Hi my pc has been running fine until today when I opened a file that I thought was from a friend and now I am having a few problems. every minute or so I am getting porn pop ups of different web addresses. I swear on my life that I have not been looking at these sites in order to get this virus / spyware. I opened an e.x.e file from an email attachment. I have run spybot and adaware they both picked up something called softomate and deleted it however, I am still getting the porn pop ups. Please help me heres my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 18:06:20, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\KJDV\KJVD.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\swdoctor.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\DARREN~1\LOCALS~1\Temp\Rar$EX00.906\Hi jackThis.exe

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Start.lnk = C:\WINDOWS\system32\kjdv\kjvd.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE9DC1ED-9404-4F7A-9704-535433B556E0}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Hi They generally ask you to place HJT in its own permanent folder intead of \Temp\, for backup reasons. Les

Thanks for the reply Les, but that doesn't really help me with the situation my friend ?

You are welcome. I guess you will wait for them to tell you & then wait again for them to come back instead of being ready to go. Les

Please do extract HJT to a permanent folder, especially since the possible bad files here are not clear... If we guess wrong, you will need the backups...

These are the 2 possibilities... On the first:

O4 - Startup: Start.lnk = C:\WINDOWS\system32\kjdv\kjvd.exe

I can't find any useful info... You can check Properties to see if it is from a recognizable program... If you can't tell, you can fix it if you are willing to risk it and then also rename the file with an OLD extension so that it can't run... If the popups stop, it was the problem...

The second is this:

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

This is probably okay, but there are some sources that say that it can be corrupted by malware... If you use CyberLink PowerDVD, leave it alone...

The rest looks okay... Let me know what you do and how it goes...

I got rid of what you said and restricted the pop up sites using the security options on internet explorer. I can only assume that this is a new trojan as adaware and spybot didnt pick it up? many thanks for your help as always much appreciated buddy!



Logfile of HijackThis v1.99.1
Scan saved at 19:04:57, on 15/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Documents and Settings\Darren Bowen\My Documents\HJT FOLDER\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE9DC1ED-9404-4F7A-9704-535433B556E0}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Ad-Aware is having internal problems at the program's company and has gotten less useful as a result... Both have them have been limited for a while as the malware companies design their software to circumvent them... If you had to block the popups, it suggests that you may still have malware on your system... Please run this to check further:

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Sorry about late reply, I have been so busy lately at work I just don't want to use the pc. Heres the report many thanks in advance


