\LOCALS~1\Temp\~DFA191.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\PETERE~1\LOCALS~1\Temp\~DFA1A4.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03272009_170508 Files moved on Reboot... File C:\DOCUME~1\PETERE~1\LOCALS~1\Temp\Perflib_Perfdata_844.dat not found! File C:\DOCUME~1\PETERE~1\LOCALS~1\Temp\~DFA191.tmp not found! File C:\DOCUME~1\PETERE~1\LOCALS~1\Temp\~DFA1A4.tmp not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat moved successfully. Thank you. Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. Double click LopSD.exe - If you are using Windows Vista, right-click on the LopSD icon and select Run as administrator to perform this scan. Choose the language by typing of the corresponding letter and press Enter Click OK at the informative window. Type 2 to choose Option 2 (Delete with Hosts File Restore), then press Enter Wait until the end of the scan. A report will be generated, post the contents of it in your next reply. ---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important:** Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixHi evilfantasy (and many thanks again for all this!), here are the logs: --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A07 USER : Peter ( Administrator ) BOOT : Normal boot Antivirus : Norton Internet Security 2006 2006 (Not Activated) Firewall : Norton Internet Security 2006 2006 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:74 Go (Free:38 Go) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008\|23:40 ) Option : [2] ( 27/03/2009\|17:55 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing folders in APPLIC~1 [04/01/2009\|10:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [25/01/2009\|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [14/03/2009\|08:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [25/01/2009\|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [25/01/2009\|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [04/01/2009\|13:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [01/02/2009\|08:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hagel Technologies [27/03/2009\|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [27/03/2009\|06:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [15/02/2009\|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [08/02/2009\|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [04/01/2009\|16:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS [28/02/2009\|09:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype [26/03/2009\|19:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com [16/03/2009\|06:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [23/03/2009\|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [04/01/2009\|11:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [14/02/2009\|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip [04/01/2009\|10:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [11/01/2009\|08:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [04/01/2009\|11:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [05/01/2009\|15:38] C:\DOCUME~1\PETERE~1\APPLIC~1\Adobe [25/01/2009\|13:06] C:\DOCUME~1\PETERE~1\APPLIC~1\Apple Computer [04/01/2009\|14:23] C:\DOCUME~1\PETERE~1\APPLIC~1\Google [04/01/2009\|11:08] C:\DOCUME~1\PETERE~1\APPLIC~1\Identities [04/01/2009\|14:58] C:\DOCUME~1\PETERE~1\APPLIC~1\Macromedia [27/03/2009\|06:14] C:\DOCUME~1\PETERE~1\APPLIC~1\Malwarebytes [05/03/2009\|19:52] C:\DOCUME~1\PETERE~1\APPLIC~1\Microsoft [24/03/2009\|18:27] C:\DOCUME~1\PETERE~1\APPLIC~1\Skype [24/03/2009\|17:13] C:\DOCUME~1\PETERE~1\APPLIC~1\skypePM [25/01/2009\|08:00] C:\DOCUME~1\PETERE~1\APPLIC~1\Steinberg [21/03/2009\|17:18] C:\DOCUME~1\PETERE~1\APPLIC~1\Sun [26/03/2009\|19:26] C:\DOCUME~1\PETERE~1\APPLIC~1\SUPERAntiSpyware.com [10/01/2009\|12:53] C:\DOCUME~1\PETERE~1\APPLIC~1\Symantec [14/02/2009\|08:14] C:\DOCUME~1\PETERE~1\APPLIC~1\uniblue [05/02/2009\|12:35] C:\DOCUME~1\PETERE~1\APPLIC~1\vlc --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [25/03/2009 19:23][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [16/03/2009 10:51][--a------] C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job [14/02/2009 08:14][--a------] C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job [24/03/2009 16:37][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [21/03/2009 00:22][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Peter.job [27/03/2009 17:43][--ah-----] C:\WINDOWS\tasks\SA.DAT [16/07/2003 20:36][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [25/01/2009\|07:19] C:\Program Files\7-Zip [14/03/2009\|08:05] C:\Program Files\Adobe [04/01/2009\|11:34] C:\Program Files\Analog Devices [25/01/2009\|11:18] C:\Program Files\Apple Software Update [27/03/2009\|16:59] C:\Program Files\BitComet [25/01/2009\|11:22] C:\Program Files\Bonjour [26/03/2009\|19:06] C:\Program Files\CCleaner [26/03/2009\|19:25] C:\Program Files\Common Files [04/01/2009\|10:46] C:\Program Files\ComPlus Applications [04/01/2009\|12:58] C:\Program Files\CONEXANT [18/03/2009\|20:12] C:\Program Files\Creative Element Power Tools [01/02/2009\|08:47] C:\Program Files\DU Meter [27/03/2009\|07:07] C:\Program Files\Enigma Software Group [04/01/2009\|19:06] C:\Program Files\GenoPro [04/01/2009\|13:09] C:\Program Files\Google [04/01/2009\|18:23] C:\Program Files\HighCriteria [18/01/2009\|16:41] C:\Program Files\InstallShield Installation Information [04/01/2009\|11:36] C:\Program Files\Intel [14/02/2009\|08:35] C:\Program Files\Internet Explorer [25/01/2009\|11:25] C:\Program Files\iPod [25/01/2009\|11:26] C:\Program Files\iTunes [21/03/2009\|17:20] C:\Program Files\Java [27/03/2009\|07:06] C:\Program Files\Lavasoft [04/01/2009\|12:54] C:\Program Files\Lexmark 5200 Series [27/03/2009\|06:14] C:\Program Files\Malwarebytes' Anti-Malware [24/01/2009\|09:28] C:\Program Files\M-Audio Fast Track [06/01/2009\|20:24] C:\Program Files\Messenger [04/01/2009\|11:01] C:\Program Files\microsoft frontpage [04/01/2009\|13:18] C:\Program Files\Microsoft Office [04/01/2009\|13:32] C:\Program Files\Microsoft Visual Studio [04/01/2009\|13:34] C:\Program Files\Microsoft Works [06/01/2009\|20:18] C:\Program Files\Movie Maker [13/02/2009\|19:56] C:\Program Files\MSBuild [04/01/2009\|10:45] C:\Program Files\MSN [04/01/2009\|10:45] C:\Program Files\MSN Gaming Zone [06/01/2009\|20:14] C:\Program Files\NetMeeting [04/01/2009\|17:27] C:\Program Files\Nike+ Utility [21/03/2009\|07:08] C:\Program Files\Norton Ghost [16/03/2009\|10:19] C:\Program Files\Norton Internet Security [04/01/2009\|16:27] C:\Program Files\NOS [04/01/2009\|10:47] C:\Program Files\Online Services [06/01/2009\|20:14] C:\Program Files\Outlook Express [04/01/2009\|12:59] C:\Program Files\PowerISO [25/01/2009\|11:21] C:\Program Files\QuickTime [13/02/2009\|19:56] C:\Program Files\Reference Assemblies [28/02/2009\|09:34] C:\Program Files\Skype [14/02/2009\|08:14] C:\Program Files\SpeedupmyPC [15/02/2009\|10:29] C:\Program Files\Steinberg [26/03/2009\|19:26] C:\Program Files\SUPERAntiSpyware [06/01/2009\|06:28] C:\Program Files\Symantec [25/01/2009\|07:44] C:\Program Files\Syncrosoft [04/01/2009\|17:26] C:\Program Files\TClockEx [14/02/2009\|08:14] C:\Program Files\Uniblue [04/01/2009\|11:08] C:\Program Files\Uninstall Information [05/02/2009\|12:28] C:\Program Files\VideoLAN [07/01/2009\|10:27] C:\Program Files\Windows Desktop Search [06/01/2009\|21:25] C:\Program Files\Windows Media Connect 2 [06/01/2009\|21:25] C:\Program Files\Windows Media Player [06/01/2009\|20:14] C:\Program Files\Windows NT [04/01/2009\|11:41] C:\Program Files\WindowsUpdate [14/02/2009\|08:10] C:\Program Files\WinZip [04/01/2009\|11:01] C:\Program Files\xerox [04/01/2009\|15:27] C:\Program Files\Yahoo! --------------------\\ Listing Folders in C:\Program Files\Common Files [14/03/2009\|08:05] C:\Program Files\Common Files\Adobe [04/01/2009\|15:04] C:\Program Files\Common Files\Adobe AIR [25/01/2009\|11:25] C:\Program Files\Common Files\Apple [04/01/2009\|13:32] C:\Program Files\Common Files\DESIGNER [24/01/2009\|09:27] C:\Program Files\Common Files\InstallShield [04/01/2009\|12:59] C:\Program Files\Common Files\logishrd [04/01/2009\|13:33] C:\Program Files\Common Files\Microsoft Shared [04/01/2009\|10:46] C:\Program Files\Common Files\MSSoap [04/01/2009\|10:37] C:\Program Files\Common Files\ODBC [04/01/2009\|10:47] C:\Program Files\Common Files\Services [28/02/2009\|09:34] C:\Program Files\Common Files\Skype [04/01/2009\|10:37] C:\Program Files\Common Files\SpeechEngines [27/03/2009\|06:16] C:\Program Files\Common Files\Symantec Shared [06/01/2009\|20:14] C:\Program Files\Common Files\System [26/03/2009\|19:25] C:\Program Files\Common Files\Wise Installation Wizard --------------------\\ Process ( 54 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders No Lop folder found ! --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-27 17:58:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\PETERE~1\Recent\Total_Recorder_v4.x_Generic_Crack.zip.lnk [F:99][D:6]-> C:\DOCUME~1\PETERE~1\LOCALS~1\Temp [F:21][D:0]-> C:\DOCUME~1\PETERE~1\Cookies [F:825][D:9]-> C:\DOCUME~1\PETERE~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 27/03/2009\| 9:24 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 27/03/2009\|17:52 - Option : [2] 3 - "C:\Lop SD\LopR_3.txt" - 27/03/2009\|18:06 - Option : [2] --------------------\\ Scan completed at 18:06:09 ComboFix 09-03-26.03 - Peter 2009-03-27 18:19:39.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.122 [GMT 0:00] Running from: c:\documents and settings\Peter \Desktop\ComboFix.exe AV: Norton Internet Security 2006 On-access scanning disabled (Updated) FW: Norton Internet Security 2006 disabled FW: Norton Internet Worm Protection disabled * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\patchw32.dll c:\windows\pw32a.dll c:\windows\system32\_000096_.tmp.dll c:\windows\system32\_000099_.tmp.dll c:\windows\system32\_000109_.tmp.dll c:\windows\system32\_000120_.tmp.dll c:\windows\system32\_000122_.tmp.dll c:\windows\system32\_005487_.tmp.dll c:\windows\system32\_005488_.tmp.dll c:\windows\system32\_005489_.tmp.dll c:\windows\system32\_005490_.tmp.dll c:\windows\system32\_005497_.tmp.dll c:\windows\system32\_005498_.tmp.dll c:\windows\system32\_005499_.tmp.dll c:\windows\system32\_005500_.tmp.dll c:\windows\system32\_005502_.tmp.dll c:\windows\system32\_005503_.tmp.dll c:\windows\system32\_005506_.tmp.dll c:\windows\system32\_005507_.tmp.dll c:\windows\system32\_005510_.tmp.dll c:\windows\system32\_005511_.tmp.dll c:\windows\system32\_005513_.tmp.dll c:\windows\system32\_005516_.tmp.dll c:\windows\system32\_005517_.tmp.dll c:\windows\system32\_005522_.tmp.dll c:\windows\system32\_005524_.tmp.dll c:\windows\system32\_005527_.tmp.dll c:\windows\system32\_005529_.tmp.dll c:\windows\system32\_005530_.tmp.dll c:\windows\system32\_005531_.tmp.dll c:\windows\system32\_005532_.tmp.dll c:\windows\system32\_005533_.tmp.dll c:\windows\system32\_005536_.tmp.dll c:\windows\system32\_005537_.tmp.dll c:\windows\system32\_005538_.tmp.dll c:\windows\system32\_005539_.tmp.dll c:\windows\system32\_005540_.tmp.dll c:\windows\system32\_005545_.tmp.dll c:\windows\system32\_005547_.tmp.dll c:\windows\system32\_005548_.tmp.dll . ((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 ))))))))))))))))))))))))))))))) . 2009-03-27 17:05 . 2009-03-27 17:05d--------C:\_OTMoveIt 2009-03-27 09:14 . 2009-03-27 18:06d--------C:\Lop SD 2009-03-27 06:14 . 2009-03-27 06:14d--------c:\program files\Malwarebytes' Anti-Malware 2009-03-27 06:14 . 2009-03-27 06:14d--------c:\documents and settings\Peter \Application Data\Malwarebytes 2009-03-27 06:14 . 2009-03-27 06:14d--------c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-27 06:14 . 2009-03-26 16:4938,496--a------c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-27 06:14 . 2009-03-26 16:4915,504--a------c:\windows\system32\drivers\mbam.sys 2009-03-26 19:26 . 2009-03-26 19:26d--------c:\program files\SUPERAntiSpyware 2009-03-26 19:26 . 2009-03-26 19:26d--------c:\documents and settings\Peter \Application Data\SUPERAntiSpyware.com 2009-03-26 19:26 . 2009-03-26 19:26d--------c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-03-26 19:25 . 2009-03-26 19:25d--------c:\program files\Common Files\Wise Installation Wizard 2009-03-26 19:06 . 2009-03-26 19:06d--------c:\program files\CCleaner 2009-03-25 19:12 . 2009-03-27 07:06d--------c:\program files\Lavasoft 2009-03-23 20:44 . 2009-03-23 21:32d-a------c:\documents and settings\All Users\Application Data\TEMP 2009-03-23 20:07 . 2009-03-23 20:0914,417,922--a------C:\SYM_REGISTRY_BACKUP.reg 2009-03-21 20:49 . 2009-03-27 07:07d--------c:\program files\Enigma Software Group 2009-03-21 18:00 . 2009-03-21 18:22d--------c:\documents and settings\Peter\.housecall6.6 2009-03-21 17:22 . 2009-03-21 17:22d--------c:\windows\Sun 2009-03-21 17:21 . 2009-03-21 17:20410,984--a------c:\windows\system32\deploytk.dll 2009-03-21 17:21 . 2009-03-21 17:2073,728--a------c:\windows\system32\javacpl.cpl 2009-03-21 17:20 . 2009-03-21 17:20d--------c:\program files\Java 2009-03-18 20:12 . 2001-01-20 11:43712,704--a------c:\windows\system32\_ISource21.dll 2009-03-18 20:12 . 2004-10-08 12:15278,016--a------c:\windows\system32\aisExif.dll 2009-03-18 20:12 . 2004-12-06 09:27231,139--a------c:\windows\system32\BtnPlus1.ocx 2009-03-18 20:12 . 1999-10-30 02:00167,936--a------c:\windows\system32\ccrpftv6.ocx 2009-03-18 20:12 . 1996-02-11 01:42113,664--a------c:\windows\system32\APIGID32.DLL 2009-03-18 20:12 . 2001-07-28 11:4757,344--a------c:\windows\system32\mp3SpecX4.dll 2009-03-18 20:12 . 2001-12-07 11:4144,752--a------c:\windows\system32\FMDROP32.OCX 2009-03-18 20:12 . 2000-02-03 08:3039,424--a------c:\windows\system32\rpiAccessProcess.dll 2009-03-18 20:11 . 2004-03-09 00:00224,016--a------c:\windows\system32\TABCTL32.OCX 2009-03-18 20:11 . 2004-03-09 00:00212,240--a------c:\windows\system32\RICHTX32.OCX 2009-03-18 20:11 . 2004-12-06 11:22178,889--a------c:\windows\system32\FraPlus1.ocx 2009-03-18 20:11 . 1999-08-11 13:21129,024--a------c:\windows\system32\vdgt.ocx 2009-03-18 20:11 . 2001-12-07 11:4176,496--a------c:\windows\system32\mftp32.ocx 2009-03-18 20:11 . 1998-01-25 12:5465,536--a------c:\windows\system32\sblist.ocx 2009-03-18 20:07 . 2009-03-18 20:12d--------c:\program files\Creative Element Power Tools 2009-03-18 18:43 . 2009-03-18 18:43d--------c:\documents and settings\Administrator 2009-03-18 17:34 . 2009-03-27 07:06d--------c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-16 11:16 . 2009-03-21 11:1979,515,096--a------C:\SYM_REGISTRY_BACKUP.old 2009-02-28 09:34 . 2009-02-28 09:34d--------c:\program files\Common Files\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-27 18:240----a-wc:\windows\system32\drivers\lvuvc.hs 2009-03-27 18:09---------d-----wc:\program files\BitComet 2009-03-27 06:16---------d-----wc:\program files\Common Files\Symantec Shared 2009-03-24 18:27---------d-----wc:\documents and settings\Peter\Application Data\Skype 2009-03-24 17:13---------d-----wc:\documents and settings\Peter\Application Data\skypePM 2009-03-21 07:08---------d-----wc:\program files\Norton Ghost 2009-03-16 10:19---------d-----wc:\program files\Norton Internet Security 2009-03-16 06:30---------d-----wc:\documents and settings\All Users\Application Data\Symantec 2009-03-14 08:05---------d-----wc:\program files\Common Files\Adobe 2009-02-28 09:34---------d-----wc:\documents and settings\All Users\Application Data\Skype 2009-02-28 09:34---------d-----rc:\program files\Skype 2009-02-15 10:29---------d-----wc:\program files\Steinberg 2009-02-14 08:14---------d-----wc:\program files\Uniblue 2009-02-14 08:14---------d-----wc:\program files\SpeedupmyPC 2009-02-14 08:14---------d-----wc:\documents and settings\Peter\Application Data\uniblue 2009-02-14 08:11---------d-----wc:\documents and settings\All Users\Application Data\WinZip 2009-02-13 19:56---------d-----wc:\program files\Reference Assemblies 2009-02-13 19:56---------d-----wc:\program files\MSBuild 2009-02-08 10:37---------d-----wc:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-05 12:35---------d-----wc:\documents and settings\Peter\Application Data\vlc 2009-02-05 12:28---------d-----wc:\program files\VideoLAN 2009-02-01 08:47---------d-----wc:\program files\DU Meter 2009-02-01 08:35---------d-----wc:\documents and settings\All Users\Application Data\Hagel Technologies . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088] "DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2009-02-01 2645528] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-04 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 53096] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2007-04-10 1537640] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 148888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-05-11 441120] c:\documents and settings\Peter\Start Menu\Programs\Startup\ Creative Element Power Tools Startup.lnk - c:\program files\Creative Element Power Tools\Startup.exe [2009-03-18 257192] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Nike+ Utility.lnk - c:\program files\Nike+ Utility\Nike+ Utility.exe [2008-04-30 1228800] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"= DrvTrNTm.dll "wave"= DrvTrNTm.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O] --a------ 2005-05-11 02:46 200069 c:\program files\Syncrosoft\POS\H2O\cledx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2009-01-06 13:06 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5200 series] --a------ 2004-06-04 09:58 57344 c:\program files\Lexmark 5200 Series\lxbtbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-14 00:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0] --a------ 2007-04-10 12:01 1537640 c:\program files\Norton Ghost\Agent\GhostTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-08-07 00:05 200704 c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2009-01-04 13:09 39408 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler] --a------ 2003-05-08 23:27 81920 c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC] --a------ 2007-10-22 10:13 9438488 c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "14709:TCP"= 14709:TCP:BitComet 14709 TCP "14709:UDP"= 14709:UDP:BitComet 14709 UDP R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944] R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2009-02-01 1386008] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-01-25 33792] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936] S3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys [2009-01-24 30848] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408] --- Other Services/Drivers In Memory --- NewlyCreated - COMHOST . Contents of the 'Scheduled Tasks' folder 2009-03-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] 2009-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-03-21 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Peter.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-23 12:13] 2009-03-16 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13] 2009-02-14 c:\windows\Tasks\Uniblue SpeedUpMyPC.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hotmail.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-27 18:26:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc] "ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}] @Denied: (A 2 3) (Everyone) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\InProcServer32] @="%SystemRoot%\\Explorer.exe" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\ProgID] @="DAO.Client" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\TypeLib] @="{C8618CE4-0468-2079-8336-66696B6B6E75}" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(752) c:\program files\SUPERAntiSpyware\SASWINLO.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE c:\program files\Common Files\Symantec Shared\CCPROXY.EXE c:\program files\Common Files\Symantec Shared\SNDSrvc.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\M-Audio Fast Track\GBInst.exe c:\windows\system32\gearsec.exe c:\program files\Norton Ghost\Agent\VProSvc.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . ********************************************************************** . Completion time: 2009-03-27 18:29:57 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-27 18:29:54 Pre-Run: 41,062,494,208 bytes free Post-Run: 41,076,527,104 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 292--- E O F ---2009-03-11 07:42:39 Quote -------------------\\ Cracks & Keygens .. C:\DOCUME~1\PETERE~1\Recent\Total_Recorder_v4.x_Generic_Crack.zip.lnk I'm not going to insist you remove this but do be aware that probable over 75% of cracks contain some form of malware and is likely the source of your problems. The people who host these are CROOKS. How can you trust them? Unistall LOP S&D Click START then RUN Now type C:\Lop SD\Uninstal.exe in the runbox. Then click OK. ---------- Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. The above procedure will: Delete the following: ComboFix and its associated files and folders. Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Set a new, clean Restore Point. . ---------- Use the Kaspersky Lab Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator. Click on SCAN NOW Click Accept. The program will then begin downloading the latest definition files. Once the files have been downloaded locate the Scan Settings and have it scan My Computer. The scan will take a while, so be patient and let it finish. When the scan is done, in the Scan is complete window, any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As Next, in the Save as prompt, Save in area, select: Desktop. In the File name area use KScan, or something SIMILAR. In Save as type: click the drop arrow and select: Text file [.txt]* Then, click: Save Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. Hi evilfantasy, yes I'll happily remove that crack file! And here is the Kaspersky log: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Saturday, March 28, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, March 28, 2009 08:21:47 Records in database: 1980471 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ E:\ Scan statistics: Files scanned: 54191 Threat name: 1 Infected objects: 2 Suspicious objects: 0 Duration of the scan: 02:24:33 File name / Threat name / Threats count C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{2294E92E-64C5-4AF2-BF01-297EE7005EFE}\Microsoft\Outlook Express\Deleted Items.bakInfected: Trojan-Spy.HTML.Paylap.fa1 C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{2294E92E-64C5-4AF2-BF01-297EE7005EFE}\Microsoft\Outlook Express\Deleted Items.dbxInfected: Trojan-Spy.HTML.Paylap.fa1 The selected area was scanned. Empty the Outlook Express deleted items folder. How is the computer running now? You can find free alternatives to almost any software made. This list has some very good picks for all types of software and everything listed in it is 100% free for home use.Done - and in answer to your question, it runs like a brand new car, but without that new car smell. You sir are a prince among men! (Or if female, the princess thing). Many many thanks!Quote from: Arbeloa on March 28, 2009, 10:06:10 AM it runs like a brand new car, but without that new car smell. Click here OK time to finish up. Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.All this and a fine smelling computer too - thanks again!

