Virus opening Iexplorer, with dreaded about.blank

aliEnRIK

Clearly the keygen wasnt all it seemed
id suggest SCANNING them before using them in the future!

marleyboy

Ok Ive ran the Eset Onlinescan (NOD32) again and after another 4 hours it predictably closed itself again leaving no logs.

I cant help but feel I am wasting my time with this online scanner, I certainly don't anticipate running it a 5th or 6th time, surely there is another more "suitable" online scanner, that at least warns you if its going to reset, as that is now a total of 17 hours I have wasted on that site, I still suspect no matter how many times I run it, its going to do the same thing again.

aliEnRIK

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• Save the file to your desktop.
• Copy and paste that information in your next post.

(Might 'need' to use internet explorer for it to work)

thomas01155

You had and may still have one of the annoying new vundo i recommend running combo fix make sure to disable your antivirus while doing it. Past the log file back here after http://www.bleepingcomputer.com/combofix/how-to-use-combofix

marleyboy

Ran Combofix, below is log file;

ComboFix 09-01-08.01 - Rik 2009-01-08 22:14:27.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.678 [GMT 0:00]
Running from: C:\Documents and Settings\Rik\Desktop\ComboFixer.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: PC Tools Firewall Plus *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\twain_32
C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds
C:\Documents and Settings\NetworkService\Application Data\twain_32
C:\Documents and Settings\NetworkService\Application Data\twain_32\user.ds
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\elodalem.ini
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\obaheguk.ini
C:\WINDOWS\system32\omuhihuv.ini
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2027-09-13 21:16 . 2006-09-19 17:03 <DIR> d

---

C:\Documents and Settings\Rik\Application Data\Keyhole
2009-01-07 02:24 . 2009-01-08 19:34 <DIR> d

---

C:\Program Files\EsetOnlineScanner
2009-01-04 12:24 . 2009-01-04 12:24 <DIR> d

---

C:\Documents and Settings\Rik\Application Data\PCToolsFirewallPlus
2009-01-04 12:19 . 2009-01-08 22:08 <DIR> d

---

C:\ComboFix
2009-01-04 12:16 . 2009-01-04 12:17 <DIR> d

---

C:\32788R22FWJFW.0.tmp
2009-01-04 11:48 . 2008-07-28 11:29 160,792 --a

---

C:\WINDOWS\system32\drivers\pctfw2.sys
2009-01-04 11:48 . 2008-07-17 16:53 93,952 --a

---

C:\WINDOWS\system32\drivers\pctfw.sys
2009-01-04 11:47 . 2009-01-06 10:42 <DIR> d

---

C:\Program Files\PC Tools Firewall Plus
2009-01-04 11:47 . 2009-01-04 11:48 <DIR> d

---

C:\Program Files\Common Files\PC Tools
2009-01-04 11:47 . 2008-08-05 15:58 58,136 --a

---

C:\WINDOWS\system32\drivers\FWAuthdriver.sys
2009-01-04 11:46 . 2009-01-04 11:57 <DIR> d

---

C:\Program Files\ThreatFire
2009-01-04 11:46 . 2009-01-04 11:46 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\PC Tools
2009-01-04 11:46 . 2008-11-17 13:05 51,488 --a

---

C:\WINDOWS\system32\drivers\TfFsMon.sys
2009-01-04 11:46 . 2008-11-17 13:05 39,200 --a

---

C:\WINDOWS\system32\drivers\TfSysMon.sys
2009-01-04 11:46 . 2008-11-17 13:05 33,056 --a

---

C:\WINDOWS\system32\drivers\TfNetMon.sys
2009-01-04 11:46 . 2008-11-17 13:05 12,576 --a

---

C:\WINDOWS\system32\drivers\TfKbMon.sys
2009-01-04 11:29 . 2009-01-04 11:29 <DIR> d

---

C:\Program Files\Avira
2009-01-04 11:29 . 2009-01-04 11:29 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Avira
2009-01-03 13:21 . 2009-01-08 13:19 <DIR> d

---

C:\Program Files\Malwarebytes' Anti-Malware
2009-01-03 13:21 . 2009-01-03 13:21 <DIR> d

---

C:\Documents and Settings\Rik\Application Data\Malwarebytes
2009-01-03 13:21 . 2009-01-03 13:21 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-03 13:21 . 2009-01-04 18:38 38,496 --a

---

C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-01-03 13:21 . 2009-01-04 18:38 15,504 --a

