Firefox keeps opening multiple tabs by itself everytime I open Firefox

Hi again,

Is there anyone here at all that can help me with my above problem. This problem is really starting to make me lose my mind as my life depends on this machine. Please there must be someone who can help me!

Download the latest version (2.0.2) of hijackthis after uninstalling the Beta version.
Do not edit the log as you have above. If we needed it edited it, we would ask you.

Thankyou for replying crunchie,

I will download version (2.0.2) now, as for the editing part, I have done nothing with it, I copied and posted that log exactly as it is. However i did wrap the log into a list to make it easier for you to read, if this is what you mean, then I will make sure not to do this in the future:)

Hi crunchie,

I have download HijackThis 2.0.2 and ran another scan.

Here are the results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:37 PM, on 9/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
c:\Program Files\bigpond\security\App\syssvcnt.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\dnetc.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\iFinger\iFinger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\bigpond\security\app\Console.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\wamp\wampmanager.exe
c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZDE.exe
C:\Program Files\Zend\ZendStudio-5.5.0\jre\bin\javaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\RICHARD WALKER\Application Data\Mozilla\Profiles\default\wwk1mlvn.slt\prefs.js)
O2 - BHO: (no name) - {01226306-49F0-4A72-AAEF-0E03AA5CC279} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\bigpond\security\App\popupbho01.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - D:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: (no name) - {FED51DF2-9644-4C58-9104-90244EDD6EEC} - (no file)
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O3 - Toolbar: BigPond Security Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\bigpond\security\App\popupbho01.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [MSDrive] "rundll32.exe" C:\WINDOWS\system32\drvcag.dll,startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ESP] c:\Program Files\bigpond\security\app\start.exe
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [NTSecurity] NTSecurity.exe
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: iFinger 2.1.lnk = D:\Program Files\iFinger\iFinger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://files.authentium.com/bp/rsau/bin/wizard.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201932624703
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS4\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS5\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS6\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - Winlogon Notify: mljihgh - mljihgh.dll (file missing)
O21 - SSODL: zip - {8c23e867-9cbc-423e-be97-ce72369a2989} - C:\WINDOWS\Installer\{8c23e867-9cbc-423e-be97-ce72369a2989}\zip.dll
O21 - SSODL: PrxPrx - {af21b5f5-a1dc-4562-ad47-ad07e61345f8} - C:\WINDOWS\Installer\{af21b5f5-a1dc-4562-ad47-ad07e61345f8}\PrxPrx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BigPond Security System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\bigpond\security\App\syssvcnt.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 12507 bytes

Any help here would be much appreciated:)

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :

• Restart your computer
• After hearing your computer beep once during startup, but before the
  Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

• In Safe Mode, right click the SDFix.zip folder and choose Extract
  All,
• Open the extracted folder and double click RunThis.bat to
  start the script.
• Type Y to begin the script.
• It will remove the Trojan Services then make some repairs to the
  registry and prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• Your system will take longer that normal to restart as the fixtool
  will be running and removing files.
• When the desktop loads the Fixtool will complete the removal and
  display Finished, then press any key to end the script and load
  your desktop icons.
• Finally open the SDFix folder on your desktop and copy and paste the
  contents of the results file Report.txt back onto the forum with
  a new HijackThis log

Hi crunchie,

I have followed your steps and here are the logs that you requested:

Report.txt From SDfix

SDFix: Version 1.139

Run by Richard Walker on Sat 09/02/2008 at 04:31 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\RICHAR~1\Desktop\SDFix\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\WINDOWS\PART0100.DAT - Deleted
C:\WINDOWS\system32\winsvcup.exe  - Deleted
C:\WINDOWS\system32\winupsvc.exe  - Deleted





Removing Temp Files...

ADS Check:



                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-02-09 16:41:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5f,ac,58,7b,e5,32,54,fa,3b,fa,ea,30,16,b1,51,07,65,40,ee,0d,f2,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1d,11,ae,8e,2a,64,35,00,35,08,70,04,0b,81,d2,e9,63,..
"khjeh"=hex:7d,e1,07,6a,83,9b,d3,eb,39,e3,1c,cc,33,c3,18,25,58,bd,60,11,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7a,8f,68,e8,ae,f8,47,e2,f8,47,c1,72,d9,36,a7,b6,a4,8d,89,17,51,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5f,ac,58,7b,e5,32,54,fa,3b,fa,ea,30,16,b1,51,07,65,40,ee,0d,f2,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1d,11,ae,8e,2a,64,35,00,35,08,70,04,0b,81,d2,e9,63,..
"khjeh"=hex:7d,e1,07,6a,83,9b,d3,eb,39,e3,1c,cc,33,c3,18,25,58,bd,60,11,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7a,8f,68,e8,ae,f8,47,e2,f8,47,c1,72,d9,36,a7,b6,a4,8d,89,17,51,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a5,f4,16,32,33,81,2e,59,48,2a,76,c7,2c,35,29,db,3c,ee,0d,a5,a4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,02,e6,74,38,7b,30,4b,f4,d6,7d,be,f6,22,9f,29,c8,b4,..
"khjeh"=hex:7d,e1,07,6a,83,9b,d3,eb,39,e3,1c,cc,33,c3,18,25,58,bd,60,11,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ff,06,69,fb,71,39,43,f7,d2,56,c6,d6,f4,6d,14,eb,1a,09,33,e3,f2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:db8aa63b
"s2"=dword:58508995
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5f,ac,58,7b,e5,32,54,fa,3b,fa,ea,30,16,b1,51,07,65,40,ee,0d,f2,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1d,11,ae,8e,2a,64,35,00,35,08,70,04,0b,81,d2,e9,63,..
"khjeh"=hex:7d,e1,07,6a,83,9b,d3,eb,39,e3,1c,cc,33,c3,18,25,58,bd,60,11,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7a,8f,68,e8,ae,f8,47,e2,f8,47,c1,72,d9,36,a7,b6,a4,8d,89,17,51,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5f,ac,58,7b,e5,32,54,fa,3b,fa,ea,30,16,b1,51,07,65,40,ee,0d,f2,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1d,11,ae,8e,2a,64,35,00,35,08,70,04,0b,81,d2,e9,63,..
"khjeh"=hex:7d,e1,07,6a,83,9b,d3,eb,39,e3,1c,cc,33,c3,18,25,58,bd,60,11,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7a,8f,68,e8,ae,f8,47,e2,f8,47,c1,72,d9,36,a7,b6,a4,8d,89,17,51,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5f,ac,58,7b,e5,32,54,fa,3b,fa,ea,30,16,b1,51,07,65,40,ee,0d,f2,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1d,11,ae,8e,2a,64,35,00,35,08,70,04,0b,81,d2,e9,63,..
"khjeh"=hex:7d,e1,07,6a,83,9b,d3,eb,39,e3,1c,cc,33,c3,18,25,58,bd,60,11,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7a,8f,68,e8,ae,f8,47,e2,f8,47,c1,72,d9,36,a7,b6,a4,8d,89,17,51,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\\Program Files\\Acer TV-FM\\PowerCinema.exe"="C:\\Program Files\\Acer TV-FM\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\\Program Files\\Acer TV-FM\\PCMService.exe"="C:\\Program Files\\Acer TV-FM\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\VWDExpress.exe"="C:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\VWDExpress.exe:*:Enabled:Microsoft Visual Web Developer 2005 Express Edition"
"C:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlbrowser.exe"="C:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlbrowser.exe:*:Enabled:sqlbrowser"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe"="C:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe:*:Enabled:WS_FTP Pro Application"
"C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Enabled:Outlook Express"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Disabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"="C:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE:*:Disabled:Microsoft (R) Visual Studio VSA RPC Event Creator"
"C:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\Remote Debugger\\x86\\msvsmon.exe"="C:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\Remote Debugger\\x86\\msvsmon.exe:LocalSubNet:Enabled:Visual Studio Remote Debugging Monitor"
"C:\\Program Files\\Zend\\ZendStudio-5.5.0\\jre\\bin\\javaw.exe"="C:\\Program Files\\Zend\\ZendStudio-5.5.0\\jre\\bin\\javaw.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Zend\\ZendStudio-5.5.0\\bin\\ZDE.exe"="C:\\Program Files\\Zend\\ZendStudio-5.5.0\\bin\\ZDE.exe:*:Enabled:ZDE"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\lxddcoms.exe"="C:\\WINDOWS\\system32\\lxddcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"="C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"="C:\\Program Files\\Lexmark 2500 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"="C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\xampp\\apache\\bin\\apache.exe"="C:\\xampp\\apache\\bin\\apache.exe:*:Enabled:Apache HTTP Server"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe:*:Enabled: "
"C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"="C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe:*:Enabled: "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Lexmark 2500 Series\\app4r.exe"="C:\\Program Files\\Lexmark 2500 Series\\App4R.exe:*:Enabled:Printing Application"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\RICHAR~1\Desktop\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu  7 Feb 2008           267 A.SHR --- "C:\BOOT.BAK"
Thu 28 Jun 2007           220 A.SH. --- "C:\WINDOWS\dwin.sys"
Thu 14 Oct 2004     1,694,208 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed  4 Aug 2004        60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sat 20 Nov 2004        26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1211.exe"
Wed 16 Nov 2005        26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1215.exe"
Mon 30 Aug 2004        44,032 A..H. --- "C:\WINDOWS\AcerDRV\rescan.exe"
Sat 20 Nov 2004        26,112 A..H. --- "C:\WINDOWS\system32\InsD1211.exe"
Wed 16 Nov 2005        26,112 A..H. --- "C:\WINDOWS\system32\InsD1215.exe"
Thu  7 Aug 2003        24,576 A..H. --- "C:\WINDOWS\system32\KCMDNIns.exe"
Thu 17 Nov 2005        24,576 A..HR --- "C:\WINDOWS\system32\Kill1211.exe"
Thu 20 Oct 2005         1,024 A..HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Thu 20 Oct 2005         1,024 A..HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Thu 20 Oct 2005         1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Thu 20 Oct 2005         1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Thu 20 Oct 2005         1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Fri  8 Aug 2003        24,576 A..H. --- "C:\WINDOWS\system32\reboot.exe"
Sat 20 Nov 2004        26,112 A..H. --- "C:\WINDOWS\system32\RemD1211.exe"
Wed 16 Nov 2005        26,112 A..H. --- "C:\WINDOWS\system32\RemD1215.exe"
Mon 30 Aug 2004        44,032 A..H. --- "C:\WINDOWS\system32\rescan.exe"
Thu  5 Oct 2006         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 25 Jan 2008        29,616 ...H. --- "C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe-CommandBars"
Thu  7 Feb 2008        39,462 ..SHR --- "C:\WINDOWS\Installer\{3bb880af-3d12-4362-88c4-a67bd964c7ca}\zip.dll"
Fri  1 Feb 2008        38,950 ..SHR --- "C:\WINDOWS\Installer\{8c23e867-9cbc-423e-be97-ce72369a2989}\zip.dll"
Thu  7 Feb 2008        14,374 ..SHR --- "C:\WINDOWS\Installer\{af21b5f5-a1dc-4562-ad47-ad07e61345f8}\PrxPrx.dll"
Thu 13 Dec 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri  8 Feb 2008             0 A..H. --- "C:\WINDOWS\Sdold\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT16.tmp"
Fri  8 Feb 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT83.tmp"