2006-10-17 18:31 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2006-10-14 19:16 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2006-10-14 19:16 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2006-10-14 18:52 0 --a------ C:\WINDOWS\system32\sys_dll.dll
2006-10-14 18:45 10,045 --a------ C:\WINDOWS\system32\mspriv32.dll
2006-10-14 18:26 98,304 --a------ C:\WINDOWS\system32\asrupdate.exe
2006-09-29 07:36 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-09-24 03:15 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2006-09-24 03:15 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2006-09-24 02:54 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-09-24 02:53 98,304 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
2006-09-24 02:53 79,622 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2006-09-24 02:53 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2006-09-24 00:14 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2006-09-24 00:14 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2006-09-24 00:14 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2006-09-24 00:14 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2006-09-24 00:13 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2006-09-24 00:13 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2006-09-24 00:13 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2006-09-24 00:13 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2006-09-24 00:13 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2006-09-24 00:13 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2006-09-24 00:13 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2006-09-24 00:13 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2006-09-24 00:13 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2006-09-24 00:13 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2006-09-24 00:13 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2006-09-24 00:13 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2006-09-24 00:13 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2006-09-24 00:06 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-09-24 00:06 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-09-24 00:06 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-09-24 00:06 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-09-24 00:06 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-09-24 00:06 5,632 --a------ C:\WINDOWS\system32\kbd103.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2006-10-23 19:53 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-23 19:20 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Vso
2006-10-23 19:09 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\dvdcss
2006-10-22 09:31 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-21 13:10 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\1clickPro
2006-10-18 22:26 -------- d-------- C:\Program Files\MP3 Audio Sound Recoder
2006-10-17 23:29 -------- d-------- C:\Program Files\AltoMP3 Gold
2006-10-17 22:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-17 22:20 -------- d-------- C:\Program Files\iTunes
2006-10-17 18:31 -------- d-------- C:\Program Files\iPod
2006-10-15 19:39 -------- d-------- C:\Program Files\Messenger
2006-10-15 19:34 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-15 19:33 -------- d-------- C:\Program Files\MSN Messenger
2006-10-14 19:25 -------- d-------- C:\Program Files\Trojan Remover
2006-10-08 20:08 -------- d---sc--- C:\Documents and Settings\Darren Bowen\Application Data\Microsoft
2006-09-29 17:59 -------- d-------- C:\Program Files\MagicISO
2006-09-28 21:35 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\LimeWire
2006-09-25 07:51 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\ImgBurn
2006-09-25 07:46 -------- d-------- C:\Program Files\AOL 9.0
2006-09-25 07:45 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-24 20:33 -------- d-------- C:\Program Files\DOSBox-0.65
2006-09-24 03:15 -------- d-------- C:\Program Files\EPSON
2006-09-24 01:56 -------- d-------- C:\Program Files\TVAnts
2006-09-24 00:33 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\ppstream
2006-09-24 00:33 -------- d-------- C:\Program Files\GAOV
2006-09-24 00:11 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-09-24 00:11 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\PPLive
2006-09-24 00:10 -------- d-------- C:\Program Files\Common Files\Synacast
2006-09-24 00:10 -------- d-------- C:\Program Files\Common Files
2006-09-23 23:26 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Real
2006-09-23 23:25 -------- d-------- C:\Program Files\Common Files\xing shared
2006-09-23 23:25 -------- d-------- C:\Program Files\Common Files\Real
2006-09-23 06:44 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Apple Computer
2006-09-23 05:53 -------- d-------- C:\Program Files\Microsoft Office
2006-09-23 05:53 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-23 05:53 -------- d-------- C:\Program Files\Common Files\Designer
2006-09-22 04:07 -------- d-------- C:\Program Files\QuickTime
2006-09-22 04:05 -------- d-------- C:\Program Files\Apple Software Update
2006-09-17 04:15 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Sun
2006-09-16 19:49 -------- d-------- C:\Program Files\AC3Filter
2006-09-15 15:54 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\AdobeUM
2006-09-15 07:02 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Adobe
2006-09-15 06:58 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-15 06:56 -------- d-------- C:\Program Files\Adobe
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-13 03:01 -------- d-------- C:\Program Files\Internet Explorer
2006-09-13 03:00 -------- d-------- C:\Program Files\Outlook Express
2006-09-13 03:00 -------- d-------- C:\Program Files\Common Files\System
2006-09-12 07:00 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-09-12 06:59 -------- d-------- C:\Program Files\Windows Media Player
2006-09-12 06:51 96256 --a------ C:\WINDOWS\system32\drivers\sptd4013.sys
2006-09-12 06:20 -------- d-------- C:\Program Files\Movie Maker
2006-09-12 06:17 -------- d-------- C:\Program Files\Windows NT
2006-09-12 06:17 -------- d-------- C:\Program Files\NetMeeting
2006-09-12 04:12 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\PC Tools
2006-09-12 03:31 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Ahead
2006-09-12 03:28 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Lavasoft
2006-09-12 03:27 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\vlc
2006-09-12 03:27 -------- d-------- C:\Program Files\VideoLAN
2006-09-11 08:24 -------- d-------- C:\Program Files\FastStone Image Viewer
2006-09-11 08:20 -------- d-------- C:\Program Files\The Rosetta Stone
2006-09-11 08:14 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-09-11 08:12 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-09-11 08:09 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-11 07:46 -------- d-------- C:\Program Files\Alcohol Soft
2006-09-11 07:40 -------- d-------- C:\Program Files\ImgBurn
2006-09-11 07:25 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\CyberLink
2006-09-11 07:23 -------- d-------- C:\Program Files\CyberLink
2006-09-11 07:09 -------- d-------- C:\Program Files\CCleaner
2006-09-11 07:06 -------- d-------- C:\Program Files\Java
2006-09-11 05:31 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Help
2006-09-11 05:22 -------- d-------- C:\Program Files\GoldEsel
2006-09-11 05:21 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Mozilla
2006-09-11 05:19 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-11 05:14 -------- d-------- C:\Program Files\LimeWire
2006-09-11 05:13 81920 --a--c--- C:\Documents and Settings\Darren Bowen\Application Data\ezpinst.exe
2006-09-11 05:13 7176 --a--c--- C:\Documents and Settings\Darren Bowen\Application Data\pcouffin.cat
2006-09-11 05:13 47360 --a--c--- C:\Documents and Settings\Darren Bowen\Application Data\pcouffin.sys
2006-09-11 05:13 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2006-09-11 05:13 34 --a--c--- C:\Documents and Settings\Darren Bowen\Application Data\pcouffin.log
2006-09-11 05:13 1144 --a--c--- C:\Documents and Settings\Darren Bowen\Application Data\pcouffin.inf