---

C:\WINDOWS\system32\drivers\mbam.sys
2009-01-03 06:15 . 2009-01-08 22:28 3,375,093 --a

---

C:\WINDOWS\!!00000000-00000000-0000000A-00001102-00000002-00201102}.BAK
2008-12-29 14:19 . 2008-12-29 14:19 2,713 ---hs---- C:\WINDOWS\system32\puyugemi.dll
2008-12-27 01:38 . 2008-12-27 01:38 <DIR> d

---

C:\Program Files\Common Files\xing shared
2008-12-20 13:58 . 2008-12-20 17:59 <DIR> d

---

C:\divx
2008-12-15 18:04 . 2008-12-15 18:04 <DIR> d

---

C:\Program Files\s1clone

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2027-09-14 08:27

---

d

---

w C:\Program Files\PopUpCop
2009-01-08 01:32

---

d

---

w C:\Program Files\eMule
2009-01-06 10:42

---

d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-05 01:00

---

d

---

w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-01-04 19:13

---

d

---

w C:\Program Files\SUPERAntiSpyware
2009-01-04 14:05

---

d

---

w C:\Program Files\DVDIdle
2009-01-04 13:11

---

d

---

w C:\Program Files\Raxco
2009-01-04 13:11

---

d

---

w C:\Program Files\CA
2009-01-04 13:11

---

d

---

w C:\Documents and Settings\Rik\Application Data\Virgin Broadband
2009-01-04 13:11

---

d

---

w C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2009-01-03 04:48

---

d

---

w C:\Program Files\SweetIM
2009-01-03 04:46

---

d

---

w C:\Program Files\InstallShield Installation Information
2009-01-03 04:23

---

d

---

w C:\Documents and Settings\Rik\Application Data\Desktop Sidebar
2009-01-02 04:37

---

d

---

w C:\Documents and Settings\Rik\Application Data\Sony
2008-12-27 01:36

---

d

---

w C:\Program Files\Common Files\Real
2008-12-27 01:34 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-12-27 01:22

---

d

---

w C:\Program Files\TubeSucker
2008-12-21 12:46

---

d

---

w C:\Program Files\Windows Live Safety Center
2008-11-26 02:24

---

d

---

w C:\Documents and Settings\Rik\Application Data\DivX
2008-11-17 01:26

---

d

---

w C:\Program Files\DivX
2008-11-12 17:33

---

d

---

w C:\Program Files\Windows Journal Viewer
2008-10-16 14:13 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w C:\WINDOWS\system32\wups.dll
2008-10-16 14:06 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
2007-05-07 14:49 25,384 ----a-w C:\Documents and Settings\Rik\Application Data\GDIPFONTCACHEV1.DAT
2002-06-05 09:50 107,305,287 ----a-w C:\Documents and Settings\Rik\Cubase SX 1.0.exe
2005-09-15 18:26 44,153 ----a-w C:\Program Files\mozilla firefox\components\inspector.dll
2005-07-14 19:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot_2009-01-04_ 3.05.22.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 08:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-20 20:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-05-09 12:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 17:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-10-30 10:21:03 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2007-07-27 14:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 14:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-05 19:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 12:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
+ 2008-02-11 09:39:26 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2008-02-11 09:39:18 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2008-02-08 13:53:46 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2008-02-05 08:48:04 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
- 2006-01-09 09:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2006-01-09 09:36:06 91,136 ----a-w C:\WINDOWS\system32\swsc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-01 00:26 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 09:18 3660848]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-04 19:13 1830128]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 00:00 28672]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-07-06 11:32 111928]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 13:28 266497]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2008-11-17 13:04 263456]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-12-01 00:27 110592 C:\WINDOWS\system32\bthprops.cpl]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"CTHelper"="CTHELPER.EXE" [2003-08-28 08:45 24576 C:\WINDOWS\system32\CTHELPER.EXE]

C:\Documents and Settings\Rik\Start Menu\Programs\Startup\
MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2/16/2006 7:33:59 PM 3428864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 2:38:16 AM 29696]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [7/16/2006 5:33:36 PM 626176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2009-01-04 19:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-04 19:13 356352 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\miyagame.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0SsiEfr.e

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^broadband medic.lnk]
backup=C:\WINDOWS\pss\broadband medic.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneDVDElbyDelay]
--a