Finished!

[U][COLOR="Red"]A new HijackThis log[/COLOR][/U]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:58 PM, on 9/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
c:\Program Files\bigpond\security\App\syssvcnt.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\dnetc.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\bigpond\security\app\Console.exe
D:\Program Files\iFinger\iFinger.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\RICHARD WALKER\Application Data\Mozilla\Profiles\default\wwk1mlvn.slt\prefs.js)
O2 - BHO: (no name) - {01226306-49F0-4A72-AAEF-0E03AA5CC279} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\bigpond\security\App\popupbho01.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - D:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: (no name) - {FED51DF2-9644-4C58-9104-90244EDD6EEC} - (no file)
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O3 - Toolbar: BigPond Security Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\bigpond\security\App\popupbho01.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ESP] c:\Program Files\bigpond\security\app\start.exe
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: iFinger 2.1.lnk = D:\Program Files\iFinger\iFinger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites - [url]http://favorites.live.com/quickadd.aspx[/url]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [url]http://*.download.microsoft.com[/url]
O15 - Trusted Zone: [url]http://*.update.microsoft.com[/url]
O15 - Trusted Zone: [url]http://*.windowsupdate.com[/url]
O15 - Trusted Zone: [url]http://*.windowsupdate.microsoft.com[/url]
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - [url]http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab[/url]
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - [url]http://files.authentium.com/bp/rsau/bin/wizard.exe[/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - [url]http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201932624703[/url]
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - [url]https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab[/url]
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - [url]http://www.worldwinner.com/games/shared/wwlaunch.cab[/url]
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - [url]http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe[/url]
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS4\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS5\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS6\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - Winlogon Notify: mljihgh - mljihgh.dll (file missing)
O21 - SSODL: zip - {8c23e867-9cbc-423e-be97-ce72369a2989} - C:\WINDOWS\Installer\{8c23e867-9cbc-423e-be97-ce72369a2989}\zip.dll
O21 - SSODL: PrxPrx - {af21b5f5-a1dc-4562-ad47-ad07e61345f8} - C:\WINDOWS\Installer\{af21b5f5-a1dc-4562-ad47-ad07e61345f8}\PrxPrx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BigPond Security System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\bigpond\security\App\syssvcnt.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device -   - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 11941 bytes

Once again, thank you very much for your much appreciated help:)

P.S: I have no idea how those smilies got into the Report.txt

Do you know what these two entries are;

O21 - SSODL: zip - {8c23e867-9cbc-423e-be97-ce72369a2989} - C:\WINDOWS\Installer\{8c23e867-9cbc-423e-be97-ce72369a2989}\zip.dll
O21 - SSODL: PrxPrx - {af21b5f5-a1dc-4562-ad47-ad07e61345f8} - C:\WINDOWS\Installer\{af21b5f5-a1dc-4562-ad47-ad07e61345f8}\PrxPrx.dll

If not, upload the files to;

Jotti's or to virustotal Post the results back here.

========

Scan with HijackThis and then place a check next to all the following, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {01226306-49F0-4A72-AAEF-0E03AA5CC279} - (no file)
O2 - BHO: (no name) - {FED51DF2-9644-4C58-9104-90244EDD6EEC} - (no file)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
...(Unless you've set these with an anti-spyware program like SpyBot's Immunize feature, have HiJackThis fix this.)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)

O20 - Winlogon Notify: mljihgh - mljihgh.dll (file missing)

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

When your done, rescan your system and make sure the following isn't present:

N3 - Netscape ... 5CSBWeb_01.src (or) 5CSBWeb_02.src

If it is, then fix that entry again; sometimes it'll take more than one pass. The actual entry is ok, and won't be deleted, it's the java wrapper marked in red that needs to be removed.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

Hi crunchie,

I have no idea what these entries are:

O21 - SSODL: zip - {8c23e867-9cbc-423e-be97-ce72369a2989} - C:\WINDOWS\Installer\{8c23e867-9cbc-423e-be97-ce72369a2989}\zip.dll
O21 - SSODL: PrxPrx - {af21b5f5-a1dc-4562-ad47-ad07e61345f8} - C:\WINDOWS\Installer\{af21b5f5-a1dc-4562-ad47-ad07e61345f8}\PrxPrx.dll

and further more, they don't seem to exist on my PC as I just can't find them, even a search returned nothing.

I had also done what you told me and rebooted, I then ran a rescan with HijackThis and here is the new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:10 PM, on 9/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
c:\Program Files\bigpond\security\App\syssvcnt.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\dnetc.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\bigpond\security\app\Console.exe
D:\Program Files\iFinger\iFinger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\RICHARD WALKER\Application Data\Mozilla\Profiles\default\wwk1mlvn.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\bigpond\security\App\popupbho01.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - D:\PROGRA~1\iFinger\plugins\IE.ifp
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O3 - Toolbar: BigPond Security Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\bigpond\security\App\popupbho01.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ESP] c:\Program Files\bigpond\security\app\start.exe
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: iFinger 2.1.lnk = D:\Program Files\iFinger\iFinger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://files.authentium.com/bp/rsau/bin/wizard.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201932624703
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS4\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS5\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS6\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O21 - SSODL: zip - {8c23e867-9cbc-423e-be97-ce72369a2989} - C:\WINDOWS\Installer\{8c23e867-9cbc-423e-be97-ce72369a2989}\zip.dll
O21 - SSODL: PrxPrx - {af21b5f5-a1dc-4562-ad47-ad07e61345f8} - C:\WINDOWS\Installer\{af21b5f5-a1dc-4562-ad47-ad07e61345f8}\PrxPrx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BigPond Security System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\bigpond\security\App\syssvcnt.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 11635 bytes

My PC is running a lot better than it was, but firefox still opens itself on startup, but it's not opening as many tabs as it was, I feel that there is some progress happening.

You have been a great help to me so far:)

richie513

Make sure one of your keyboard buttons isn't stuck and is firing up Firefox :).

Scan with HijackThis and then place a check next to all the following, if present:

 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present 
 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present 

...(Unless you've set these with an anti-spyware program like SpyBot's Immunize feature, have HiJackThis fix this.)

 O21 - SSODL: zip - {8c23e867-9cbc-423e-be97-ce72369a2989} - C:\WINDOWS\Installer\{8c23e867-9cbc-423e-be97-ce72369a2989}\zip.dll 
 O21 - SSODL: PrxPrx - {af21b5f5-a1dc-4562-ad47-ad07e61345f8} - C:\WINDOWS\Installer\{af21b5f5-a1dc-4562-ad47-ad07e61345f8}\PrxPrx.dll  

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

When your done, rescan your system and make sure the following isn't present:

N3 - Netscape ... 5CSBWeb_01.src (or) 5CSBWeb_02.src

If it is, then fix that entry again; sometimes it'll take more than one pass. The actual entry is ok, and won't be deleted, it's the java wrapper marked in red that needs to be removed.