2006-09-11 05:13 -------- d-------- C:\Program Files\vso
2006-09-11 05:12 -------- d-------- C:\Program Files\Common Files\Java
2006-09-11 05:10 -------- d-------- C:\Program Files\LG Software Innovations
2006-09-11 05:08 -------- d-------- C:\Program Files\WinRAR
2006-09-11 05:05 -------- d-------- C:\Program Files\Lavasoft
2006-09-11 05:02 44 --a------ C:\WINDOWS\system32\msssc.dll
2006-09-11 05:02 -------- d-------- C:\Program Files\Analog Devices
2006-09-11 05:01 -------- d-------- C:\Program Files\ATI Technologies
2006-09-11 05:00 -------- d-------- C:\Program Files\AOL Companion
2006-09-11 04:59 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\You've Got Pictures Screensaver
2006-09-11 04:59 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\AOL
2006-09-11 04:59 -------- d-------- C:\Program Files\Viewpoint
2006-09-11 04:59 -------- d-------- C:\Program Files\Learn2.com
2006-09-11 04:59 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-11 04:59 -------- d-------- C:\Program Files\Common Files\aolback
2006-09-11 04:59 -------- d-------- C:\Program Files\AOL Toolbar
2006-09-11 04:58 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2006-09-11 04:58 -------- d-------- C:\Program Files\Real
2006-09-11 04:58 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-09-11 04:57 -------- d-------- C:\Program Files\VoyagerTest
2006-09-11 04:57 -------- d-------- C:\Program Files\Common Files\FTL Shared
2006-09-11 04:56 -------- d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2006-09-11 04:46 -------- d-------- C:\Program Files\VoyagerModemDrivers
2006-09-11 04:45 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-11 04:45 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Identities
2006-09-11 04:41 0 -rahs---- C:\MSDOS.SYS
2006-09-11 04:41 0 -rahs---- C:\IO.SYS
2006-09-11 04:41 0 --a------ C:\CONFIG.SYS
2006-09-11 04:41 0 --a------ C:\AUTOEXEC.BAT
2006-09-11 04:41 -------- d-------- C:\Program Files\xerox
2006-09-11 04:41 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-11 04:39 -------- d-------- C:\Program Files\Common Files\Services
2006-09-11 04:39 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-11 04:38 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-11 04:38 -------- d-------- C:\Program Files\Online Services
2006-09-11 04:38 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-11 04:38 -------- d-------- C:\Program Files\MSN
2006-09-11 04:38 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-10 21:34 -------- d-------- C:\Program Files\Trend Micro
2006-09-10 21:32 -------- d-------- C:\Program Files\Fellowes
2006-09-10 21:32 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-10 21:32 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-10 21:31 62 --ahs---- C:\Documents and Settings\Darren Bowen\Application Data\desktop.ini
2006-09-10 21:31 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-10 21:30 -------- d-------- C:\Program Files\Ahead
2006-09-10 21:29 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Macromedia
2006-09-06 20:27 31248 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-09-06 20:27 197648 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-09-06 20:09 1051456 --a------ C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-25 06:42 8704 --------- C:\WINDOWS\system32\wdfmgr.exe
2006-08-25 06:42 8704 --------- C:\WINDOWS\system32\uwdf.exe
2006-08-25 06:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-25 06:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-25 06:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-08-25 06:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-25 06:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-25 06:30 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-08-25 06:30 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-25 06:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-25 06:30 63488 --------- C:\WINDOWS\system32\wpdmtpus.dll
2006-08-25 06:30 629760 --------- C:\WINDOWS\system32\wpd_ci.dll
2006-08-25 06:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll
2006-08-25 06:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-25 06:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-25 06:30 532992 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-25 06:30 428032 --------- C:\WINDOWS\system32\wmdrmdev.dll
2006-08-25 06:30 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-25 06:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-25 06:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-25 06:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-25 06:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-25 06:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-25 06:30 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-25 06:30 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-08-25 06:30 4096 --------- C:\WINDOWS\system32\WMVADVE.DLL