---

2002-11-02 06:33 45056 C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a

---

2006-09-17 22:53 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a

---

2007-12-01 00:26 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a

---

2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Netlog Music Tool]
--a

---

2008-08-23 00:43 1728456 C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a

---

2006-03-26 18:48 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR]
--a

---

2006-07-09 21:58 1777664 C:\Program Files\Desktop Sidebar\dsidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
--a

---

2002-07-12 10:15 106496 C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a

---

2003-12-31 16:39 40960 C:\WINDOWS\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a

---

2007-09-01 20:39 1258744 C:\Program Files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a

---

2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

---

2003-12-11 09:50 20992 C:\WINDOWS\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a

---

2003-08-28 08:45 24576 C:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"szserver"=2 (0x2)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)
"VirtualCameraService"=2 (0x2)
"usnjsvc"=3 (0x3)
"prfldsvc"=2 (0x2)
"MDM"=2 (0x2)
"License Management Service ESD"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PopUpStopperProfessional"="C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\games\\soldier\\SOF2_FULL\\SoF2MP.exe"=
"C:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Ares Ultra\\Ares Ultra.exe"=
"C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41952:TCP"= 41952:TCP:tversity
"4662:TCP"= 4662:TCP:emule1
"4672:UDP"= 4672:UDP:emule2

R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 11:11 20160]
R3 D500M;D500M;C:\WINDOWS\system32\DRIVERS\D500M.sys [2004-09-16 17:11 25300]
R3 D500U;D500U;C:\WINDOWS\system32\DRIVERS\D500U.sys [2005-01-10 16:03 50389]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2007-03-20 10:33 28672]
R3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys [2008-11-17 13:05 33056]
R3 USBSNXSTOR;Mass Storage driver ;C:\WINDOWS\system32\DRIVERS\Usbsnx2k.SYS [2003-07-03 09:33 53083]
R3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 23:53 19677]
R4 ThreatFire;ThreatFire; [x]
R4 VirtualCameraService;MorningSound VirtualCamera Play Service; [x]
S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [2008-11-17 13:05 51488]
S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [2008-11-17 13:05 39200]
S1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 11:29 160792]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-01-04 19:13 8944]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-04 19:13 55024]
S2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 07:22 70912]
S3 FWAuth;FWAuth Driver;C:\WINDOWS\system32\drivers\FWAuthDriver.sys [2008-08-05 15:58 58136]
S3 ncfvsbus;NCF Virtual Serial Bus Enumerator;C:\WINDOWS\system32\DRIVERS\ncfvsbus.sys [2004-11-26 09:15 25088]
S3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 16:51 4096]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AntiVirScheduler
*Deregistered* - AntiVirService
*Deregistered* - Aspi32
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avgio
*Deregistered* - avgntflt
*Deregistered* - avipbb
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - BlueletAudio
*Deregistered* - BlueletSCOAudio
*Deregistered* - Browser
*Deregistered* - BTHidEnum
*Deregistered* - BTHidMgr
*Deregistered* - BthServ
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - CSS DVP
*Deregistered* - ctac32k
*Deregistered* - ctprxy2k
*Deregistered* - ctsfm2k
*Deregistered* - DcomLaunch
*Deregistered* - DefragFS
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ElbyCDIO
*Deregistered* - emupia
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - FWAuth
*Deregistered* - Gpc
*Deregistered* - ha10kx2k
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - LanmanWorkstation
*Deregistered* - LmHosts
*Deregistered* - MaVctrl
*Deregistered* - MMRTKRNL
*Deregistered* - mnmdd
*Deregistered* - Modem
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - ncfvsbus
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NwlnkIpx
*Deregistered* - NwlnkNb
*Deregistered* - NwlnkSpx
*Deregistered* - ossrv
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PCIIde
*Deregistered* - Pcouffin
*Deregistered* - pctfw2
*Deregistered* - PCToolsFirewallPlus
*Deregistered* - PfModNT
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - Prvflder
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - RasAuto
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SASDIFSV
*Deregistered* - SASENUM
*Deregistered* - SASKUTIL
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - sfdrv01
*Deregistered* - sfhlp02
*Deregistered* - SFilter
*Deregistered* - sfvfs02
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - sisidex
*Deregistered* - sisperf
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - ssmdrv
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - TfFsMon
*Deregistered* - TfSysMon
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - uagp35
*Deregistered* - Update
*Deregistered* - upnphost
*Deregistered* - VComm
*Deregistered* - VcommMgr
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WMDM PMSP Service
*Deregistered* - WMPNetworkSvc
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe []

2009-01-08 C:\WINDOWS\Tasks\User_Feed_Synchronization-!!478488FB-A438-405C-8AB9-4010D3A06DDC}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)


.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.altavista.com/
uInternet Settings,ProxyServer = webcache.virginmedia.com:8080
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
IE: Choose as MSN Picture - C:\Program Files\MSN Pictures Displayer\AddIEPicture.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Image Converter 2 ??? - C:\Program Files\Sony\Image Converter 2\menu.htm
IE: Transfer with Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
Trusted Zone: *.update.microsoft.com
Trusted Zone: *.windowsupdate.microsoft.com

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll - O16 -: !!193C772A-87BE-4B19-A7BB-445B226FE9A1}
hxxp://download.ewido.net/ewidoOnlineScan.cab

C:\WINDOWS\Downloaded Program Files\StreamPlug.dll - O16 -: !!2019DC25-D1C0-11D6-97B3-0008A124F542}
hxxp://www.streamplug.com/StreamPlug/beta/SP.cab

C:\WINDOWS\system32\SkanerOnlineUninstall.exe - C:\WINDOWS\system32\SkanerOnline.dll
O16 -: !!68282C51-9459-467B-95BF-3C0E89627E55}
hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
FF - ProfilePath - C:\Documents and Settings\Rik\Application Data\Mozilla\Firefox\Profiles\a2rews54.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/?.home=ytff
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: C:\Documents and Settings\Rik\Application Data\Mozilla\Firefox\Profiles\a2rews54.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: C:\Program Files\BitTorrent_DNA\npbtdna.dll
FF - plugin: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: C:\Program Files\Virtual Earth 3D\npVE3D.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

marleyboy

---

KASPERSKY ONLINE SCANNER 7 REPORT
Friday, January 9, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3, v.3264 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, January 08, 2009 22:13:55
Records in database: 1589342

---

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 236235
Threat name: 5
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 06:02:03


File name / Threat name / Threats count
C:\Documents and Settings\Rik\Desktop\decrypt\pgcedit.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1
C:\Documents and Settings\Rik\Desktop\Installs\vtp6eu.zip Infected: not-a-virus:RiskTool.Win32.CloseApp.e 2
C:\Documents and Settings\Rik\Desktop\Installs\vtp6eu.zip Infected: Trojan-Spy.Win32.Agent.ehl 1
C:\QooBox\Quarantine\C\WINDOWS\system32\IEDFix.exe.vir Infected: Hoax.Win32.Renos.dws 1
C:\WINDOWS\system32\closeapp.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.e 1
E:\Documents and Settings\Rik.RIK\Desktop\vnc-4_1_2-x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 3
E:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

The selected area was scanned.

aliEnRIK

Id say your computers 'clean' now. Just do one more HIJACK as a check though please
I believe most of your problems have come from, shall we say, 'dodgy' programs
In future scan them with something decent before opening them. And if your unsure after use then do a full scan straight after

marleyboy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12, on 2009-01-09
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Rik\Local Settings\temp\jkos-Rik\binaries\ScanningProcess.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = webcache.virginmedia.com:8080
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - !!3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - !!45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - !!9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: Choose as MSN Picture - C:\Program Files\MSN Pictures Displayer\AddIEPicture.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Image Converter 2 ??? - C:\Program Files\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Transfer with Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Subscribe in Desktop Sidebar - !!09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - !!09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Blog This - !!219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - !!219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: !!0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: !!0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: !!14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: !!1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: !!193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: !!2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: !!4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: !!4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://marleyboyii.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: !!56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: !!5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: !!6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200956313640
O16 - DPF: !!665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: !!67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: !!68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156274163234
O16 - DPF: !!7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://marleyboyii.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: !!9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

--
End of file - 9918 bytes

I really hope so mate, im completely exhausted, im just concerned about kaspersky picking up on 4 threats, thanks for the help guys, let me know is this log is clean.

Rik

aliEnRIK

Kaspersky has picked up on files that WOULD reinfect, theyr not ACTUAL infections (exes ready to infect) ~
vtp6eu.zip
pgcedit.exe
IEDFix.exe
vnc-4_1_2-x86_win32.zip
vncviewer.exe

They look like ones youve downloaded at some point (Or 'traded' via msn)
Just be careful mate

aliEnRIK

Log looks clean anyways.
Happy surfing