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\WINDOWS\Installer

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear.
• Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Open Firefox - Close all tabs. Set your homepage, e.g http://www.google.com then click Tools > Options > Use Current Pages. Click OK. Close Firefox and reopen.

Hi crunchie,

I have followed your instructions. The new logs are below:

ComboFix.txt

ComboFix 08-02.05.3 - Richard Walker 2008-02-09 23:21:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.509 [GMT 10:00]
Running from: C:\Documents and Settings\Richard Walker\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\SystemDefender
C:\Program Files\ucleaner_setup.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\drvcagr.dll
C:\WINDOWS\system32\gebxywt(2).dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\prqss.ini
C:\WINDOWS\system32\prqss.ini2
C:\WINDOWS\system32\xwyqxwlr.dll

----- BITS: Possible infected sites -----

hxxp://go.microsoft.com
hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_SFSYNC02
-------\DomainService
-------\nm
-------\sfsync02

((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-09 22:51 . 2008-02-09 22:51 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-09 22:46 . 2008-02-09 22:46 <DIR> d-------- C:\Program Files\Common Files\Nikon
2008-02-09 22:12 . 2008-02-09 22:12 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-02-09 22:11 . 2008-02-09 22:11 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-02-09 22:11 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-02-09 21:26 . 2008-02-09 21:26 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-09 21:19 . 2008-02-09 21:19 <DIR> d-------- C:\Program Files\Pro Imaging Powertoys
2008-02-09 19:54 . 2008-02-09 19:54 <DIR> d-------- C:\Program Files\SysCleaner
2008-02-09 19:49 . 2008-02-09 19:49 98,709 --a------ C:\Program Files\udefender_setup.exe
2008-02-09 19:44 . 2008-02-09 19:44 10,240 --a------ C:\Program Files\tmp221203.exe
2008-02-09 19:44 . 2008-02-09 19:44 10,240 --a------ C:\Program Files\tmp220640.exe
2008-02-09 19:44 . 2008-02-09 19:44 10,240 --a------ C:\Program Files\tmp220609.exe
2008-02-09 19:44 . 2008-02-09 19:44 10,240 --a------ C:\Program Files\tmp220265.exe
2008-02-09 19:44 . 2008-02-09 19:44 10,240 --a------ C:\Program Files\tmp219921.exe
2008-02-09 19:33 . 2007-10-11 09:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-09 19:33 . 2007-07-01 13:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-09 19:33 . 2007-07-01 13:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-09 19:33 . 2007-10-11 09:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-09 19:33 . 2007-10-11 09:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-09 19:33 . 2007-10-11 09:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-09 19:33 . 2007-10-11 09:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-09 19:33 . 2007-10-11 09:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-09 19:33 . 2007-10-10 20:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-09 18:49 . 2008-02-09 18:49 <DIR> d-------- C:\Program Files\VirusTotalUploader
2008-02-09 16:01 . 2008-02-09 16:01 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-08 17:49 . 2006-06-14 18:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-02-08 17:33 . 2008-02-09 21:23 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-02-08 17:21 . 2008-02-08 17:30 <DIR> d-------- C:\WINDOWS\system32\oldcatroot2
2008-02-08 17:19 . 2008-02-08 17:19 <DIR> d-------- C:\WINDOWS\Sdold
2008-02-08 17:06 . 2008-02-08 17:06 11,776 --a------ C:\Program Files\tmp149406.exe
2008-02-08 17:06 . 2008-02-08 17:06 11,776 --a------ C:\Program Files\tmp147421.exe
2008-02-08 17:06 . 2008-02-08 17:06 10,240 --a------ C:\Program Files\tmp147562.exe
2008-02-08 17:06 . 2008-02-08 17:06 10,240 --a------ C:\Program Files\tmp147390.exe
2008-02-08 17:06 . 2008-02-08 17:06 10,240 --a------ C:\Program Files\tmp147343.exe
2008-02-08 16:35 . 2008-02-08 16:35 <DIR> d-------- C:\Documents and Settings\Richard Walker\Application Data\Uniblue
2008-02-08 16:25 . 2008-02-08 16:53 <DIR> d-------- C:\Program Files\Uniblue
2008-02-08 14:13 . 2008-02-09 23:28 1,073,307,648 --a------ C:\WINDOWS\MEMORY.DMP
2008-02-08 11:29 . 2004-08-04 18:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-02-08 11:29 . 2001-08-18 16:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-02-08 11:29 . 2001-08-18 16:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-02-08 11:29 . 2001-08-18 16:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-02-08 11:29 . 2001-08-18 16:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-02-08 11:27 . 2001-08-18 07:28 765,884 --a--c--- C:\WINDOWS\system32\dllcache\usrti.sys
2008-02-08 11:26 . 2001-08-18 07:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-02-08 11:25 . 2001-08-18 16:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-02-08 11:24 . 2001-08-18 06:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-02-08 11:23 . 2001-08-18 16:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2008-02-08 11:22 . 2001-08-18 08:56 157,696 --a--c--- C:\WINDOWS\system32\dllcache\sisv256.dll
2008-02-08 11:21 . 2001-08-18 16:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-02-08 11:20 . 2001-08-18 16:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-02-08 11:19 . 2001-08-18 07:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-02-08 11:18 . 2004-08-04 18:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-02-08 11:17 . 2001-08-18 08:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-02-08 11:16 . 2001-08-18 06:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-02-08 11:15 . 2001-08-18 06:11 128,000 --a--c--- C:\WINDOWS\system32\dllcache\n100325.sys
2008-02-08 11:14 . 2001-08-18 06:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-02-08 11:13 . 2001-08-18 07:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-02-08 11:12 . 2001-08-18 16:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-02-08 11:11 . 2004-08-04 18:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-02-08 11:10 . 2001-08-18 08:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-02-08 11:09 . 2001-08-18 06:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2008-02-08 11:08 . 2001-08-18 07:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-02-08 11:07 . 2001-08-18 06:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-02-08 11:06 . 2004-08-04 18:56 249,856 --a--c--- C:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-02-08 11:05 . 2001-08-18 06:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-02-08 11:04 . 2001-08-18 07:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-02-08 11:03 . 2001-08-18 07:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-02-08 07:23 . 2008-02-08 07:23 <DIR> d-------- C:\Program Files\Common Files\RuleSpace
2008-02-08 07:23 . 2008-02-08 07:23 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-02-08 07:23 . 2008-02-08 07:23 <DIR> d-------- C:\Program Files\Common Files\Aluria
2008-02-08 07:23 . 2008-02-07 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Authentium
2008-02-08 07:22 . 2008-02-08 07:22 <DIR> d-------- C:\Program Files\bigpond
2008-02-08 07:11 . 2008-02-07 18:27 <DIR> d-------- C:\Program Files\Common Files\Authentium Shared
2008-02-07 21:41 . 2008-02-07 21:48 <DIR> d-------- C:\Program Files\iFinger
2008-02-07 20:45 . 2008-02-07 20:52 <DIR> d-------- C:\Program Files\RegCure
2008-02-07 20:13 . 2004-08-04 18:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-02-07 20:13 . 2004-08-04 18:56 221,696 --a--c--- C:\WINDOWS\system32\dllcache\seo.dll
2008-02-07 20:13 . 2004-08-04 18:56 189,440 --a--c--- C:\WINDOWS\system32\dllcache\smtpadm.dll
2008-02-07 20:13 . 2004-08-04 17:08 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2008-02-07 20:13 . 2004-08-04 17:08 40,832 --a--c--- C:\WINDOWS\system32\dllcache\irbus.sys
2008-02-07 20:13 . 2004-08-04 18:56 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-02-07 20:13 . 2004-08-04 18:56 10,752 --a--c--- C:\WINDOWS\system32\dllcache\smtpapi.dll
2008-02-07 20:13 . 2004-08-04 18:56 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-02-07 20:13 . 2004-08-04 18:56 9,728 --a--c--- C:\WINDOWS\system32\dllcache\rwnh.dll
2008-02-07 20:13 . 2004-08-04 16:59 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2008-02-07 20:10 . 2008-02-07 20:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-02-07 20:10 . 2004-07-18 05:40 19,528 --a------ C:\WINDOWS\000001_.tmp
2008-02-07 19:32 . 2004-08-04 01:44 472,007 -ra------ C:\txtsetup.sif
2008-02-07 19:32 . 2004-08-03 23:00 260,272 -ra------ C:\$LDR$
2008-02-07 18:30 . 2008-02-07 18:30 3,332 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-07 17:51 . 2008-02-07 17:51 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-07 12:38 . 2008-02-07 14:28 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-07 10:40 . 2008-02-07 11:10 <DIR> d-------- C:\wamp
2008-02-07 10:28 . 2008-02-07 10:29 493 --a------ C:\WINDOWS\my.ini
2008-02-05 08:29 . 2008-02-05 08:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-05 07:17 . 2008-02-05 07:17 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-05 07:17 . 2008-02-05 07:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-04 09:07 . 2003-07-12 07:38 80,300 --a------ C:\WINDOWS\1.sim
2008-02-04 09:07 . 2008-02-04 09:07 0 --a------ C:\WINDOWS\xvoice.wav
2008-02-02 14:57 . 2008-02-02 14:55 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-11-27 15:02 --------- d-----w C:\Program Files\Windows Live
2008-11-27 15:02 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-11-19 00:02 --------- d-----w C:\Documents and Settings\Richard Walker\Application Data\Azureus
2008-11-18 23:28 --------- d-----w C:\Documents and Settings\Richard Walker\Application Data\TuneUp Software
2008-02-09 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-09 12:51 --------- d-----w C:\Program Files\Microsoft Expression
2008-02-09 05:57 --------- d-----w C:\Program Files\Lx_cats
2008-02-07 21:14 --------- d-----w C:\Documents and Settings\Richard Walker\Application Data\AVG7
2008-02-07 21:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-07 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-07 06:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 02:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-04 22:47 --------- d-----w C:\Program Files\GameHouse
2008-02-04 22:45 --------- d-----w C:\Program Files\Yahoo!
2008-02-04 22:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 22:44 --------- d-----w C:\Program Files\Smarty Uninstaller Pro
2008-02-04 21:11 --------- d-----w C:\Program Files\Webroot
2008-02-04 21:11 --------- d-----w C:\Documents and Settings\Richard Walker\Application Data\Webroot
2008-02-04 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-02 04:44 --------- d-----w C:\Program Files\SNLBar
2008-02-02 00:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-28 01:58 --------- d-----w C:\Program Files\MySQL
2008-01-20 18:46 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-08 01:48 --------- d-----w C:\Program Files\2K Games
2007-12-24 06:28 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-21 18:37 --------- d-----w C:\Documents and Settings\Richard Walker\Application Data\Lexmark Productivity Studio
2007-12-21 18:31 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2007-12-21 18:31 --------- d-----w C:\Program Files\Lexmark 2500 Series
2007-12-16 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-12-16 07:23 --------- d-----w C:\Program Files\Ontrack
2007-12-13 01:59 --------- d-----w C:\Program Files\Best SMTP Server
2007-12-12 18:04 --------- d-----w C:\Documents and Settings\Richard Walker\Application Data\MySQL
2007-12-12 03:58 --------- d-----w C:\Documents and Settings\Richard Walker\Application Data\Media Player Classic
2007-12-12 03:48 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-11 05:19 --------- d-----w C:\Documents and Settings\Richard Walker\Application Data\funkitron
2007-12-10 20:14 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-12-10 04:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-10 03:51 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-10 01:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-10 01:22 --------- d-----w C:\Documents and Settings\Richard Walker\Application Data\Leadertech
2007-12-10 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-09 21:17 --------- d-----w C:\Program Files\RegistrySmart
2007-11-26 22:47 194,888 ----a-w C:\WINDOWS\Unwash6.exe
2007-03-25 20:12 92,064 ----a-w C:\Documents and Settings\Richard Walker\mqdmmdm.sys
2007-03-25 20:12 9,232 ----a-w C:\Documents and Settings\Richard Walker\mqdmmdfl.sys
2007-03-25 20:12 79,328 ----a-w C:\Documents and Settings\Richard Walker\mqdmserd.sys
2007-03-25 20:12 66,656 ----a-w C:\Documents and Settings\Richard Walker\mqdmbus.sys
2007-03-25 20:12 6,208 ----a-w C:\Documents and Settings\Richard Walker\mqdmcmnt.sys
2007-03-25 20:12 5,936 ----a-w C:\Documents and Settings\Richard Walker\mqdmwhnt.sys
2007-03-25 20:12 4,048 ----a-w C:\Documents and Settings\Richard Walker\mqdmcr.sys
2007-03-25 20:12 25,600 ----a-w C:\Documents and Settings\Richard Walker\usbsermptxp.sys
2007-03-25 20:12 22,768 ----a-w C:\Documents and Settings\Richard Walker\usbsermpt.sys
2007-03-25 19:55 24,192 ----a-w C:\Documents and Settings\Web Development\usbsermptxp.sys
2007-03-25 19:55 22,768 ----a-w C:\Documents and Settings\Web Development\usbsermpt.sys
2007-03-25 05:38 32,951 ----a-w C:\Documents and Settings\Richard Walker\My Documents.zip
2007-03-25 05:35 32,951 ----a-w C:\Documents and Settings\Richard Walker\Desktop.zip
2007-01-15 16:31 3,918 ----a-w C:\Documents and Settings\Richard Walker\todolist.bak1
2007-01-14 02:35 3,918 ----a-w C:\Documents and Settings\Richard Walker\todolist.bak2
2006-12-22 07:21 382 ----a-w C:\Documents and Settings\Richard Walker\Application Data\internaldb1942.dat
2006-12-11 20:18 20,480 ----a-w C:\Documents and Settings\Richard Walker\Application Data\internaldb4827.dat
2006-11-23 01:54 49 ----a-w C:\Documents and Settings\Richard Walker\Application Data\internaldb41.dat
2006-11-20 16:11 9,216 ----a-w C:\Documents and Settings\Richard Walker\Application Data\internaldb8467.dat
2006-11-20 16:11 0 -c--a-w C:\Documents and Settings\Richard Walker\Application Data\internaldb6334.dat
2006-11-20 16:11 0 -c--a-w C:\Documents and Settings\Richard Walker\Application Data\internaldb5436.dat
2006-10-16 00:20 328 -c--a-w C:\Documents and Settings\Richard Walker\Application Data\wklnhst.dat
2007-06-28 06:19 220 --sha-w C:\WINDOWS\dwin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-20 10:39 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 33280 C:\WINDOWS\system32\rundll32.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 22:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 22:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 33280 C:\WINDOWS\system32\rundll32.exe]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 05:27 291760]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 18:19 20480]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 16:16 39792]
"ESP"="c:\Program Files\bigpond\security\app\start.exe" [2006-12-12 02:31 62952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
iFinger 2.1.lnk - D:\Program Files\iFinger\iFinger.exe [2008-02-07 03:52:43 2064384]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-20 10:39:40 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-01-12 07:36:27 450560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
"DisableTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PrxPrx"= {af21b5f5-a1dc-4562-ad47-ad07e61345f8} - C:\WINDOWS\Installer\{af21b5f5-a1dc-4562-ad47-ad07e61345f8}\PrxPrx.dll [2008-02-07 10:32 14374]
"zip"= {04c8f2d3-ab60-4e4d-8759-d21252b6fc78} - C:\WINDOWS\Installer\{04c8f2d3-ab60-4e4d-8759-d21252b6fc78}\zip.dll [2008-02-09 19:44 39462]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-21 16:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTracker Pro.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Richard Walker^Start Menu^Programs^Startup^IMVU.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Richard Walker^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-02 04:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo Project]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Uniblue RegistryBooster2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"ImageItEncrypt"=C:\WINDOWS\system32\ImageItEncrypt.exe
"MediaSync"=C:\Program Files\Acer\Acer eConsole\MediaSync.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe
"SMSERIAL"=sm56hlpr.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"SoundMan"=SOUNDMAN.EXE