2006-08-25 06:30 4096 --------- C:\WINDOWS\system32\WMVADVD.dll
2006-08-25 06:30 4096 --------- C:\WINDOWS\system32\wdfapi.dll
2006-08-25 06:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-25 06:30 35840 --------- C:\WINDOWS\system32\wpdconns.dll
2006-08-25 06:30 349184 --------- C:\WINDOWS\system32\wpdsp.dll
2006-08-25 06:30 347648 --------- C:\WINDOWS\system32\wmdrmnet.dll
2006-08-25 06:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-25 06:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-25 06:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-25 06:30 314368 --------- C:\WINDOWS\system32\wmpdxm.dll
2006-08-25 06:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll
2006-08-25 06:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-08-25 06:30 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-25 06:30 276480 --------- C:\WINDOWS\system32\audiodev.dll
2006-08-25 06:30 27648 --------- C:\WINDOWS\system32\mspmsnsv.dll
2006-08-25 06:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-25 06:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll
2006-08-25 06:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-08-25 06:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-08-25 06:30 242176 --------- C:\WINDOWS\system32\wmpasf.dll
2006-08-25 06:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-25 06:30 227328 --------- C:\WINDOWS\system32\wmerror.dll
2006-08-25 06:30 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-08-25 06:30 211968 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-08-25 06:30 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-25 06:30 204800 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-25 06:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-25 06:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-25 06:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-25 06:30 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-25 06:30 1660416 --------- C:\WINDOWS\system32\wmpencen.dll
2006-08-25 06:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-25 06:30 154624 --------- C:\WINDOWS\system32\wpdmtp.dll
2006-08-25 06:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-25 06:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-25 06:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-25 06:30 133120 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-25 06:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-25 06:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-25 06:30 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-08-25 06:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-25 06:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-25 06:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.d ll
2006-08-25 04:31 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-25 04:27 249344 --------- C:\WINDOWS\system32\drmupgds.exe
2006-08-25 04:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-25 04:26 38656 --------- C:\WINDOWS\system32\drivers\wpdusb.sys
2006-08-25 04:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-25 03:22 90112 --------- C:\WINDOWS\system32\drivers\WudfRd.sys
2006-08-25 03:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-08-25 03:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe
2006-08-25 03:18 84864 --------- C:\WINDOWS\system32\drivers\WudfPf.sys
2006-08-25 03:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-08-25 03:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-08-24 19:40 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-12 04:14 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-28 17:30 63768 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-07-28 17:30 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-07-28 17:30 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\PROGRA~1\\MESSEN~1\\Msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"MediaFace Integration"="C:\\Program Files\\Fellowes\\MediaFACE 4.2\\SetHook.exe"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe \""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"EPSON Stylus C46 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\ E_S4I0T1.EXE /P23 \"EPSON Stylus C46 Series\" /O6 \"USB001\" /M \"Stylus C46\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00, 00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff, ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00, 00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Spyware Doctor"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"C:\\PROGRAM FILES\\MESSENGER\\MSMSGS.EXE\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-10-23 20:06:40.45
C:\ComboFix.txt ... 06-10-23 20:06