Answer»

Hi,

I wonder if any of you kind people can help me. I have the W32.SillyFDC virus which I am rather keen to divest myself of. I have followed the steps in the sticky thread and here are the logs:

Superantispyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/26/2009 at 09:30 PM

Application Version : 4.26.1000

Core Rules Database Version : 3816
Trace Rules Database Version: 1770

Scan type : Complete Scan
Total Scan Time : 01:56:24

Memory items scanned : 567
Memory threats detected : 0
Registry items scanned : 5870
Registry threats detected : 2
File items scanned : 91369
File threats detected : 7

Trojan.DNS-Changer (Hi-Jacked DNS)
HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{FB776DD5-73D3-4AB5-BE59-060B53EB92BE}#NAMESERVER
HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS\INTERFACES\{FB776DD5-73D3-4AB5-BE59-060B53EB92BE}#NAMESERVER

Adware.GloboLook
C:\DOCUMENTS AND SETTINGS\PETER\MY DOCUMENTS\P'S WORK\NEW WEB PAGES\ICONS\MISCA96[1].ICO
F:\BACK UP FEB 5 2009\MY DOCS 7 FEB\P'S WORK\NEW WEB PAGES\ICONS\MISCA96[1].ICO
F:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1559\A0385485.ICO
F:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1559\A0385537.ICO
F:\SYSTEM VOLUME INFORMATION\_RESTORE{4F1BD45F-C19C-4BED-B198-221788B46FCC}\RP63\A0026526.ICO
F:\BACK UP JAN 2 2009\MY DOCUMENTS BACK UP\P'S WORK\NEW WEB PAGES\ICONS\MISCA96[1].ICO

Trojan.VXGame-Variant/D
C:\PROGRAM FILES\HIGHCRITERIA\TOTALRECORDER\TOTAL.RECORDER.4.X.GENERIC.CRACK-CHECKSUM_BAD.EXE

Malwarebyte's

Malwarebytes' Anti-Malware 1.35
Database version: 1904
Windows 5.1.2600 Service Pack 3

27/03/2009 06:30:39
mbam-log-2009-03-27 (06-30-39).txt

Scan type: Quick Scan
Objects scanned: 74803
Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.147,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.147,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.147,85.255.112.103 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hijack This (Incidentally i couldn't rename this as I couldn't find the Program files and it's not in the Start menu)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:45:09, on 27/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nike+ Utility\Nike+ Utility.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Peter\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Groove GFS BROWSER Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar NOTIFIER BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user')
O4 - Startup: Creative Element Power Tools Startup.lnk = C:\Program Files\Creative Element Power Tools\Startup.exe
O4 - Global Startup: Nike+ Utility.lnk = C:\Program Files\Nike+ Utility\Nike+ Utility.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231069239312
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1237655938916&h=0d5fe288dbf8eb198d9bb1f51db06acf/&filename=jinstall-6u12-windows-i586-jc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/PETERE~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 13562 bytes

All help very gratefully received! (I'm running Windows XP and Norton Antivirus).

Many thanks.Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User \'LOCAL SERVICE\')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User \'NETWORK SERVICE\')
.
Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Download Lop S&D by Eric_71 and save it to your Desktop. Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. If needed see: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click LopSD.exe - If you are using Windows Vista, right-click on the LopSD icon and select Run as administrator to perform this scan.

Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window
Type 1, to choose Option 1 (Search) then press Enter
Wait until the end of the scan
A report will be generated, post the contents of it in your next reply.

.
A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt
Many thanks indeed for your help evilfantasy, here is the log:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A07
USER : Peter ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2006 2006 (Not Activated)
Firewall : Norton Internet Security 2006 2006 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:38 Go)
D:\ (USB) - FAT - Total:1967 Mo (Free:1 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - FAT32 - Total:232 Go (Free:9 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 27/03/2009| 9:20 )

--------------------\\ Listing folders in APPLIC~1

[04/01/2009|10:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[25/01/2009|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[27/03/2009|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\~0
[14/03/2009|08:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[25/01/2009|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[25/01/2009|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[04/01/2009|13:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/02/2009|08:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hagel Technologies
[25/03/2009|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[27/03/2009|06:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[15/02/2009|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[08/02/2009|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[04/01/2009|16:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[28/02/2009|09:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[26/03/2009|19:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[16/03/2009|06:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[23/03/2009|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[04/01/2009|11:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[14/02/2009|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip

[04/01/2009|10:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[11/01/2009|08:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[04/01/2009|11:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[05/01/2009|15:38] C:\DOCUME~1\PETERE~1\APPLIC~1\Adobe
[25/01/2009|13:06] C:\DOCUME~1\PETERE~1\APPLIC~1\Apple Computer
[04/01/2009|14:23] C:\DOCUME~1\PETERE~1\APPLIC~1\Google
[04/01/2009|11:08] C:\DOCUME~1\PETERE~1\APPLIC~1\Identities
[04/01/2009|14:58] C:\DOCUME~1\PETERE~1\APPLIC~1\Macromedia
[27/03/2009|06:14] C:\DOCUME~1\PETERE~1\APPLIC~1\Malwarebytes
[05/03/2009|19:52] C:\DOCUME~1\PETERE~1\APPLIC~1\Microsoft
[24/03/2009|18:27] C:\DOCUME~1\PETERE~1\APPLIC~1\Skype
[24/03/2009|17:13] C:\DOCUME~1\PETERE~1\APPLIC~1\skypePM
[25/01/2009|08:00] C:\DOCUME~1\PETERE~1\APPLIC~1\Steinberg
[21/03/2009|17:18] C:\DOCUME~1\PETERE~1\APPLIC~1\Sun
[26/03/2009|19:26] C:\DOCUME~1\PETERE~1\APPLIC~1\SUPERAntiSpyware.com
[10/01/2009|12:53] C:\DOCUME~1\PETERE~1\APPLIC~1\Symantec
[14/02/2009|08:14] C:\DOCUME~1\PETERE~1\APPLIC~1\uniblue
[05/02/2009|12:35] C:\DOCUME~1\PETERE~1\APPLIC~1\vlc