R1 MgTaki;MgTaki;C:\WINDOWS\system32\Drivers\mgtaki.sys [2007-03-11 14:24]
R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-18 10:14]
R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 19:41]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-02-25 03:58]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-27 08:47]
S1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys [2006-01-31 09:05]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 19:41]
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\DMSKSSRh.sys []
S3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2006-01-31 09:05]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys [2006-01-31 09:06]
S3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys [2006-01-31 10:17]
S3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2006-01-31 09:04]
S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2006-01-31 09:04]
S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-14 07:46]
S3 qcusbser;ZTE USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\ZTEusbser.sys []
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 17:01]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" [2007-09-06 02:59]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-29 04:38]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2006-10-27 07:45]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 07:16:26 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-02-09 13:29:23 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-07 11:01:38 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 23:30:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\Installer\{af21b5f5-a1dc-4562-ad47-ad07e61345f8}\PrxPrx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\savedump.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
c:\Program Files\bigpond\security\App\syssvcnt.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\dnetc.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\Program Files\bigpond\security\App\splash.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-09 23:33:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-09 13:33:56
.
2008-02-07 08:29:23 --- E O F ---

The new HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:21 PM, on 9/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
c:\Program Files\bigpond\security\App\syssvcnt.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\dnetc.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\iFinger\iFinger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\Program Files\bigpond\security\App\splash.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\bigpond\security\App\Console.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\RICHARD WALKER\Application Data\Mozilla\Profiles\default\wwk1mlvn.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\bigpond\security\App\popupbho01.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - D:\PROGRA~1\iFinger\plugins\IE.ifp
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O3 - Toolbar: BigPond Security Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\bigpond\security\App\popupbho01.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ESP] c:\Program Files\bigpond\security\app\start.exe
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: iFinger 2.1.lnk = D:\Program Files\iFinger\iFinger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://files.authentium.com/bp/rsau/bin/wizard.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201932624703
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS4\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS5\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS6\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O21 - SSODL: PrxPrx - {af21b5f5-a1dc-4562-ad47-ad07e61345f8} - C:\WINDOWS\Installer\{af21b5f5-a1dc-4562-ad47-ad07e61345f8}\PrxPrx.dll
O21 - SSODL: zip - {04c8f2d3-ab60-4e4d-8759-d21252b6fc78} - C:\WINDOWS\Installer\{04c8f2d3-ab60-4e4d-8759-d21252b6fc78}\zip.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BigPond Security System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\bigpond\security\App\syssvcnt.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 12159 bytes

I have also noticed that the processors that you are asking me to check and fix in HJT are always returning back, is this normal?