I think you may have one of the new Chinese infections... Please run a different version of ComboFix to see if it is there and can be fixed... Download this version rather than trying to use the one you have:

Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/zh/BetaB/combofix.exe)

and save it to your desktop. Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

"%userprofile%\desktop\combofix.exe" /wow

Boot into safe mode by tapping the F8 key just before Windows starts to load.

go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe" /wow

When finished, it shall produce a log for you. Save it and post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In your next post, please include new hijackthis log combofix log

*use separate posts to ensure the logs don't get cut off!

Thanks for your help I have just done what you have told me heres the combo fix log in several parts.

((((((((((((((((((((((((((((((( Files Created from 2006-09-28 to 2006-10-28 ))))))))))))))))))))))))))))))))))


2006-10-17 18:31 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2006-10-14 19:16 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2006-10-14 19:16 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2006-10-14 18:52 0 --a------ C:\WINDOWS\system32\sys_dll.dll
2006-10-14 18:45 10,045 --a------ C:\WINDOWS\system32\mspriv32.dll
2006-10-14 18:26 98,304 --a------ C:\WINDOWS\system32\asrupdate.exe
2006-09-29 07:36 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2006-10-28 20:46 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-28 20:36 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Vso
2006-10-26 07:58 -------- d-------- C:\Program Files\Java
2006-10-24 18:07 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\dvdcss
2006-10-22 09:31 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-21 13:10 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\1clickPro
2006-10-18 22:26 -------- d-------- C:\Program Files\MP3 Audio Sound Recoder
2006-10-17 23:29 -------- d-------- C:\Program Files\AltoMP3 Gold
2006-10-17 22:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-17 22:20 -------- d-------- C:\Program Files\iTunes
2006-10-17 18:31 -------- d-------- C:\Program Files\iPod
2006-10-15 19:39 -------- d-------- C:\Program Files\Messenger
2006-10-15 19:34 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-15 19:33 -------- d-------- C:\Program Files\MSN Messenger
2006-10-14 19:25 -------- d-------- C:\Program Files\Trojan Remover
2006-10-08 20:08 -------- d---sc--- C:\Documents and Settings\Darren Bowen\Application Data\Microsoft
2006-09-29 17:59 -------- d-------- C:\Program Files\MagicISO
2006-09-28 21:35 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\LimeWire
2006-09-25 07:51 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\ImgBurn
2006-09-25 07:46 -------- d-------- C:\Program Files\AOL 9.0
2006-09-25 07:45 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-24 20:33 -------- d-------- C:\Program Files\DOSBox-0.65
2006-09-24 03:15 -------- d-------- C:\Program Files\EPSON
2006-09-24 01:56 -------- d-------- C:\Program Files\TVAnts
2006-09-24 00:33 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\ppstream
2006-09-24 00:33 -------- d-------- C:\Program Files\GAOV
2006-09-24 00:11 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-09-24 00:11 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\PPLive
2006-09-24 00:10 -------- d-------- C:\Program Files\Common Files\Synacast
2006-09-24 00:10 -------- d-------- C:\Program Files\Common Files
2006-09-23 23:26 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Real
2006-09-23 23:25 -------- d-------- C:\Program Files\Common Files\xing shared
2006-09-23 23:25 -------- d-------- C:\Program Files\Common Files\Real
2006-09-23 06:44 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Apple Computer
2006-09-23 05:53 -------- d-------- C:\Program Files\Microsoft Office
2006-09-23 05:53 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-23 05:53 -------- d-------- C:\Program Files\Common Files\Designer
2006-09-22 04:07 -------- d-------- C:\Program Files\QuickTime
2006-09-22 04:05 -------- d-------- C:\Program Files\Apple Software Update
2006-09-17 04:15 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Sun
2006-09-16 19:49 -------- d-------- C:\Program Files\AC3Filter
2006-09-15 15:54 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\AdobeUM
2006-09-15 07:02 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Adobe
2006-09-15 06:58 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-15 06:56 -------- d-------- C:\Program Files\Adobe
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-13 03:01 -------- d-------- C:\Program Files\Internet Explorer
2006-09-13 03:00 -------- d-------- C:\Program Files\Outlook Express
2006-09-13 03:00 -------- d-------- C:\Program Files\Common Files\System
2006-09-12 07:00 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-09-12 06:59 -------- d-------- C:\Program Files\Windows Media Player
2006-09-12 06:51 96256 --a------ C:\WINDOWS\system32\drivers\sptd4013.sys
2006-09-12 06:20 -------- d-------- C:\Program Files\Movie Maker
2006-09-12 06:17 -------- d-------- C:\Program Files\Windows NT
2006-09-12 06:17 -------- d-------- C:\Program Files\NetMeeting
2006-09-12 04:12 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\PC Tools
2006-09-12 03:31 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Ahead
2006-09-12 03:28 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Lavasoft
2006-09-12 03:27 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\vlc
2006-09-12 03:27 -------- d-------- C:\Program Files\VideoLAN
2006-09-11 08:24 -------- d-------- C:\Program Files\FastStone Image Viewer
2006-09-11 08:20 -------- d-------- C:\Program Files\The Rosetta Stone
2006-09-11 08:14 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-09-11 08:12 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-09-11 08:09 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-11 07:46 -------- d-------- C:\Program Files\Alcohol Soft
2006-09-11 07:40 -------- d-------- C:\Program Files\ImgBurn
2006-09-11 07:25 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\CyberLink
2006-09-11 07:23 -------- d-------- C:\Program Files\CyberLink
2006-09-11 07:09 -------- d-------- C:\Program Files\CCleaner
2006-09-11 05:31 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Help
2006-09-11 05:22 -------- d-------- C:\Program Files\GoldEsel
2006-09-11 05:21 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Mozilla
2006-09-11 05:19 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-11 05:14 -------- d-------- C:\Program Files\LimeWire
2006-09-11 05:13 81920 --a--c--- C:\Documents and Settings\Darren Bowen\Application Data\ezpinst.exe
2006-09-11 05:13 7176 --a--c--- C:\Documents and Settings\Darren Bowen\Application Data\pcouffin.cat
2006-09-11 05:13 47360 --a--c--- C:\Documents and Settings\Darren Bowen\Application Data\pcouffin.sys
2006-09-11 05:13 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2006-09-11 05:13 34 --a--c--- C:\Documents and Settings\Darren Bowen\Application Data\pcouffin.log
2006-09-11 05:13 1144 --a--c--- C:\Documents and Settings\Darren Bowen\Application Data\pcouffin.inf
2006-09-11 05:13 -------- d-------- C:\Program Files\vso
2006-09-11 05:12 -------- d-------- C:\Program Files\Common Files\Java
2006-09-11 05:10 -------- d-------- C:\Program Files\LG Software Innovations
2006-09-11 05:08 -------- d-------- C:\Program Files\WinRAR
2006-09-11 05:05 -------- d-------- C:\Program Files\Lavasoft
2006-09-11 05:02 44 --a------ C:\WINDOWS\system32\msssc.dll
2006-09-11 05:02 -------- d-------- C:\Program Files\Analog Devices
2006-09-11 05:01 -------- d-------- C:\Program Files\ATI Technologies
2006-09-11 05:00 -------- d-------- C:\Program Files\AOL Companion
2006-09-11 04:59 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\You've Got Pictures Screensaver
2006-09-11 04:59 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\AOL
2006-09-11 04:59 -------- d-------- C:\Program Files\Viewpoint
2006-09-11 04:59 -------- d-------- C:\Program Files\Learn2.com
2006-09-11 04:59 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-11 04:59 -------- d-------- C:\Program Files\Common Files\aolback
2006-09-11 04:59 -------- d-------- C:\Program Files\AOL Toolbar
2006-09-11 04:58 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2006-09-11 04:58 -------- d-------- C:\Program Files\Real
2006-09-11 04:58 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-09-11 04:57 -------- d-------- C:\Program Files\VoyagerTest
2006-09-11 04:57 -------- d-------- C:\Program Files\Common Files\FTL Shared
2006-09-11 04:56 -------- d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2006-09-11 04:46 -------- d-------- C:\Program Files\VoyagerModemDrivers
2006-09-11 04:45 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-11 04:45 -------- d----c--- C:\Documents and Settings\Darre

2006-09-11 04:41 0 -rahs---- C:\MSDOS.SYS
2006-09-11 04:41 0 -rahs---- C:\IO.SYS
2006-09-11 04:41 0 --a------ C:\CONFIG.SYS
2006-09-11 04:41 0 --a------ C:\AUTOEXEC.BAT
2006-09-11 04:41 -------- d-------- C:\Program Files\xerox
2006-09-11 04:41 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-11 04:39 -------- d-------- C:\Program Files\Common Files\Services
2006-09-11 04:39 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-11 04:38 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-11 04:38 -------- d-------- C:\Program Files\Online Services
2006-09-11 04:38 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-11 04:38 -------- d-------- C:\Program Files\MSN
2006-09-11 04:38 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-10 21:34 -------- d-------- C:\Program Files\Trend Micro
2006-09-10 21:32 -------- d-------- C:\Program Files\Fellowes
2006-09-10 21:32 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-10 21:32 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-10 21:31 62 --ahs---- C:\Documents and Settings\Darren Bowen\Application Data\desktop.ini
2006-09-10 21:31 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-10 21:30 -------- d-------- C:\Program Files\Ahead
2006-09-10 21:29 -------- d----c--- C:\Documents and Settings\Darren Bowen\Application Data\Macromedia
2006-09-06 20:27 31248 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-09-06 20:27 197648 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-09-06 20:09 1051456 --a------ C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-25 06:42 8704 --------- C:\WINDOWS\system32\wdfmgr.exe
2006-08-25 06:42 8704 --------- C:\WINDOWS\system32\uwdf.exe
2006-08-25 06:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-25 06:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-25 06:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-08-25 06:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-25 06:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-25 06:30 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-08-25 06:30 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-25 06:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-25 06:30 63488 --------- C:\WINDOWS\system32\wpdmtpus.dll
2006-08-25 06:30 629760 --------- C:\WINDOWS\system32\wpd_ci.dll
2006-08-25 06:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll
2006-08-25 06:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-25 06:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-25 06:30 532992 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-25 06:30 428032 --------- C:\WINDOWS\system32\wmdrmdev.dll
2006-08-25 06:30 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-25 06:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-25 06:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-25 06:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-25 06:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-25 06:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-25 06:30 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-25 06:30 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-08-25 06:30 4096 --------- C:\WINDOWS\system32\WMVADVE.DLL
2006-08-25 06:30 4096 --------- C:\WINDOWS\system32\WMVADVD.dll
2006-08-25 06:30 4096 --------- C:\WINDOWS\system32\wdfapi.dll
2006-08-25 06:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-25 06:30 35840 --------- C:\WINDOWS\system32\wpdconns.dll
2006-08-25 06:30 349184 --------- C:\WINDOWS\system32\wpdsp.dll
2006-08-25 06:30 347648 --------- C:\WINDOWS\system32\wmdrmnet.dll
2006-08-25 06:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-25 06:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-25 06:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-25 06:30 314368 --------- C:\WINDOWS\system32\wmpdxm.dll
2006-08-25 06:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll
2006-08-25 06:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-08-25 06:30 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-25 06:30 276480 --------- C:\WINDOWS\system32\audiodev.dll
2006-08-25 06:30 27648 --------- C:\WINDOWS\system32\mspmsnsv.dll
2006-08-25 06:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-25 06:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll
2006-08-25 06:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-08-25 06:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-08-25 06:30 242176 --------- C:\WINDOWS\system32\wmpasf.dll
2006-08-25 06:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-25 06:30 227328 --------- C:\WINDOWS\system32\wmerror.dll
2006-08-25 06:30 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-08-25 06:30 211968 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-08-25 06:30 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-25 06:30 204800 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-25 06:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-25 06:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-25 06:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-25 06:30 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-25 06:30 1660416 --------- C:\WINDOWS\system32\wmpencen.dll
2006-08-25 06:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-25 06:30 154624 --------- C:\WINDOWS\system32\wpdmtp.dll
2006-08-25 06:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-25 06:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-25 06:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-25 06:30 133120 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-25 06:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-25 06:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-25 06:30 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-08-25 06:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-25 06:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-25 06:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.d ll
2006-08-25 04:31 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-25 04:27 249344 --------- C:\WINDOWS\system32\drmupgds.exe
2006-08-25 04:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-25 04:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-25 03:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-08-25 03:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe
2006-08-25 03:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-08-25 03:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-12 04:14 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-28 17:30 63768 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-07-28 17:30 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-07-28 17:30 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\PROGRA~1\\MESSEN~1\\Msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"MediaFace Integration"="C:\\Program Files\\Fellowes\\MediaFACE 4.2\\SetHook.exe"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe \""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"EPSON Stylus C46 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\ E_S4I0T1.EXE /P23 \"EPSON Stylus C46 Series\" /O6 \"USB001\" /M \"Stylus C46\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00, 00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff, ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00, 00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Spyware Doctor"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"C:\\PROGRAM FILES\\MESSENGER\\MSMSGS.EXE\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
netsvcs REG_MULTI_SZ 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServ er\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCom patibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServ er\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntm ssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\ 0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedacc ess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0 WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0TermService\0wuaus erv\0BITS\0ShellHWDetection\0helpsvc\0xmlprov\0wsc svc\0WmdmPmSN\0\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
mysee2 REG_MULTI_SZ Mysee2_Runtime\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-10-28 20:59:05.06
C:\ComboFix.txt ... 06-10-28 20:59
C:\ComboFix2.txt ... 06-10-23 20:06

Here is the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 21:24:55, on 28/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\EXPLORER.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Documents and Settings\Darren Bowen\My Documents\HJT FOLDER\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE9DC1ED-9404-4F7A-9704-535433B556E0}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

I have just read a post in regards to a nasty chinese infection and am a little worried to say the least heres the log from f-secure that you have asked others to do please advise accordingly


Scanning Report
Saturday, October 28, 2006 21:33:28 - 22:11:57

Computer name: PERSONAL-69BQBR
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 0 malware found
Statistics
Scanned:

* Files: 20883
* System: 4302
* Not scanned: 5

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 0
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\VAXSCSI.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{7BEE8D 19-34B1-406E-9296-BB6374945348}.BIN
Options
Scanning engines:

* F-Secure AVP: 6.0.171, 2006-10-27
* F-Secure Libra: 2.4.1, 2006-10-26
* F-Secure Orion: 1.2.37, 2006-10-27
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Draco: 1.0.35, 0259-24-212
* F-Secure Pegasus: 1.19.0, 2006-08-29

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

Please use Killbox for some deletions:

Download Killbox:

http://www.atribune.org/downloads/KillBox.exe

Then copy/paste this list into a Notepad file so that you can access it in Safe Mode... Boot to Safe Mode (tap F8 just before Windows starts loading and select Safe Mode)... Choose the "Delete on reboot" and "End Explorer Shell while Killing file" options... Copy/paste the entire list into the line for the file... It should be able to accept the whole list, but if it doesn't you will need to enter them one at a time... Do not click through to close it out and reboot until they have all been entered... Once they are all entered, click through to kill them...

C:\WINDOWS\system32\mspriv32.dll
C:\WINDOWS\system32\asrupdate.exe

If you don't know what this is for, please check in this folder to see what programs are there and what company made them:

C:\Program Files\GAOV

Find this file and check Properties to see if it is from a legit company... It will hopefully be from Daemon Tools software:

C:\WINDOWS\system32\drivers\sptd4013.sys

It doesn't look like you have the Chinese infection... Your HJT and F-Secure logs look okay... Post back on how these things went and how your computer is doing...

Thanks for the reply,

I am a little confused which list do I copy and paste in to a note pad file so I can access it in safe mode ?

c:\program files\GAOV is empty so I have deleted that its an obsolete folder.

Before I go ahead with killbox I just need some verification as to what I copy and paste in to the notepad.

many thanks

This list:

C:\WINDOWS\system32\mspriv32.dll
C:\WINDOWS\system32\asrupdate.exe

Hi,

I have followed your instructions and touch wood everything seems to be ok thankyou very much for all your help it is much appreciated.

Many thanks

Here is my prevention speech to help avoid future infection:

This is a good time to set up protection against further attacks. Read the article linked below about "How did I
get infected". You need an antivirus that is updated, a good firewall (a router firewall is not enough) and a
spyware blocker like SpywareBlaster and also IE-Spyads. All of these have good free versions available... be very
cautious about any security software that advertises in popups or other intrusive ways, they are not only usually
useless, but also often have malware in them....

http://forums.spywareinfo.com/index.php?showtopic=60955