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[25/03/2009 19:23][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[16/03/2009 10:51][--a------] C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[14/02/2009 08:14][--a------] C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
[24/03/2009 16:37][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[21/03/2009 00:22][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Peter.job
[27/03/2009 06:34][--ah-----] C:\WINDOWS\tasks\SA.DAT
[16/07/2003 20:36][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[25/01/2009|07:19] C:\Program Files\7-Zip
[14/03/2009|08:05] C:\Program Files\Adobe
[04/01/2009|11:34] C:\Program Files\Analog Devices
[25/01/2009|11:18] C:\Program Files\Apple Software Update
[27/03/2009|09:16] C:\Program Files\BitComet
[25/01/2009|11:22] C:\Program Files\Bonjour
[26/03/2009|19:06] C:\Program Files\CCleaner
[26/03/2009|19:25] C:\Program Files\Common Files
[04/01/2009|10:46] C:\Program Files\ComPlus Applications
[04/01/2009|12:58] C:\Program Files\CONEXANT
[18/03/2009|20:12] C:\Program Files\Creative Element Power Tools
[01/02/2009|08:47] C:\Program Files\DU Meter
[27/03/2009|07:07] C:\Program Files\Enigma Software Group
[04/01/2009|19:06] C:\Program Files\GenoPro
[04/01/2009|13:09] C:\Program Files\Google
[04/01/2009|18:23] C:\Program Files\HighCriteria
[18/01/2009|16:41] C:\Program Files\InstallShield Installation Information
[04/01/2009|11:36] C:\Program Files\Intel
[14/02/2009|08:35] C:\Program Files\Internet Explorer
[25/01/2009|11:25] C:\Program Files\iPod
[25/01/2009|11:26] C:\Program Files\iTunes
[21/03/2009|17:20] C:\Program Files\Java
[25/03/2009|19:12] C:\Program Files\Lavasoft
[04/01/2009|12:54] C:\Program Files\Lexmark 5200 Series
[27/03/2009|06:14] C:\Program Files\Malwarebytes' Anti-Malware
[24/01/2009|09:28] C:\Program Files\M-Audio Fast Track
[06/01/2009|20:24] C:\Program Files\Messenger
[04/01/2009|11:01] C:\Program Files\microsoft frontpage
[04/01/2009|13:18] C:\Program Files\Microsoft Office
[04/01/2009|13:32] C:\Program Files\Microsoft Visual Studio
[04/01/2009|13:34] C:\Program Files\Microsoft Works
[06/01/2009|20:18] C:\Program Files\Movie Maker
[13/02/2009|19:56] C:\Program Files\MSBuild
[04/01/2009|10:45] C:\Program Files\MSN
[04/01/2009|10:45] C:\Program Files\MSN Gaming Zone
[06/01/2009|20:14] C:\Program Files\NetMeeting
[04/01/2009|17:27] C:\Program Files\Nike+ Utility
[21/03/2009|07:08] C:\Program Files\Norton Ghost
[16/03/2009|10:19] C:\Program Files\Norton Internet Security
[04/01/2009|16:27] C:\Program Files\NOS
[04/01/2009|10:47] C:\Program Files\Online Services
[06/01/2009|20:14] C:\Program Files\Outlook Express
[04/01/2009|12:59] C:\Program Files\PowerISO
[25/01/2009|11:21] C:\Program Files\QuickTime
[13/02/2009|19:56] C:\Program Files\Reference Assemblies
[28/02/2009|09:34] C:\Program Files\Skype
[14/02/2009|08:14] C:\Program Files\SpeedupmyPC
[15/02/2009|10:29] C:\Program Files\Steinberg
[26/03/2009|19:26] C:\Program Files\SUPERAntiSpyware
[06/01/2009|06:28] C:\Program Files\Symantec
[25/01/2009|07:44] C:\Program Files\Syncrosoft
[04/01/2009|17:26] C:\Program Files\TClockEx
[14/02/2009|08:14] C:\Program Files\Uniblue
[04/01/2009|11:08] C:\Program Files\Uninstall Information
[05/02/2009|12:28] C:\Program Files\VideoLAN
[07/01/2009|10:27] C:\Program Files\Windows Desktop Search
[06/01/2009|21:25] C:\Program Files\Windows Media Connect 2
[06/01/2009|21:25] C:\Program Files\Windows Media Player
[06/01/2009|20:14] C:\Program Files\Windows NT
[04/01/2009|11:41] C:\Program Files\WindowsUpdate
[14/02/2009|08:10] C:\Program Files\WinZip
[04/01/2009|11:01] C:\Program Files\xerox
[04/01/2009|15:27] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[14/03/2009|08:05] C:\Program Files\Common Files\Adobe
[04/01/2009|15:04] C:\Program Files\Common Files\Adobe AIR
[25/01/2009|11:25] C:\Program Files\Common Files\Apple
[04/01/2009|13:32] C:\Program Files\Common Files\DESIGNER
[24/01/2009|09:27] C:\Program Files\Common Files\InstallShield
[04/01/2009|12:59] C:\Program Files\Common Files\logishrd
[04/01/2009|13:33] C:\Program Files\Common Files\Microsoft Shared
[04/01/2009|10:46] C:\Program Files\Common Files\MSSoap
[04/01/2009|10:37] C:\Program Files\Common Files\ODBC
[04/01/2009|10:47] C:\Program Files\Common Files\Services
[28/02/2009|09:34] C:\Program Files\Common Files\Skype
[04/01/2009|10:37] C:\Program Files\Common Files\SpeechEngines
[27/03/2009|06:16] C:\Program Files\Common Files\Symantec Shared
[06/01/2009|20:14] C:\Program Files\Common Files\System
[26/03/2009|19:25] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 48 Processes )

iexplore.exe ~ [PID:1044]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\PETERE~1\Cookies\[emailprotected][1].txt
C:\DOCUME~1\PETERE~1\Cookies\[emailprotected][1].txt
C:\DOCUME~1\PETERE~1\Cookies\[emailprotected][1].txt
C:\DOCUME~1\PETERE~1\Cookies\[emailprotected][1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 09:19:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 09:22:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\PETERE~1\Favorites\SpyHunter Security Suite v3.4.9+Crack-HeartBug (download torrent) - TPB.url
C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG
C:\DOCUME~1\PETERE~1\My Documents\Software\Total Recorder 4.2 Pro. with crack.Sfx.exe
C:\DOCUME~1\PETERE~1\My Documents\Software\Total Recorder 4.3 + Keygen.exe
C:\DOCUME~1\PETERE~1\My Documents\Software\Total_Recorder_v4.x_Generic_Crack.zip
C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\keygen.exe
C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\setup.exe
C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\ssg.nfo
C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\Torrent downloaded from Demonoid.com.txt

[F:104][D:9]-> C:\DOCUME~1\PETERE~1\LOCALS~1\Temp
[F:409][D:0]-> C:\DOCUME~1\PETERE~1\Cookies
[F:1336][D:5]-> C:\DOCUME~1\PETERE~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 27/03/2009| 9:24 - Option : [1]

--------------------\\ Scan completed at 9:24:32
You are going to have to remove the cracks before I can continue helping.

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]:Processes
explorer.exe

:services

:reg

:files
C:\DOCUME~1\PETERE~1\Favorites\SpyHunter Security Suite v3.4.9+Crack-HeartBug (download torrent) - TPB.url
C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG
C:\DOCUME~1\PETERE~1\My Documents\Software\Total Recorder 4.2 Pro. with crack.Sfx.exe
C:\DOCUME~1\PETERE~1\My Documents\Software\Total Recorder 4.3 + Keygen.exe
C:\DOCUME~1\PETERE~1\My Documents\Software\Total_Recorder_v4.x_Generic_Crack.zip
C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\keygen.exe
C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\setup.exe
C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\ssg.nfo
C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\Torrent downloaded from Demonoid.com.txt

:Commands
[purity]
[emptytemp]
[start explorer]
[REBOOT]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.Here it is evilfantasy (after reboot)...