Hi Michael_Knight,

Thank you for replying, however I have already performed that solution when the problem started, but to no avail. But thank you very much for your input and help. I really appreciate it:)

When you installed Messenger Plus, did you also install the Sponsor that came with it? If so, uninstall the lot, then reimstall without the sponsor.

============

A. Please RUN HijackThis

1. Click the SCAN button to produce a log.
   
2. Place a check mark beside each one of the following items:

   O21 - SSODL: PrxPrx - {af21b5f5-a1dc-4562-ad47-ad07e61345f8} - C:\WINDOWS\Installer\{af21b5f5-a1dc-4562-ad47-ad07e61345f8}\PrxPrx.dll
   O21 - SSODL: zip - {04c8f2d3-ab60-4e4d-8759-d21252b6fc78} - C:\WINDOWS\Installer\{04c8f2d3-ab60-4e4d-8759-d21252b6fc78}\zip.dll

3. Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

B. 1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\Program Files\udefender_setup.exe
C:\Program Files\tmp221203.exe
C:\Program Files\tmp220640.exe
C:\Program Files\tmp220609.exe
C:\Program Files\tmp220265.exe
C:\Program Files\tmp219921.exe
C:\Program Files\tmp149406.exe
C:\Program Files\tmp147421.exe
C:\Program Files\tmp147562.exe
C:\Program Files\tmp147390.exe
C:\Program Files\tmp147343.exe

Folder::
C:\WINDOWS\Installer

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif[/IMG]

7. After reboot, (in case it asks to reboot), please re-enable all the programs that were disabled during the running of ComboFix then post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

====================

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Actually I uninstalled Messanger Plus a long time ago. I will run through your instructions and repost the new logs when finished.

Ok, here are the new logs you requested.

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:51 AM, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
c:\Program Files\bigpond\security\App\syssvcnt.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\dnetc.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\RICHARD WALKER\Application Data\Mozilla\Profiles\default\wwk1mlvn.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\bigpond\security\App\popupbho01.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - D:\PROGRA~1\iFinger\plugins\IE.ifp
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O3 - Toolbar: BigPond Security Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\bigpond\security\App\popupbho01.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ESP] c:\Program Files\bigpond\security\app\start.exe
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: iFinger 2.1.lnk = D:\Program Files\iFinger\iFinger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://files.authentium.com/bp/rsau/bin/wizard.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201932624703
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS4\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS5\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS6\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O21 - SSODL: PrxPrx - {af21b5f5-a1dc-4562-ad47-ad07e61345f8} - C:\WINDOWS\Installer\{af21b5f5-a1dc-4562-ad47-ad07e61345f8}\PrxPrx.dll (file missing)
O21 - SSODL: zip - {04c8f2d3-ab60-4e4d-8759-d21252b6fc78} - C:\WINDOWS\Installer\{04c8f2d3-ab60-4e4d-8759-d21252b6fc78}\zip.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BigPond Security System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\bigpond\security\App\syssvcnt.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 11978 bytes