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\DOCUME~1\PETERE~1\Favorites\SpyHunter Security Suite v3.4.9+Crack-HeartBug (download torrent) - TPB.url not found.
C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG moved successfully.
C:\DOCUME~1\PETERE~1\My Documents\Software\Total Recorder 4.2 Pro. with crack.Sfx.exe moved successfully.
C:\DOCUME~1\PETERE~1\My Documents\Software\Total Recorder 4.3 + Keygen.exe moved successfully.
C:\DOCUME~1\PETERE~1\My Documents\Software\Total_Recorder_v4.x_Generic_Crack.zip moved successfully.
File/Folder C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\keygen.exe not found.
File/Folder C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\setup.exe not found.
File/Folder C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\ssg.nfo not found.
File/Folder C:\DOCUME~1\PETERE~1\My Documents\Software\Corel.Paint.Shop.Pro.Photo.XI.v11.0.Incl.Keygen-SSG\Torrent downloaded from Demonoid.com.txt not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\PETERE~1\LOCALS~1\Temp\Perflib_Perfdata_844.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PETERE~1\LOCALS~1\Temp\~DFA191.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PETERE~1\LOCALS~1\Temp\~DFA1A4.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03272009_170508

Files moved on Reboot...
File C:\DOCUME~1\PETERE~1\LOCALS~1\Temp\Perflib_Perfdata_844.dat not found!
File C:\DOCUME~1\PETERE~1\LOCALS~1\Temp\~DFA191.tmp not found!
File C:\DOCUME~1\PETERE~1\LOCALS~1\Temp\~DFA1A4.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat moved successfully.
Thank you.

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.

Double click LopSD.exe - If you are using Windows Vista, right-click on the LopSD icon and select Run as administrator to perform this scan.

Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window.
Type 2 to choose Option 2 (Delete with Hosts File Restore), then press Enter
Wait until the end of the scan.
A report will be generated, post the contents of it in your next reply.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFixHi evilfantasy (and many thanks again for all this!), here are the logs:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A07
USER : Peter ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2006 2006 (Not Activated)
Firewall : Norton Internet Security 2006 2006 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:38 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 27/03/2009|17:55 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing folders in APPLIC~1

[04/01/2009|10:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[25/01/2009|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[14/03/2009|08:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[25/01/2009|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[25/01/2009|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[04/01/2009|13:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/02/2009|08:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hagel Technologies
[27/03/2009|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[27/03/2009|06:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[15/02/2009|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[08/02/2009|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[04/01/2009|16:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[28/02/2009|09:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[26/03/2009|19:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[16/03/2009|06:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[23/03/2009|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[04/01/2009|11:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[14/02/2009|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip

[04/01/2009|10:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[11/01/2009|08:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[04/01/2009|11:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[05/01/2009|15:38] C:\DOCUME~1\PETERE~1\APPLIC~1\Adobe
[25/01/2009|13:06] C:\DOCUME~1\PETERE~1\APPLIC~1\Apple Computer
[04/01/2009|14:23] C:\DOCUME~1\PETERE~1\APPLIC~1\Google
[04/01/2009|11:08] C:\DOCUME~1\PETERE~1\APPLIC~1\Identities
[04/01/2009|14:58] C:\DOCUME~1\PETERE~1\APPLIC~1\Macromedia
[27/03/2009|06:14] C:\DOCUME~1\PETERE~1\APPLIC~1\Malwarebytes
[05/03/2009|19:52] C:\DOCUME~1\PETERE~1\APPLIC~1\Microsoft
[24/03/2009|18:27] C:\DOCUME~1\PETERE~1\APPLIC~1\Skype
[24/03/2009|17:13] C:\DOCUME~1\PETERE~1\APPLIC~1\skypePM
[25/01/2009|08:00] C:\DOCUME~1\PETERE~1\APPLIC~1\Steinberg
[21/03/2009|17:18] C:\DOCUME~1\PETERE~1\APPLIC~1\Sun
[26/03/2009|19:26] C:\DOCUME~1\PETERE~1\APPLIC~1\SUPERAntiSpyware.com
[10/01/2009|12:53] C:\DOCUME~1\PETERE~1\APPLIC~1\Symantec
[14/02/2009|08:14] C:\DOCUME~1\PETERE~1\APPLIC~1\uniblue
[05/02/2009|12:35] C:\DOCUME~1\PETERE~1\APPLIC~1\vlc

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[25/03/2009 19:23][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[16/03/2009 10:51][--a------] C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[14/02/2009 08:14][--a------] C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
[24/03/2009 16:37][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[21/03/2009 00:22][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Peter.job
[27/03/2009 17:43][--ah-----] C:\WINDOWS\tasks\SA.DAT
[16/07/2003 20:36][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[25/01/2009|07:19] C:\Program Files\7-Zip
[14/03/2009|08:05] C:\Program Files\Adobe
[04/01/2009|11:34] C:\Program Files\Analog Devices
[25/01/2009|11:18] C:\Program Files\Apple Software Update
[27/03/2009|16:59] C:\Program Files\BitComet
[25/01/2009|11:22] C:\Program Files\Bonjour
[26/03/2009|19:06] C:\Program Files\CCleaner
[26/03/2009|19:25] C:\Program Files\Common Files
[04/01/2009|10:46] C:\Program Files\ComPlus Applications
[04/01/2009|12:58] C:\Program Files\CONEXANT
[18/03/2009|20:12] C:\Program Files\Creative Element Power Tools
[01/02/2009|08:47] C:\Program Files\DU Meter
[27/03/2009|07:07] C:\Program Files\Enigma Software Group
[04/01/2009|19:06] C:\Program Files\GenoPro
[04/01/2009|13:09] C:\Program Files\Google
[04/01/2009|18:23] C:\Program Files\HighCriteria
[18/01/2009|16:41] C:\Program Files\InstallShield Installation Information
[04/01/2009|11:36] C:\Program Files\Intel
[14/02/2009|08:35] C:\Program Files\Internet Explorer
[25/01/2009|11:25] C:\Program Files\iPod
[25/01/2009|11:26] C:\Program Files\iTunes
[21/03/2009|17:20] C:\Program Files\Java
[27/03/2009|07:06] C:\Program Files\Lavasoft
[04/01/2009|12:54] C:\Program Files\Lexmark 5200 Series
[27/03/2009|06:14] C:\Program Files\Malwarebytes' Anti-Malware
[24/01/2009|09:28] C:\Program Files\M-Audio Fast Track
[06/01/2009|20:24] C:\Program Files\Messenger
[04/01/2009|11:01] C:\Program Files\microsoft frontpage
[04/01/2009|13:18] C:\Program Files\Microsoft Office
[04/01/2009|13:32] C:\Program Files\Microsoft Visual Studio
[04/01/2009|13:34] C:\Program Files\Microsoft Works
[06/01/2009|20:18] C:\Program Files\Movie Maker
[13/02/2009|19:56] C:\Program Files\MSBuild
[04/01/2009|10:45] C:\Program Files\MSN
[04/01/2009|10:45] C:\Program Files\MSN Gaming Zone
[06/01/2009|20:14] C:\Program Files\NetMeeting
[04/01/2009|17:27] C:\Program Files\Nike+ Utility
[21/03/2009|07:08] C:\Program Files\Norton Ghost
[16/03/2009|10:19] C:\Program Files\Norton Internet Security
[04/01/2009|16:27] C:\Program Files\NOS
[04/01/2009|10:47] C:\Program Files\Online Services
[06/01/2009|20:14] C:\Program Files\Outlook Express
[04/01/2009|12:59] C:\Program Files\PowerISO
[25/01/2009|11:21] C:\Program Files\QuickTime
[13/02/2009|19:56] C:\Program Files\Reference Assemblies
[28/02/2009|09:34] C:\Program Files\Skype
[14/02/2009|08:14] C:\Program Files\SpeedupmyPC
[15/02/2009|10:29] C:\Program Files\Steinberg
[26/03/2009|19:26] C:\Program Files\SUPERAntiSpyware
[06/01/2009|06:28] C:\Program Files\Symantec
[25/01/2009|07:44] C:\Program Files\Syncrosoft
[04/01/2009|17:26] C:\Program Files\TClockEx
[14/02/2009|08:14] C:\Program Files\Uniblue
[04/01/2009|11:08] C:\Program Files\Uninstall Information
[05/02/2009|12:28] C:\Program Files\VideoLAN
[07/01/2009|10:27] C:\Program Files\Windows Desktop Search
[06/01/2009|21:25] C:\Program Files\Windows Media Connect 2
[06/01/2009|21:25] C:\Program Files\Windows Media Player
[06/01/2009|20:14] C:\Program Files\Windows NT
[04/01/2009|11:41] C:\Program Files\WindowsUpdate
[14/02/2009|08:10] C:\Program Files\WinZip
[04/01/2009|11:01] C:\Program Files\xerox
[04/01/2009|15:27] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[14/03/2009|08:05] C:\Program Files\Common Files\Adobe
[04/01/2009|15:04] C:\Program Files\Common Files\Adobe AIR
[25/01/2009|11:25] C:\Program Files\Common Files\Apple
[04/01/2009|13:32] C:\Program Files\Common Files\DESIGNER
[24/01/2009|09:27] C:\Program Files\Common Files\InstallShield
[04/01/2009|12:59] C:\Program Files\Common Files\logishrd
[04/01/2009|13:33] C:\Program Files\Common Files\Microsoft Shared
[04/01/2009|10:46] C:\Program Files\Common Files\MSSoap
[04/01/2009|10:37] C:\Program Files\Common Files\ODBC
[04/01/2009|10:47] C:\Program Files\Common Files\Services
[28/02/2009|09:34] C:\Program Files\Common Files\Skype
[04/01/2009|10:37] C:\Program Files\Common Files\SpeechEngines
[27/03/2009|06:16] C:\Program Files\Common Files\Symantec Shared
[06/01/2009|20:14] C:\Program Files\Common Files\System
[26/03/2009|19:25] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 54 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 17:58:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\PETERE~1\Recent\Total_Recorder_v4.x_Generic_Crack.zip.lnk

[F:99][D:6]-> C:\DOCUME~1\PETERE~1\LOCALS~1\Temp
[F:21][D:0]-> C:\DOCUME~1\PETERE~1\Cookies
[F:825][D:9]-> C:\DOCUME~1\PETERE~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 27/03/2009| 9:24 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 27/03/2009|17:52 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 27/03/2009|18:06 - Option : [2]

--------------------\\ Scan completed at 18:06:09

ComboFix 09-03-26.03 - Peter 2009-03-27 18:19:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.122 [GMT 0:00]
Running from: c:\documents and settings\Peter \Desktop\ComboFix.exe
AV: Norton Internet Security 2006 *On-access scanning disabled* (Updated)
FW: Norton Internet Security 2006 *disabled*
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\system32\_000096_.tmp.dll
c:\windows\system32\_000099_.tmp.dll
c:\windows\system32\_000109_.tmp.dll
c:\windows\system32\_000120_.tmp.dll
c:\windows\system32\_000122_.tmp.dll
c:\windows\system32\_005487_.tmp.dll
c:\windows\system32\_005488_.tmp.dll
c:\windows\system32\_005489_.tmp.dll
c:\windows\system32\_005490_.tmp.dll
c:\windows\system32\_005497_.tmp.dll
c:\windows\system32\_005498_.tmp.dll
c:\windows\system32\_005499_.tmp.dll
c:\windows\system32\_005500_.tmp.dll
c:\windows\system32\_005502_.tmp.dll
c:\windows\system32\_005503_.tmp.dll
c:\windows\system32\_005506_.tmp.dll
c:\windows\system32\_005507_.tmp.dll
c:\windows\system32\_005510_.tmp.dll
c:\windows\system32\_005511_.tmp.dll
c:\windows\system32\_005513_.tmp.dll
c:\windows\system32\_005516_.tmp.dll
c:\windows\system32\_005517_.tmp.dll
c:\windows\system32\_005522_.tmp.dll
c:\windows\system32\_005524_.tmp.dll
c:\windows\system32\_005527_.tmp.dll
c:\windows\system32\_005529_.tmp.dll
c:\windows\system32\_005530_.tmp.dll
c:\windows\system32\_005531_.tmp.dll
c:\windows\system32\_005532_.tmp.dll
c:\windows\system32\_005533_.tmp.dll
c:\windows\system32\_005536_.tmp.dll
c:\windows\system32\_005537_.tmp.dll
c:\windows\system32\_005538_.tmp.dll
c:\windows\system32\_005539_.tmp.dll
c:\windows\system32\_005540_.tmp.dll
c:\windows\system32\_005545_.tmp.dll
c:\windows\system32\_005547_.tmp.dll
c:\windows\system32\_005548_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 )))))))))))))))))))))))))))))))
.