ComboFix Log

ComboFix 08-02.05.3 - Richard Walker 2008-02-10 10:55:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.672 [GMT 10:00]
Running from: C:\Documents and Settings\Richard Walker\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Richard Walker\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Program Files\tmp147343.exe
C:\Program Files\tmp147390.exe
C:\Program Files\tmp147421.exe
C:\Program Files\tmp147562.exe
C:\Program Files\tmp149406.exe
C:\Program Files\tmp219921.exe
C:\Program Files\tmp220265.exe
C:\Program Files\tmp220609.exe
C:\Program Files\tmp220640.exe
C:\Program Files\tmp221203.exe
C:\Program Files\udefender_setup.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\tmp147343.exe
C:\Program Files\tmp147390.exe
C:\Program Files\tmp147421.exe
C:\Program Files\tmp147562.exe
C:\Program Files\tmp149406.exe
C:\Program Files\tmp219921.exe
C:\Program Files\tmp220265.exe
C:\Program Files\tmp220609.exe
C:\Program Files\tmp220640.exe
C:\Program Files\tmp221203.exe
C:\Program Files\udefender_setup.exe
C:\WINDOWS\Installer
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\CacheSize.txt
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWSS.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACWZLIB.ACCDE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACWZMAIN.ACCDE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACWZTOOL.ACCDE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACWZUSR12.ACCDU
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\APEX.EFTX
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\APEX.THMX
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\BINDER.DLL_0001
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CNFNOT32.EXE_0004
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\COLLIMP.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONCOURSE.EFTX
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONCOURSE.THMX
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DW20.EXE_0001
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWDCW20.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EMSMDB32.DLL_0005
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXSEC32.DLL_0001
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FM20.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FORM.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INFOPATH.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOLK.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMHOST.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMINT.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MDIGRAPH.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MDIINK.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSACC.OLB
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSACCESS.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\msmdlocal.dll.5DF9D670_534C_4AB2_B0C6_FF0B0C448C29
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\msmgdsrv.dll.5DF9D670_534C_4AB2_B0C6_FF0B0C448C29
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\msolap90.dll.5DF9D670_534C_4AB2_B0C6_FF0B0C448C29
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\msolui90.dll.5DF9D670_534C_4AB2_B0C6_FF0B0C448C29
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOSHEXT.DLL.x86
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPCORE.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPFILT.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPPT.OLB
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPST32.DLL_0004
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPTLS.DLL_0001
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORES.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\msxml5.dll.AB5E1073_AD9B_48DF_B07F_3E445B5A45CF
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NAME.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OART.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODSERV.EXE_0001
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFDIAG.EXE_0001
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFFILTX.DLL.x86
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICE.ODF
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFLB.EXE_0001
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OIS.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ORGCHART.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUP.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLVBS.DLL_0001
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OWSCLT.DLL_0001
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OWSSUPP.DLL_0001
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSOM.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REGFORM.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REVERSE.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RICHED20.DLL_0001
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCANPST.EXE_0002
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOA.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SSGEN.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\THOCR.PSP
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWLAY32.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWORIENT.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECC.DLL_0002
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECE.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECS.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\UTILITY.ACCDA
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBE6.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBE6EXT.OLB
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWER.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPIA.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XFILE.PSP
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XOCR3.PSP
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XSCAN32.PSP
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\COLORSCHEME_APEX.XML
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\COLORSCHEME_CONCOURSE.XML
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\EXCEL.MAN
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\EXCEL.PIP
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FONTSCHEME_APEX.XML
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FONTSCHEME_CONCOURSE.XML
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\msxml5.dll.AB5E1073_AD9B_48DF_B07F_3E445B5A45CF
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\xmlrw.dll.1887A514_D285_4653_98A1_6B7128517683
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\xmlrwbin.dll.1887A514_D285_4653_98A1_6B7128517683
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\CacheSize.txt
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\AEC.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\BSTORM.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\DBENGR.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\DRILLDWN.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\DWGCNV.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\DWGDP.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\FACILITY.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\GANTT.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\HVAC.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ORGCHART.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ORGCHWIZ.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\PE.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\SG.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\TIMESOLN.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\UML.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\VISBRGR.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\VISFILT.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\VISGRF.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\VISIO.EXE
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\VISLIB.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\VISWEB.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\XFUNC.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\CacheSize.txt
C:\WINDOWS\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.4518\NOTEBOOK01.ONEPKG_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.4518\NOTEBOOK03.ONEPKG_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.4518\NOTEBOOK04.ONEPKG_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.4518\NOTEBOOK05.ONEPKG_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.4518\NOTEBOOK06.ONEPKG_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.4518\NOTEBOOK07.ONEPKG_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.4518\ONGUIDE.ONEPKG_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\CacheSize.txt
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.4518\MSAIN.DLL_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.4518\MSCAL.OCX_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\CacheSize.txt
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.4518\ANALYS32.XLL_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.4518\msmdsrv.rll.9A79CA30_E70C_44A2_8461_78FED6A7E4DC
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\CacheSize.txt
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.4518\XLSRVINTL.DLL_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\CacheSize.txt
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.4518\MAPIR.DLL_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.4518\OUTLLIBR.DLL_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\CacheSize.txt
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC\12.0.4518\ACEINTL.DLL_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC\12.0.4518\ACEWSTR.DLL_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC\12.0.4518\CGMIMP32.FLT_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC\12.0.4518\EPSIMP32.FLT_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC\12.0.4518\MSOINTL.DLL_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC\12.0.4518\PICTIM32.FLT_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC\12.0.4518\PORTCNRC.DLL_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC\12.0.4518\RECOVR32.CNV_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC\12.0.4518\WPFT532.CNV_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC\12.0.4518\WPFT632.CNV_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC\CacheSize.txt
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F10090400000000000F01FEC\12.0.4518\NLSLEX.DLL_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F10090400000000000F01FEC\12.0.4518\NLSMODEL.DLL_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F10090400000000000F01FEC\CacheSize.txt
C:\WINDOWS\Installer\$PatchCache$\Managed\0E8BA73496BF22242B086AF4D32E5219\8.0.50727\FL_wmiscriptutils_dll_____X86.3643236F_FC70_11D3_A536_0090278A1BB8
C:\WINDOWS\Installer\$PatchCache$\Managed\0E8BA73496BF22242B086AF4D32E5219\CacheSize.txt
C:\WINDOWS\Installer\$PatchCache$\Managed\7DDFFFA258DE09A4C825D59ABECDB9F8\9.0.1399\sqlaccess.dll.D5FA3BDB_C132_4ACB_9BCE_75B981C3A65B
C:\WINDOWS\Installer\$PatchCache$\Managed\7DDFFFA258DE09A4C825D59ABECDB9F8\9.0.1399\sqlservr.exe.CC1A8C58_27D1_4D38_BF1B_C0A5CBB90616
C:\WINDOWS\Installer\$PatchCache$\Managed\7DDFFFA258DE09A4C825D59ABECDB9F8\CacheSize.txt
C:\WINDOWS\Installer\$PatchCache$\Managed\967FE07C69280DE469F66D42CBD69472\4.94.9\defvn.dll.55B252DC_C3A4_11D3_A21E_005004AD29B2
C:\WINDOWS\Installer\$PatchCache$\Managed\967FE07C69280DE469F66D42CBD69472\CacheSize.txt
C:\WINDOWS\Installer\{04c8f2d3-ab60-4e4d-8759-d21252b6fc78}\zip.dll
C:\WINDOWS\Installer\{0837A661-FEC3-48B3-876C-91E7D32048A9}\DWARPPRODUCTICON.exe
C:\WINDOWS\Installer\{0837A661-FEC3-48B3-876C-91E7D32048A9}\READMESHORTCUT.htm
C:\WINDOWS\Installer\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}\ARPIco
C:\WINDOWS\Installer\{0CB98AC0-D691-4B21-AD3D-95982517021D}\1033.MST
C:\WINDOWS\Installer\{0CB98AC0-D691-4B21-AD3D-95982517021D}\ARPPRODUCTICON.exe
C:\WINDOWS\Installer\{0CB98AC0-D691-4B21-AD3D-95982517021D}\NewShortcut3_EFF85A5E75B24760B4DDCF1BD921F20C.exe
C:\WINDOWS\Installer\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}\folder.ico
C:\WINDOWS\Installer\{1389C6A4-4965-4AEC-9175-08B54A10FA48}\ProductIcon.ico
C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\1033.MST
C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\ARPPRODUCTICON.exe
C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut11.exe
C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut2.exe
C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut3.exe
C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut4.exe
C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut5.exe
C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut6.txt
C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut7.exe
C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut8.exe
C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut9.EXE
C:\WINDOWS\Installer\{236BB7C4-4419-42FD-0409-1E257A25E34D}\NewShortcut1_236BB7C4441942FD04091E257A25E34D.exe
C:\WINDOWS\Installer\{236BB7C4-4419-42FD-0409-1E257A25E34D}\NewShortcut2_236BB7C4441942FD04091E257A25E34D
C:\WINDOWS\Installer\{236BB7C4-4419-42FD-0409-1E257A25E34D}\NewShortcut3_236BB7C4441942FD04091E257A25E34D
C:\WINDOWS\Installer\{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}\ARPIcon.ico
C:\WINDOWS\Installer\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\ARPPRODUCTICONFL8.exe
C:\WINDOWS\Installer\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\READMESHORTCUTICON.ico
C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150100}\sp1033.MST
C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0160030}\sp1033.MST
C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe
C:\WINDOWS\Installer\{385979FE-DC4F-4140-8EAD-A59625000D72}\1033.MST
C:\WINDOWS\Installer\{385979FE-DC4F-4140-8EAD-A59625000D72}\ARPPRODUCTICON.exe
C:\WINDOWS\Installer\{3bb880af-3d12-4362-88c4-a67bd964c7ca}\zip.dll
C:\WINDOWS\Installer\{437AB8E0-FB69-4222-B280-A64F3DE22591}\Dexplore_Icon
C:\WINDOWS\Installer\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}\ARPPRODUCTICON.exe
C:\WINDOWS\Installer\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}\Fireworks.exe_4C24A8C17CFA4650AF15732F5BD7B46D.exe
C:\WINDOWS\Installer\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}\NewShortcut3_4C24A8C17CFA4650AF15732F5BD7B46D.exe
C:\WINDOWS\Installer\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}\NewShortcut4_4C24A8C17CFA4650AF15732F5BD7B46D.exe
C:\WINDOWS\Installer\{50120000-1105-0000-0000-0000000FF1CE}\misc.exe
C:\WINDOWS\Installer\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}\ARPIcon.ico
C:\WINDOWS\Installer\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}\EMARPPRODUCTICON.exe
C:\WINDOWS\Installer\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}\READMEICON.htm
C:\WINDOWS\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_9FA356B1395F_4530_8CB3_946ED0B3291E.exe
C:\WINDOWS\Installer\{7505DE9C-4E85-4636-82F0-50F38077B900}\IconRegWiz.6F2B3983_59B8_11D3_B360_00A0C9DA500E.exe
C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\_31E17DA65B49_4890_8278_D9E0E69C669C.exe
C:\WINDOWS\Installer\{78C5D256-A94E-4593-BB24-CED07AFC7938}\ARPPRODUCTICON.exe
C:\WINDOWS\Installer\{78C5D256-A94E-4593-BB24-CED07AFC7938}\New_Shortcut_S1245_A8EB5A2133B04A97AEEFDFB17E2E701D.exe
C:\WINDOWS\Installer\{78C5D256-A94E-4593-BB24-CED07AFC7938}\New_Shortcut_S1246_A8EB5A2133B04A97AEEFDFB17E2E701D.exe
C:\WINDOWS\Installer\{78C5D256-A94E-4593-BB24-CED07AFC7938}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe
C:\WINDOWS\Installer\{78C5D256-A94E-4593-BB24-CED07AFC7938}\New_Shortcut_S16991_EC0ADF6319EA42F796E16E7907D106A4.exe
C:\WINDOWS\Installer\{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}\Setup.ico
C:\WINDOWS\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ARPIcon
C:\WINDOWS\Installer\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}\ARPPRODUCTICONFLV1.exe
C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
C:\WINDOWS\Installer\{90120000-0017-0000-0000-0000000FF1CE}\cagicon.exe
C:\WINDOWS\Installer\{90120000-0026-0000-0000-0000000FF1CE}\cagicon.exe
C:\WINDOWS\Installer\{90120000-0026-0000-0000-0000000FF1CE}\misc.exe
C:\WINDOWS\Installer\{90120000-0026-0000-0000-0000000FF1CE}\mspicons.exe
C:\WINDOWS\Installer\{90120000-0026-0000-0000-0000000FF1CE}\oisicon.exe
C:\WINDOWS\Installer\{90120000-0026-0000-0000-0000000FF1CE}\ShellUI.MST
C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\graph.ico
C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\GrooveIcon.ico
C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\ShellUI.MST
C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\WINDOWS\Installer\{90120000-003B-0000-0000-0000000FF1CE}\cagicon.exe
C:\WINDOWS\Installer\{90120000-0051-0000-0000-0000000FF1CE}\cagicon.exe
C:\WINDOWS\Installer\{90120000-0051-0000-0000-0000000FF1CE}\misc.exe
C:\WINDOWS\Installer\{90120000-0051-0000-0000-0000000FF1CE}\mspicons.exe
C:\WINDOWS\Installer\{90120000-0051-0000-0000-0000000FF1CE}\oisicon.exe
C:\WINDOWS\Installer\{90120000-0051-0000-0000-0000000FF1CE}\ShellUI.MST
C:\WINDOWS\Installer\{90120000-0051-0000-0000-0000000FF1CE}\visicon.exe
C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
C:\WINDOWS\Installer\{96327C3C-96BE-4C7A-A6F7-A71635E5949A}\ARPIco
C:\WINDOWS\Installer\{98FA9751-E7E0-4509-BE22-0E66BE8592B4}\MAIcon.exe
C:\WINDOWS\Installer\{98FA9751-E7E0-4509-BE22-0E66BE8592B4}\MTIcon.exe
C:\WINDOWS\Installer\{98FA9751-E7E0-4509-BE22-0E66BE8592B4}\QBIcon.exe
C:\WINDOWS\Installer\{98FA9751-E7E0-4509-BE22-0E66BE8592B4}\SysTrayIcon.exe
C:\WINDOWS\Installer\{9A346205-EA92-4406-B1AB-50379DA3F057}\NewShortcut3_9A346205EA924406B1AB50379DA3F057.exe
C:\WINDOWS\Installer\{A4512736-8D63-4298-9271-5329931FA46B}\ARPIco
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70900000002}\FDFFile.ico
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70900000002}\PDXFile.ico
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70900000002}\RMFFile.ico
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70900000002}\SC_Reader_PM.ico
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70900000002}\XDPFile.ico
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\APIFile_8.ico
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\FDFFile_8.ico
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\PDFFile_8.ico
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\PDXFile_8.ico
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\RMFFile_8.ico
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SecStoreFile.ico
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\XDPFile_8.ico
C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_Sprint.exe.exe
C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\1033.mst
C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\ARPPRODUCTICON.exe
C:\WINDOWS\Installer\{af21b5f5-a1dc-4562-ad47-ad07e61345f8}\PrxPrx.dll
C:\WINDOWS\Installer\{AFD0A7E2-C28E-49E1-9939-A00AF134304D}\ArpIcon
C:\WINDOWS\Installer\{B383EEC2-A3EC-4E76-9CFC-26A2328712FC}\ARPIco
C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\AdobeBridge_B74D4E10103300000000000000000001_1.exe
C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\BridgeCommonShortcut_B74D4E101033000000000001_1.exe
C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\ESLaunchShortcut_B74D4E10103300000000000000000001.exe
C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\NewShortcut2_B74D4E10103300000000000000000001.exe
C:\WINDOWS\Installer\{BAF78226-3200-4DB4-BE33-4D922A799840}\ArpIcon
C:\WINDOWS\Installer\{BB926F32-7619-477D-9F3F-7AF355EB4A05}\ArpIcon
C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
C:\WINDOWS\Installer\{C25EF637-BE7A-4761-9B45-9069989C319F}\Dexplore_Icon
C:\WINDOWS\Installer\{C6F5B6CF-609C-428E-876F-CA83176C021B}\Navw32.ico
C:\WINDOWS\Installer\{DC15E07B-F9FC-4A08-945D-EF3B1B07B0E6}\WBIcon.exe
C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
C:\WINDOWS\Installer\{E9787678-1033-0000-8E67-000000000001}\AppLanuchShortcut_E9787678103300008E67000000000001_1.exe
C:\WINDOWS\Installer\{E9787678-1033-0000-8E67-000000000001}\ProgramMenuShortcut_E9787678103300008E670000000001_1.exe
C:\WINDOWS\Installer\{F325CF11-27CE-4872-8022-6E9EB27DF24F}\Navw32.ico
C:\WINDOWS\Installer\{F9933E6B-AC5D-4FD0-BDD8-5A8905F2A3D4}\Application
C:\WINDOWS\Installer\{FCE6F0D9-0888-4F8E-9C14-62F096CD8758}\ARPIcon.ico
C:\WINDOWS\Installer\11401e.msp
C:\WINDOWS\Installer\1609c9f.msp
C:\WINDOWS\Installer\1609d14.msi
C:\WINDOWS\Installer\174ad2b.msi
C:\WINDOWS\Installer\18981.msi
C:\WINDOWS\Installer\18985.msi
C:\WINDOWS\Installer\1898c.msi
C:\WINDOWS\Installer\18994.msp
C:\WINDOWS\Installer\1a4003.msp
C:\WINDOWS\Installer\1a4010.msi
C:\WINDOWS\Installer\1a4017.msi
C:\WINDOWS\Installer\1a401e.msi
C:\WINDOWS\Installer\1a4025.msi
C:\WINDOWS\Installer\1bd5842.msp
C:\WINDOWS\Installer\1bd9006.msi
C:\WINDOWS\Installer\1bd900f.msi
C:\WINDOWS\Installer\1cd37ae.msp
C:\WINDOWS\Installer\1cf8dbd.mst
C:\WINDOWS\Installer\1dff100.msi
C:\WINDOWS\Installer\1f01bc2.msi
C:\WINDOWS\Installer\20a2c3b.msp
C:\WINDOWS\Installer\20a2c51.msi
C:\WINDOWS\Installer\20a2c59.msi
C:\WINDOWS\Installer\20a2c75.msp
C:\WINDOWS\Installer\22f03cf.msi
C:\WINDOWS\Installer\22f376d.msi
C:\WINDOWS\Installer\22f3773.msi
C:\WINDOWS\Installer\22f3779.msi
C:\WINDOWS\Installer\22f3789.msi
C:\WINDOWS\Installer\22f3791.msi
C:\WINDOWS\Installer\22f37a7.msi
C:\WINDOWS\Installer\22f37ad.msi
C:\WINDOWS\Installer\22f37b3.msi
C:\WINDOWS\Installer\22f37b9.msi
C:\WINDOWS\Installer\22f37bf.msi
C:\WINDOWS\Installer\22f37c8.msi
C:\WINDOWS\Installer\264fe5b.msi
C:\WINDOWS\Installer\27e5b43.msi
C:\WINDOWS\Installer\281be25.msi
C:\WINDOWS\Installer\281be2b.msi
C:\WINDOWS\Installer\281be48.msi
C:\WINDOWS\Installer\281be5c.msi
C:\WINDOWS\Installer\281be6c.msi
C:\WINDOWS\Installer\281be74.msi
C:\WINDOWS\Installer\281be7a.msi
C:\WINDOWS\Installer\2871d86.msi
C:\WINDOWS\Installer\2afd839.msp
C:\WINDOWS\Installer\2afd851.msp
C:\WINDOWS\Installer\2b0343c.mst
C:\WINDOWS\Installer\2b03440.mst
C:\WINDOWS\Installer\2cbf2cd.msp
C:\WINDOWS\Installer\2cbf2ef.msp
C:\WINDOWS\Installer\2efc005.msp
C:\WINDOWS\Installer\2efc01e.msp
C:\WINDOWS\Installer\2efc04e.msp
C:\WINDOWS\Installer\2efc056.msi
C:\WINDOWS\Installer\2efc06d.msp
C:\WINDOWS\Installer\2efc09d.msp
C:\WINDOWS\Installer\2f4eb0.msp
C:\WINDOWS\Installer\2f50f.msp
C:\WINDOWS\Installer\2f9f9ec.msp
C:\WINDOWS\Installer\2f9fa03.msp
C:\WINDOWS\Installer\3015ad5.mst
C:\WINDOWS\Installer\30c462.msi
C:\WINDOWS\Installer\30c46c.msi
C:\WINDOWS\Installer\3109a88.msi
C:\WINDOWS\Installer\3109a8c.msi
C:\WINDOWS\Installer\3186ed.msi
C:\WINDOWS\Installer\321fd1c.msi
C:\WINDOWS\Installer\324c682.msi
C:\WINDOWS\Installer\324c6d7.msi
C:\WINDOWS\Installer\32631e.msi
C:\WINDOWS\Installer\326324.msi
C:\WINDOWS\Installer\32632a.msi
C:\WINDOWS\Installer\326330.msi
C:\WINDOWS\Installer\326336.msi
C:\WINDOWS\Installer\3300d16.msi
C:\WINDOWS\Installer\34bb6f7.msp
C:\WINDOWS\Installer\35f090.msi
C:\WINDOWS\Installer\360cb4f.msp
C:\WINDOWS\Installer\36114.msi
C:\WINDOWS\Installer\363875d.msp
C:\WINDOWS\Installer\3638775.msp
C:\WINDOWS\Installer\36387d1.msp
C:\WINDOWS\Installer\36387e9.msp
C:\WINDOWS\Installer\3638807.msp
C:\WINDOWS\Installer\36a29b9.msi
C:\WINDOWS\Installer\371292e.msp
C:\WINDOWS\Installer\4398e5.msp
C:\WINDOWS\Installer\4399a2.msp
C:\WINDOWS\Installer\4399ac.msp
C:\WINDOWS\Installer\439a12.msp
C:\WINDOWS\Installer\439a1a.msp
C:\WINDOWS\Installer\439a24.msp
C:\WINDOWS\Installer\439a37.msp
C:\WINDOWS\Installer\439a4c.msp
C:\WINDOWS\Installer\439a54.msp
C:\WINDOWS\Installer\43bf7e.msi
C:\WINDOWS\Installer\43bf81.msi
C:\WINDOWS\Installer\4dfa1a.msi
C:\WINDOWS\Installer\4dfa1b.msp
C:\WINDOWS\Installer\4dfa1c.msp
C:\WINDOWS\Installer\4dfa1d.msp
C:\WINDOWS\Installer\4dfa1e.msp
C:\WINDOWS\Installer\4dfa1f.msp
C:\WINDOWS\Installer\4dfa20.msp
C:\WINDOWS\Installer\4dfa21.msp
C:\WINDOWS\Installer\4dfa22.msp
C:\WINDOWS\Installer\4dfa23.msp
C:\WINDOWS\Installer\4e6b37.msi
C:\WINDOWS\Installer\4e6b3b.msi
C:\WINDOWS\Installer\4e6b3f.msi
C:\WINDOWS\Installer\4e6b6a.msi
C:\WINDOWS\Installer\4e6b72.msi
C:\WINDOWS\Installer\536ed.msi
C:\WINDOWS\Installer\536f5.msi
C:\WINDOWS\Installer\536fc.msi
C:\WINDOWS\Installer\53703.msi
C:\WINDOWS\Installer\5370a.msi
C:\WINDOWS\Installer\53711.msi
C:\WINDOWS\Installer\53718.msi
C:\WINDOWS\Installer\5371f.msi
C:\WINDOWS\Installer\53726.msi
C:\WINDOWS\Installer\5372d.msi
C:\WINDOWS\Installer\53734.msi
C:\WINDOWS\Installer\5373b.msi
C:\WINDOWS\Installer\53742.msi
C:\WINDOWS\Installer\53749.msi
C:\WINDOWS\Installer\5b00.msi
C:\WINDOWS\Installer\5b0a.msi
C:\WINDOWS\Installer\798a.msi
C:\WINDOWS\Installer\7a1e28.msi
C:\WINDOWS\Installer\82a63d.msi
C:\WINDOWS\Installer\82f5b.msi
C:\WINDOWS\Installer\82f7d.msi
C:\WINDOWS\Installer\8c5cc0.msi
C:\WINDOWS\Installer\8c5ccc.msi
C:\WINDOWS\Installer\8c5cdc.msi
C:\WINDOWS\Installer\a10b.msi
C:\WINDOWS\Installer\a26387.msi
C:\WINDOWS\Installer\a263fc.msi
C:\WINDOWS\Installer\a4a968.msp
C:\WINDOWS\Installer\b2c27a.msi
C:\WINDOWS\Installer\b4f5c.msi
C:\WINDOWS\Installer\b4f69.msi
C:\WINDOWS\Installer\e6e136.msi
C:\WINDOWS\Installer\eded12.msi
C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi
C:\WINDOWS\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi

.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-09 23:19 . 2004-08-04 00:56 388,608 --a------ C:\kmd.exe
2008-02-09 22:51 . 2008-02-09 22:51 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-09 22:46 . 2008-02-09 22:46 <DIR> d-------- C:\Program Files\Common Files\Nikon
2008-02-09 22:12 . 2008-02-09 22:12 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-02-09 22:11 . 2008-02-09 22:11 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-02-09 22:11 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-02-09 21:26 . 2008-02-09 21:26 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-09 21:19 . 2008-02-09 21:19 <DIR> d-------- C:\Program Files\Pro Imaging Powertoys
2008-02-09 19:54 . 2008-02-09 19:54 <DIR> d-------- C:\Program Files\SysCleaner
2008-02-09 19:33 . 2007-10-11 09:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-09 19:33 . 2007-07-01 13:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-09 19:33 . 2007-07-01 13:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-09 19:33 . 2007-10-11 09:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-09 19:33 . 2007-10-11 09:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-09 19:33 . 2007-10-11 09:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-09 19:33 . 2007-10-11 09:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-09 19:33 . 2007-10-11 09:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-09 19:33 . 2007-10-10 20:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-09 18:49 . 2008-02-09 18:49 <DIR> d-------- C:\Program Files\VirusTotalUploader
2008-02-09 16:01 . 2008-02-09 16:01 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-08 17:49 . 2006-06-14 18:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-02-08 17:33 . 2008-02-10 10:54 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-02-08 17:21 . 2008-02-08 17:30 <DIR> d-------- C:\WINDOWS\system32\oldcatroot2
2008-02-08 17:19 . 2008-02-08 17:19 <DIR> d-------- C:\WINDOWS\Sdold
2008-02-08 16:35 . 2008-02-08 16:35 <DIR> d-------- C:\Documents and Settings\Richard Walker\Application Data\Uniblue
2008-02-08 16:25 . 2008-02-08 16:53 <DIR> d-------- C:\Program Files\Uniblue
2008-02-08 14:13 . 2008-02-09 23:28 1,073,307,648 --a------ C:\WINDOWS\MEMORY.DMP
2008-02-08 11:29 . 2004-08-04 18:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-02-08 11:29 . 2001-08-18 16:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-02-08 11:29 . 2001-08-18 16:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-02-08 11:29 . 2001-08-18 16:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-02-08 11:29 . 2001-08-18 16:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-02-08 11:27 . 2001-08-18 07:28 765,884 --a--c--- C:\WINDOWS\system32\dllcache\usrti.sys
2008-02-08 11:26 . 2001-08-18 07:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-02-08 11:25 . 2001-08-18 16:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-02-08 11:24 . 2001-08-18 06:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-02-08 11:23 . 2001-08-18 16:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2008-02-08 11:22 . 2001-08-18 08:56 157,696 --a--c--- C:\WINDOWS\system32\dllcache\sisv256.dll
2008-02-08 11:21 . 2001-08-18 16:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-02-08 11:20 . 2001-08-18 16:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-02-08 11:19 . 2001-08-18 07:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-02-08 11:18 . 2004-08-04 18:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-02-08 11:17 . 2001-08-18 08:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-02-08 11:16 . 2001-08-18 06:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-02-08 11:15 . 2001-08-18 06:11 128,000 --a--c--- C:\WINDOWS\system32\dllcache\n100325.sys
2008-02-08 11:14 . 2001-08-18 06:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-02-08 11:13 . 2001-08-18 07:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-02-08 11:12 . 2001-08-18 16:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-02-08 11:11 . 2004-08-04 18:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-02-08 11:10 . 2001-08-18 08:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-02-08 11:09 . 2001-08-18 06:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2008-02-08 11:08 . 2001-08-18 07:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-02-08 11:07 . 2001-08-18 06:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-02-08 11:06 . 2004-08-04 18:56 249,856 --a--c--- C:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-02-08 11:05 . 2001-08-18 06:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-02-08 11:04 . 2001-08-18 07:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-02-08 11:03 . 2001-08-18 07:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-02-08 07:23 . 2008-02-08 07:23 <DIR> d-------- C:\Program Files\Common Files\RuleSpace
2008-02-08 07:23 . 2008-02-08 07:23 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-02-08 07:23 . 2008-02-08 07:23 <DIR> d-------- C:\Program Files\Common Files\Aluria
2008-02-08 07:23 . 2008-02-07 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Authentium
2008-02-08 07:22 . 2008-02-08 07:22 <DIR> d-------- C:\Program Files\bigpond
2008-02-08 07:11 . 2008-02-07 18:27 <DIR>

No worries :). Let's give it a day or two and let us know if everything is still ok.

I will, and thank you very much for all the help you have given me. I really appreciate this so much, you are a true life saver:)

You are welcome :).

I have a similar problem and from reading the above post it is way above my area of expertise. I did download the hijackthis version recommended and her is the results.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:57 PM, on 2/19/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Omni\OmniMouse driver\10.0\GTGMouse.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [GTGMOUSE] "C:\Program Files\Omni\OmniMouse driver\10.0\GTGMouse.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9842 bytes

Thanks in advance for any help

I am having the same issue. Ran different anti-virus programs, which finds and fixes the viruses, but the tabs/extra pages keep opening up.
Help please!!!
I ran hijackthis program and came up with the following log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:17:25 AM, on 4/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Atari\ArmA\GameTracker\GSInGameService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\VIDEOD~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ToolbarBHO Class - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\PROGRA~1\ArcSoft\RAWTHU~1\EXIFToolBar.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - (no file)
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~1\ArcSoft\RAWTHU~1\EXIFToolBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Read EXIF - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://216.105.79.223:5000/VatDec.cab
O16 - DPF: {495DEA80-49C2-4891-94CD-C2016615D16F} (ProductView Control) - http://www.catalogds.com/dtd/pvcadview.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} (BejeweledTwist Control) - http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{818D6D19-1E5F-4D4E-B4E2-E94F07CD6866}: NameServer = 209.237.84.13,209.237.84.14
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Atari\ArmA\GameTracker\GSInGameService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 10921 bytes

FEsch |
I am having the same issue. Ran different anti-virus programs, which finds and fixes the viruses, but the tabs/extra pages keep opening up.
Help please!!!

This thread is SOLVED and has been for 2 years.

We ask that members not piggy-back questions on to a thread previously started by another member here in the Viruses, Spyware & other Nasties forum, (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/forums/faq.ph...niweb_policies

Multiple tabs in rapid-fire succession are opened whenever I would click-on a zip file download.

Check the dates, this thread has been dead for 2 years!!!