2009-03-27 17:05 . 2009-03-27 17:05d--------C:\_OTMoveIt
2009-03-27 09:14 . 2009-03-27 18:06d--------C:\Lop SD
2009-03-27 06:14 . 2009-03-27 06:14d--------c:\program files\Malwarebytes' Anti-Malware
2009-03-27 06:14 . 2009-03-27 06:14d--------c:\documents and settings\Peter \Application Data\Malwarebytes
2009-03-27 06:14 . 2009-03-27 06:14d--------c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-27 06:14 . 2009-03-26 16:4938,496--a------c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 06:14 . 2009-03-26 16:4915,504--a------c:\windows\system32\drivers\mbam.sys
2009-03-26 19:26 . 2009-03-26 19:26d--------c:\program files\SUPERAntiSpyware
2009-03-26 19:26 . 2009-03-26 19:26d--------c:\documents and settings\Peter \Application Data\SUPERAntiSpyware.com
2009-03-26 19:26 . 2009-03-26 19:26d--------c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-26 19:25 . 2009-03-26 19:25d--------c:\program files\Common Files\Wise Installation Wizard
2009-03-26 19:06 . 2009-03-26 19:06d--------c:\program files\CCleaner
2009-03-25 19:12 . 2009-03-27 07:06d--------c:\program files\Lavasoft
2009-03-23 20:44 . 2009-03-23 21:32d-a------c:\documents and settings\All Users\Application Data\TEMP
2009-03-23 20:07 . 2009-03-23 20:0914,417,922--a------C:\SYM_REGISTRY_BACKUP.reg
2009-03-21 20:49 . 2009-03-27 07:07d--------c:\program files\Enigma Software Group
2009-03-21 18:00 . 2009-03-21 18:22d--------c:\documents and settings\Peter\.housecall6.6
2009-03-21 17:22 . 2009-03-21 17:22d--------c:\windows\Sun
2009-03-21 17:21 . 2009-03-21 17:20410,984--a------c:\windows\system32\deploytk.dll
2009-03-21 17:21 . 2009-03-21 17:2073,728--a------c:\windows\system32\javacpl.cpl
2009-03-21 17:20 . 2009-03-21 17:20d--------c:\program files\Java
2009-03-18 20:12 . 2001-01-20 11:43712,704--a------c:\windows\system32\_ISource21.dll
2009-03-18 20:12 . 2004-10-08 12:15278,016--a------c:\windows\system32\aisExif.dll
2009-03-18 20:12 . 2004-12-06 09:27231,139--a------c:\windows\system32\BtnPlus1.ocx
2009-03-18 20:12 . 1999-10-30 02:00167,936--a------c:\windows\system32\ccrpftv6.ocx
2009-03-18 20:12 . 1996-02-11 01:42113,664--a------c:\windows\system32\APIGID32.DLL
2009-03-18 20:12 . 2001-07-28 11:4757,344--a------c:\windows\system32\mp3SpecX4.dll
2009-03-18 20:12 . 2001-12-07 11:4144,752--a------c:\windows\system32\FMDROP32.OCX
2009-03-18 20:12 . 2000-02-03 08:3039,424--a------c:\windows\system32\rpiAccessProcess.dll
2009-03-18 20:11 . 2004-03-09 00:00224,016--a------c:\windows\system32\TABCTL32.OCX
2009-03-18 20:11 . 2004-03-09 00:00212,240--a------c:\windows\system32\RICHTX32.OCX
2009-03-18 20:11 . 2004-12-06 11:22178,889--a------c:\windows\system32\FraPlus1.ocx
2009-03-18 20:11 . 1999-08-11 13:21129,024--a------c:\windows\system32\vdgt.ocx
2009-03-18 20:11 . 2001-12-07 11:4176,496--a------c:\windows\system32\mftp32.ocx
2009-03-18 20:11 . 1998-01-25 12:5465,536--a------c:\windows\system32\sblist.ocx
2009-03-18 20:07 . 2009-03-18 20:12d--------c:\program files\Creative Element Power Tools
2009-03-18 18:43 . 2009-03-18 18:43d--------c:\documents and settings\Administrator
2009-03-18 17:34 . 2009-03-27 07:06d--------c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-16 11:16 . 2009-03-21 11:1979,515,096--a------C:\SYM_REGISTRY_BACKUP.old
2009-02-28 09:34 . 2009-02-28 09:34d--------c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 18:240----a-wc:\windows\system32\drivers\lvuvc.hs
2009-03-27 18:09---------d-----wc:\program files\BitComet
2009-03-27 06:16---------d-----wc:\program files\Common Files\Symantec Shared
2009-03-24 18:27---------d-----wc:\documents and settings\Peter\Application Data\Skype
2009-03-24 17:13---------d-----wc:\documents and settings\Peter\Application Data\skypePM
2009-03-21 07:08---------d-----wc:\program files\Norton Ghost
2009-03-16 10:19---------d-----wc:\program files\Norton Internet Security
2009-03-16 06:30---------d-----wc:\documents and settings\All Users\Application Data\Symantec
2009-03-14 08:05---------d-----wc:\program files\Common Files\Adobe
2009-02-28 09:34---------d-----wc:\documents and settings\All Users\Application Data\Skype
2009-02-28 09:34---------d-----rc:\program files\Skype
2009-02-15 10:29---------d-----wc:\program files\Steinberg
2009-02-14 08:14---------d-----wc:\program files\Uniblue
2009-02-14 08:14---------d-----wc:\program files\SpeedupmyPC
2009-02-14 08:14---------d-----wc:\documents and settings\Peter\Application Data\uniblue
2009-02-14 08:11---------d-----wc:\documents and settings\All Users\Application Data\WinZip
2009-02-13 19:56---------d-----wc:\program files\Reference Assemblies
2009-02-13 19:56---------d-----wc:\program files\MSBuild
2009-02-08 10:37---------d-----wc:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-05 12:35---------d-----wc:\documents and settings\Peter\Application Data\vlc
2009-02-05 12:28---------d-----wc:\program files\VideoLAN
2009-02-01 08:47---------d-----wc:\program files\DU Meter
2009-02-01 08:35---------d-----wc:\documents and settings\All Users\Application Data\Hagel Technologies
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2009-02-01 2645528]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 53096]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2007-04-10 1537640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-05-11 441120]

c:\documents and settings\Peter\Start Menu\Programs\Startup\
Creative Element Power Tools Startup.lnk - c:\program files\Creative Element Power Tools\Startup.exe [2009-03-18 257192]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Nike+ Utility.lnk - c:\program files\Nike+ Utility\Nike+ Utility.exe [2008-04-30 1228800]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
--a------ 2005-05-11 02:46 200069 c:\program files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-01-06 13:06 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5200 series]
--a------ 2004-06-04 09:58 57344 c:\program files\Lexmark 5200 Series\lxbtbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 00:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
--a------ 2007-04-10 12:01 1537640 c:\program files\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 00:05 200704 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2009-01-04 13:09 39408 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2003-05-08 23:27 81920 c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a------ 2007-10-22 10:13 9438488 c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14709:TCP"= 14709:TCP:BitComet 14709 TCP
"14709:UDP"= 14709:UDP:BitComet 14709 UDP

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2009-02-01 1386008]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-01-25 33792]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]
S3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys [2009-01-24 30848]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-03-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-21 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Peter.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-23 12:13]

2009-03-16 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13]

2009-02-14 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 18:26:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}]
@Denied: (A 2 3) (Everyone)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\InProcServer32]
@="%SystemRoot%\\Explorer.exe"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\ProgID]
@="DAO.Client"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\TypeLib]
@="{C8618CE4-0468-2079-8336-66696B6B6E75}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\M-Audio Fast Track\GBInst.exe
c:\windows\system32\gearsec.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2009-03-27 18:29:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-27 18:29:54

Pre-Run: 41,062,494,208 bytes free
Post-Run: 41,076,527,104 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

292--- E O F ---2009-03-11 07:42:39

Quote

-------------------\\ Cracks & Keygens ..

C:\DOCUME~1\PETERE~1\Recent\Total_Recorder_v4.x_Generic_Crack.zip.lnk

I'm not going to insist you remove this but do be aware that probable over 75% of cracks contain some form of malware and is likely the source of your problems. The people who host these are CROOKS. How can you trust them?

Unistall LOP S&D

Click START then RUN
Now type C:\Lop SD\Uninstal.exe in the runbox.

Then click OK.

----------

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

.
----------

Use the Kaspersky Lab Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

Click on SCAN NOW
Click Accept.
The program will then begin downloading the latest definition files.
Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop.
In the File name area use KScan, or something SIMILAR.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Hi evilfantasy, yes I'll happily remove that crack file! And here is the Kaspersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, March 28, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, March 28, 2009 08:21:47
Records in database: 1980471
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
E:\

Scan statistics:
Files scanned: 54191
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:24:33

File name / Threat name / Threats count
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{2294E92E-64C5-4AF2-BF01-297EE7005EFE}\Microsoft\Outlook Express\Deleted Items.bakInfected: Trojan-Spy.HTML.Paylap.fa1
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{2294E92E-64C5-4AF2-BF01-297EE7005EFE}\Microsoft\Outlook Express\Deleted Items.dbxInfected: Trojan-Spy.HTML.Paylap.fa1

The selected area was scanned.

Empty the Outlook Express deleted items folder.

How is the computer running now?

You can find free alternatives to almost any software made. This list has some very good picks for all types of software and everything listed in it is 100% free for home use.Done - and in answer to your question, it runs like a brand new car, but without that new car smell. You sir are a prince among men! (Or if female, the princess thing).

Many many thanks!Quote from: Arbeloa on March 28, 2009, 10:06:10 AM

it runs like a brand new car, but without that new car smell.

Click here

OK time to finish up.

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.All this and a fine smelling computer too - thanks again!

Solve : W32.SillyFDC?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment