CID pop ups & spyware blocked backdoor

Browntoa

Next I want to perform an in-depth analysis of your system:

Please download this file - combofix.exe by sUBs

• You must download it to and run it from your Desktop
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

Shazza1976

I hopefully have got rid this time of Norton,panda & avast i updated my macfee, popups still remain tho
Heres my log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:53 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Acer TV-FM\PCMService.exe
C:\Program Files\Common Files\AOL\1161306471\ee\AOLSoftware.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\D-Link\AirXpert Utility\AirXCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\common files\aol\1161306471\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1161306471\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - !!02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - !!3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - !!377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - !!72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - !!7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - !!0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL (file missing)
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer TV-FM\PCMService.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161306471\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [D-Link AirXpert Utility] C:\Program Files\D-Link\AirXpert Utility\AirXCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\ref tray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?1f87682008bf4f60bf3f0bdc32dfac89
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?1f87682008bf4f60bf3f0bdc32dfac89
O8 - Extra context menu item: Yahoo! &Dictionary - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: BT Yahoo! Services - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5067/mcfscan.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: grooveLocalGWS - !!88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0306991201001959) (0306991201001959mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\030699~1.EXE
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 17833 bytes

Thanks

Shazza1976

Browntoa wrote: »

Next I want to perform an in-depth analysis of your system:

Please download this file - combofix.exe by sUBs

• You must download it to and run it from your Desktop
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

Will do this now.

Shazza1976

Browntoa wrote: »

when you have done the tidy up please run hijackthis again and fix this entry

O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\ref tray.exe

then click fix selected, then shut down hijackthis

I have done this since i posted my last log

Browntoa

was just about to say that was still there...lol

maybe the cause of the pop ups

Shazza1976

All done heres the combo log

ComboFix 08-01-21.4 - sharon 2008-01-22 12:24:00.5 - NTFSx86
Running from: C:\Documents and Settings\sharon\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

---

BITS: Possible infected sites

---

hxxp://au.downlõj+|Cü¤Ì›v÷+È@™JŸ:®½‰NêGD_©½ºD˜QÄ{¶ÀzÎtç Ò»ÌHžG†.X!ÆHk–µ?
hxxp://
.
((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 )))))))))))))))))))))))))))))))
.
2008-01-22 11:59 . 2008-01-22 11:59 8,621 --a

---

C:\WINDOWS\system32\Config.MPF
2008-01-22 11:39 . 2008-01-22 11:56 <DIR> d

---

C:\WINDOWS\LastGood
2008-01-22 10:29 . 2008-01-22 11:26 <DIR> d

---

C:\SMCLpav
2008-01-21 18:40 . 2008-01-21 18:52 <DIR> d

---

C:\Program Files\shutup
2008-01-21 18:40 . 2004-10-05 20:26 32,768 --a

---

C:\WINDOWS\system32\ukshutdown.exe
2008-01-21 18:40 . 1999-10-19 08:25 32,256 --a

---

C:\WINDOWS\system32\uklogoff.exe
2008-01-21 14:56 . 2003-01-10 21:13 33,588 -ra

---

C:\WINDOWS\system32\drivers\wanatw4.sys
2008-01-21 14:54 . 2008-01-21 14:58 <DIR> d

---

C:\Program Files\Common Files\aolshare
2008-01-21 14:54 . 2008-01-21 14:59 <DIR> d

---

C:\Program Files\AOL 9.0 VR
2008-01-21 14:31 . 2008-01-21 14:53 <DIR> d

---

C:\Program Files\RegistrySmart
2008-01-18 16:45 . 2008-01-18 16:45 158,456

---

C:\WINDOWS\system32\pxwma.dll
2008-01-18 16:24 . 2008-01-18 16:42 <DIR> d

---

C:\Program Files\Common Files\AVSMedia
2008-01-18 16:24 . 2008-01-18 16:24 674,816 --a

---

C:\WINDOWS\is-U82NP.exe
2008-01-18 16:24 . 2008-01-18 16:24 10,574 --a

---

C:\WINDOWS\is-U82NP.msg
2008-01-18 16:24 . 2008-01-18 16:24 6,505 --a

---

C:\WINDOWS\is-U82NP.lst
2008-01-18 13:32 . 2008-01-18 13:32 0 --a

---

C:\WINDOWS\MelodyExe.INI
2008-01-18 11:24 . 2008-01-18 11:24 86 --a

---

C:\WINDOWS\NeroDigital.ini
2008-01-17 10:06 . 2008-01-17 10:06 <DIR> d

---

C:\Program Files\Trend Micro
2008-01-17 08:03 . 2008-01-17 08:03 <DIR> d

---

C:\Program Files\Sun
2008-01-17 07:54 . 2007-10-04 17:10 79,688 --a

---

C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-17 07:54 . 2007-10-04 17:10 62,280 --a

---

C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-17 07:54 . 2007-10-04 17:10 41,288 --a

---

C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-17 07:54 . 2007-10-04 17:11 29,000 --a

---

C:\WINDOWS\system32\drivers\kcom.sys
2008-01-17 07:53 . 2005-09-23 07:29 626,688 --a

---

C:\WINDOWS\system32\msvcr80.dll
2008-01-17 07:51 . 2008-01-17 07:51 <DIR> d

---

C:\Program Files\Picasa2
2008-01-17 07:51 . 2006-10-05 02:42 2,560

---

C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-17 07:51 . 2006-10-05 02:42 2,432

---

C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-17 07:50 . 2008-01-17 07:50 <DIR> d

---

C:\WINDOWS\system32\runtime
2008-01-16 10:08 . 2008-01-17 07:47 424 --a

---

C:\delete.bat
2008-01-13 01:03 . 2008-01-13 01:03 <DIR> d

---

C:\Program Files\MSXML 6.0
2008-01-11 21:18 . 2008-01-11 21:18 <DIR> d

---

C:\Uk Tunez
2008-01-11 17:37 . 2008-01-20 12:47 <DIR> d

---

C:\Program Files\Norton Security Scan
2008-01-11 10:28 . 2008-01-11 10:28 <DIR> d

---

C:\Program Files\Common Files\Janus Systems Components
2008-01-11 10:28 . 2008-01-11 10:28 <DIR> d

---

C:\Program Files\Common Files\Data Dynamics
2008-01-11 10:21 . 2008-01-11 10:21 <DIR> d

---

C:\Program Files\Common Files\DynaZip
2008-01-11 10:21 . 2008-01-11 10:28 <DIR> d

---

C:\Program Files\Common Files\Dynacom Shared
2008-01-11 10:17 . 2008-01-11 10:25 <DIR> d

---

C:\Program Files\Dynacom Technologies, Inc
2008-01-10 18:33 . 2008-01-11 12:27 <DIR> d

---

C:\Program Files\Vsk3Demo
2008-01-10 14:42 . 2008-01-22 10:30 <DIR> d

---

C:\Program Files\Common Files\Panda Software
2008-01-09 19:39 . 2008-01-09 19:39 <DIR> d

---

C:\Program Files\Virtual Earth 3D
2008-01-07 13:52 . 2008-01-22 11:59 <DIR> d

---

C:\Program Files\Spyware Doctor
2008-01-04 11:23 . 2008-01-04 11:26 <DIR> d

---

C:\NoLopBackups
2008-01-01 16:05 . 2008-01-01 16:05 <DIR> d

---

C:\Program Files\Else plus
2007-12-30 16:54 . 2008-01-22 11:28 54,156 --ah

---

C:\WINDOWS\QTFont.qfn
2007-12-30 16:54 . 2007-12-30 16:54 1,409 --a

---

C:\WINDOWS\QTFont.for
2007-12-25 17:32 . 2007-12-25 17:43 <DIR> d

---

C:\Program Files\Kitty Luv
2007-12-25 17:30 . 2007-12-25 17:30 36 --a

---

C:\WINDOWS\Tiny_Run.ini
2007-12-25 16:23 . 2006-09-05 18:08 88,624 -ra

---

C:\WINDOWS\system32\drivers\se59mgmt.sys
2007-12-25 16:23 . 2006-09-05 18:06 18,704 -ra

---

C:\WINDOWS\system32\drivers\se59nd5.sys
2007-12-25 16:20 . 2006-09-05 18:06 90,800 -ra

---

C:\WINDOWS\system32\drivers\se59unic.sys
2007-12-25 16:20 . 2006-09-05 18:06 4,128 -ra

---

C:\WINDOWS\system32\drivers\se59cr.sys
2007-12-25 16:19 . 2006-09-05 18:09 86,432 -ra

---

C:\WINDOWS\system32\drivers\se59obex.sys
2007-12-25 16:18 . 2006-09-05 18:07 97,088 -ra

---

C:\WINDOWS\system32\drivers\se59mdm.sys
2007-12-25 16:18 . 2006-09-05 18:07 9,360 -ra

---

C:\WINDOWS\system32\drivers\se59mdfl.sys
2007-12-25 16:18 . 2006-09-05 18:09 6,240 -ra

---

C:\WINDOWS\system32\drivers\se59cmnt.sys
2007-12-25 16:18 . 2006-09-05 18:09 6,240 -ra

---

C:\WINDOWS\system32\drivers\se59cm.sys
2007-12-25 15:20 . 2006-09-05 18:07 61,536 -ra

---

C:\WINDOWS\system32\drivers\se59bus.sys
2007-12-25 15:20 . 2006-09-05 18:06 5,872 -ra

---

C:\WINDOWS\system32\drivers\se59whnt.sys
2007-12-25 15:20 . 2006-09-05 18:06 5,872 -ra

---

C:\WINDOWS\system32\drivers\se59wh.sys
2007-12-25 14:22 . 2007-12-25 14:22 0 --a

---

C:\WINDOWS\mngui.INI
2007-12-25 11:29 . 2007-12-25 11:29 <DIR> d

---

C:\Program Files\Disc2Phone
2007-12-25 11:24 . 2006-11-10 09:47 90,800 -ra

---

C:\WINDOWS\system32\drivers\se2Bunic.sys
2007-12-25 11:24 . 2006-11-10 09:47 88,688 -ra

---

C:\WINDOWS\system32\drivers\SE2Bmgmt.sys
2007-12-25 11:24 . 2006-11-10 09:47 86,560 -ra

---

C:\WINDOWS\system32\drivers\SE2Bobex.sys
2007-12-25 11:24 . 2006-11-10 09:47 18,704 -ra

---

C:\WINDOWS\system32\drivers\se2Bnd5.sys
2007-12-25 11:24 . 2006-11-10 09:46 4,128 -ra

---

C:\WINDOWS\system32\drivers\se2Bcr.sys
2007-12-25 11:08 . 2007-12-25 11:08 <DIR> d

---

C:\Program Files\Sony Ericsson
2007-12-25 11:08 . 2007-12-25 11:09 <DIR> d

---

C:\Program Files\Common Files\Teleca Shared
2007-12-25 11:08 . 2007-12-25 11:09 <DIR> d

---

C:\Program Files\Common Files\Sony Ericsson Shared
2007-12-25 10:30 . 2006-11-10 08:47 97,184 -ra

---

C:\WINDOWS\system32\drivers\SE2Bmdm.sys
2007-12-25 10:30 . 2006-11-10 08:46 9,360 -ra

---

C:\WINDOWS\system32\drivers\SE2Bmdfl.sys
2007-12-25 10:30 . 2006-11-10 08:46 6,240 -ra

---

C:\WINDOWS\system32\drivers\SE2Bcmnt.sys
2007-12-25 10:30 . 2006-11-10 08:46 6,240 -ra

---

C:\WINDOWS\system32\drivers\SE2Bcm.sys
2007-12-25 10:25 . 2006-11-10 08:46 61,600 -ra

---

C:\WINDOWS\system32\drivers\SE2Bbus.sys
2007-12-25 10:25 . 2006-11-10 08:47 5,872 -ra

---

C:\WINDOWS\system32\drivers\SE2Bwhnt.sys
2007-12-25 10:25 . 2006-11-10 08:47 5,872 -ra

---

C:\WINDOWS\system32\drivers\SE2Bwh.sys
2007-12-24 14:50 . 2007-12-24 14:50 <DIR> d

---

C:\Program Files\Common Files\Apple
2007-12-24 14:50 . 2007-10-31 14:09 30,464 --a

---

C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-24 14:44 . 2003-12-16 14:36 1,331,200

---

C:\WINDOWS\UNNMP.exe
2007-12-24 14:44 . 2004-02-16 10:02 50,060

---

C:\WINDOWS\UNNMP.cfg
2007-12-24 14:30 . 2001-07-09 10:50 155,648 -ra

---

C:\WINDOWS\system32\NeroCheck.exe
2007-12-24 14:27 . 2003-12-11 12:34 1,318,912

---

C:\WINDOWS\UNNeroVision.exe
2007-12-24 14:27 . 2004-02-16 10:02 95,839

---

C:\WINDOWS\UNNeroVision.cfg
2007-12-24 14:26 . 2007-12-24 14:26 <DIR> d

---

C:\Program Files\Common Files\Ahead
2007-12-24 14:26 . 2007-12-24 14:44 <DIR> d

---

C:\Program Files\Ahead
2007-12-24 14:26 . 2001-07-06 13:41 569,344 -ra

---

C:\WINDOWS\system32\imagr5.dll
2007-12-24 14:26 . 2001-07-06 11:44 544,768 -ra

---

C:\WINDOWS\system32\imagx5.dll
2007-12-24 14:26 . 2001-07-06 17:24 283,920 -ra

---

C:\WINDOWS\system32\ImagXpr5.dll
2007-12-24 14:26 . 2001-06-26 07:15 38,912 -ra

---

C:\WINDOWS\system32\picn20.dll
2007-12-24 14:20 . 2007-07-16 18:23 101,120 --a

---

C:\WINDOWS\system32\drivers\ewusbmdm.sys
2007-12-24 14:20 . 2007-07-16 18:23 24,448 --a

---

C:\WINDOWS\system32\drivers\ewdcsc.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 11:55

---

d

---

w C:\Program Files\McAfee
2008-01-22 11:26

---

d

---

w C:\Program Files\Common Files\Symantec Shared
2008-01-22 11:20

---

d

---

w C:\Program Files\Yahoo!
2008-01-22 10:49

---

d

---

w C:\Program Files\Serif
2008-01-21 20:59

---

d

---

w C:\Program Files\Windows Live Toolbar
2008-01-21 16:28

---

d

---

w C:\Program Files\Common Files\AOL
2008-01-20 19:23

---

d

---

w C:\Program Files\SiteAdvisor
2008-01-20 15:11

---

d

---

w C:\Program Files\Alwil Software
2008-01-18 16:45 36,624

---

w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-01-18 09:09

---

d

---

w C:\Program Files\Google
2008-01-17 19:12

---

d

---

w C:\Program Files\MSN Messenger
2008-01-17 08:03

---

d

---

w C:\Program Files\Java
2008-01-16 10:04

---

d

---

w C:\Program Files\SUPERAntiSpyware
2008-01-11 20:40 230,432 ----a-w C:\StiImg.dat
2008-01-08 15:51

---

d

---

w C:\Program Files\Common Files\Scanner
2008-01-07 13:10

---

d--h--w C:\Program Files\InstallShield Installation Information
2008-01-07 13:10

---

d

---

w C:\Program Files\EPSON
2008-01-04 10:57

---

d

---

w C:\Program Files\btbb_wcm
2008-01-04 10:31

---

d

---

w C:\Program Files\TalkTalk
2007-12-27 11:48

---

d

---

w C:\Program Files\Common Files\McAfee
2007-12-24 21:45

---

d

---

w C:\Program Files\iTunes
2007-12-24 15:03

---

d

---

w C:\Program Files\iPod
2007-12-24 14:58

---

d

---

w C:\Program Files\QuickTime
2007-12-24 14:51

---

d

---

w C:\Program Files\Apple Software Update
2007-12-21 18:32

---

d

---

w C:\Program Files\Steam
2007-12-01 22:40

---

d

---

w C:\Program Files\Flight3
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
.
((((((((((((((((((((((((((((( snapshot_2008-01-16_10.26.45.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-17 08:04:38 12,288 ----a-w C:\WINDOWS\assembly\GAC\cli_basetypes\1.0.7.0__ce2cb7e279207b9e\cli_basetypes.dll
+ 2008-01-17 08:04:36 32,256 ----a-w C:\WINDOWS\assembly\GAC\cli_cppuhelper\1.0.10.0__ce2cb7e279207b9e\cli_cppuhelper.dll
+ 2008-01-17 08:04:37 831,488 ----a-w C:\WINDOWS\assembly\GAC\cli_types\1.1.10.0__ce2cb7e279207b9e\cli_types.dll
+ 2008-01-17 08:04:38 8,192 ----a-w C:\WINDOWS\assembly\GAC\cli_ure\1.0.10.0__ce2cb7e279207b9e\cli_ure.dll
+ 2008-01-17 08:04:38 3,072 ----a-w C:\WINDOWS\assembly\GAC\policy.1.0.cli_basetypes\7.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
+ 2008-01-17 08:04:37 3,072 ----a-w C:\WINDOWS\assembly\GAC\policy.1.0.cli_cppuhelper\10.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
+ 2008-01-17 08:04:38 3,072 ----a-w C:\WINDOWS\assembly\GAC\policy.1.0.cli_ure\10.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
+ 2008-01-17 08:04:38 3,072 ----a-w C:\WINDOWS\assembly\GAC\policy.1.1.cli_types\10.0.0.0__ce2cb7e279207b9e\policy.1.1.cli_types.dll
+ 2008-01-21 16:42:50 297,168 ----a-w C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll
- 2008-01-16 10:20:21 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-22 12:22:51 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-16 10:20:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-22 12:22:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-16 10:20:21 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-22 12:22:51 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-16 10:20:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-22 12:22:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-16 10:20:22 7,208,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-22 12:22:51 8,359,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-16 10:20:22 278,528 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-22 12:22:52 278,528 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-17 08:05:48 1,015,808 ----a-r C:\WINDOWS\Installer\!!0F347D9F-2810-4B93-86ED-73FE2DD36AC3}\soffice.exe
+ 2008-01-17 09:49:40 632,320 ----a-r C:\WINDOWS\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F66110.exe
+ 2008-01-17 09:49:39 29,184 ----a-r C:\WINDOWS\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F6617.exe
+ 2006-03-03 11:07:02 143,360 ----a-w C:\WINDOWS\LastGood\system32\dunzip32.dll
+ 2004-08-04 12:00:00 23,040 ----a-w C:\WINDOWS\LastGood\system32\psapi.dll
+ 2007-01-10 11:06:41 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
- 2008-01-16 08:06:18 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-22 11:38:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-16 08:06:18 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-22 11:38:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-01-16 08:06:18 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-22 11:38:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-27 19:36:08 638,976 ----a-w C:\WINDOWS\system32\divx.dll
- 2007-06-21 06:52:26 395,160 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-18 16:29:18 424,616 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-09-28 13:42:38 2,790,976 ----a-w C:\WINDOWS\system32\GPhotos.scr
- 2007-08-13 18:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2004-06-22 12:13:54 54,784 ----a-w C:\WINDOWS\system32\Inetwh32.dll
+ 2001-09-25 13:39:12 54,784 ----a-w C:\WINDOWS\system32\Inetwh32.dll
- 2006-06-01 18:47:07 163,840

---

w C:\WINDOWS\system32\jgdw400.dll
+ 2006-06-08 20:33:40 163,840 ----a-w C:\WINDOWS\system32\jgdw400.dll
- 2006-06-01 18:47:07 27,648

---

w C:\WINDOWS\system32\jgpl400.dll
+ 2006-06-08 20:33:40 27,648 ----a-w C:\WINDOWS\system32\jgpl400.dll
+ 2007-02-27 19:36:08 261,632 ----a-w C:\WINDOWS\system32\mcdvd_32.dll
+ 2007-02-27 19:36:14 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
+ 2007-02-27 19:36:08 413,760 ----a-w C:\WINDOWS\system32\mpg4c32.dll
- 2000-08-21 17:00:00 1,388,544

---

w C:\WINDOWS\system32\MSVBVM60.DLL
+ 2004-02-23 21:42:40 1,386,496 ----a-w C:\WINDOWS\system32\MSVBVM60.DLL
- 2003-03-19 06:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
+ 2003-08-13 01:17:04 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
- 2003-02-21 12:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2003-08-13 01:17:04 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
- 2008-01-07 13:53:23 63,860 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-17 07:55:15 63,860 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-07 13:53:23 405,310 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-17 07:55:15 405,310 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-18 16:45:13 551,672

---

w C:\WINDOWS\system32\px.dll
+ 2008-01-18 16:45:13 531,192

---

w C:\WINDOWS\system32\pxdrv.dll
+ 2008-01-18 16:45:18 72,440

---

w C:\WINDOWS\system32\pxhpinst.exe
+ 2008-01-18 16:45:12 187,128

---

w C:\WINDOWS\system32\pxmas.dll
+ 2008-01-18 16:45:14 1,628,920

---

w C:\WINDOWS\system32\pxsfs.dll
+ 2008-01-18 16:45:12 379,640

---

w C:\WINDOWS\system32\pxwave.dll
- 2004-06-22 12:13:56 1,044,480 ----a-w C:\WINDOWS\system32\roboex32.dll
+ 2001-09-25 13:39:13 1,044,480 ----a-w C:\WINDOWS\system32\roboex32.dll
+ 2008-01-18 16:45:12 39,672

---

w C:\WINDOWS\system32\vxblock.dll
+ 2007-02-27 19:36:08 524,288 ----a-w C:\WINDOWS\system32\xvidcore.dll
+ 2007-02-27 19:36:08 139,264 ----a-w C:\WINDOWS\system32\xvidvfw.dll
+ 2008-01-22 11:26:59 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_634.dat
+ 2006-12-01 22:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 00:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 00:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 00:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 00:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 00:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 00:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 00:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 00:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 00:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 00:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 00:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 00:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 00:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 00:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.

Shazza1976

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 06:36 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 01:15 45056]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 03:24 32768]
"SiSPower"="SiSPower.dll" [2005-07-13 09:55 49152 C:\WINDOWS\system32\SiSPower.dll]
"SMSERIAL"="sm56hlpr.exe" [2005-06-06 09:40 544768 C:\WINDOWS\sm56hlpr.exe]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 23:43 401408]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2006-06-09 19:24 110592]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2006-05-04 21:55 425984]
"PCMService"="C:\Program Files\Acer TV-FM\PCMService.exe" [2006-03-30 04:50 143360]
"HostManager"="C:\Program Files\Common Files\AOL\1161306471\ee\AOLSoftware.exe" [2006-11-17 13:21 50736]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 00:19 129536]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-09-01 00:01 448040]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 08:47 31016]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 05:22 57344]
"ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" [2006-11-23 01:45 1495123]
"SoundMan"="SOUNDMAN.EXE" [2005-08-16 21:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-04-10 18:35 36904]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-04 18:24 185632]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"D-Link AirXpert Utility"="C:\Program Files\D-Link\AirXpert Utility\AirXCFG.exe" [2003-09-19 21:42 2498560]
"ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 16:12 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-04 10:23 29744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]
"PC Pitstop Optimize2 Reminder"="C:\Program Files\PCPitstop\Optimize2\Reminder.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 16:01 437160]
C:\Documents and Settings\jon\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 04:24:54 98632]
C:\Documents and Settings\sharon\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 04:24:54 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-10-14 00:46:17 45056]
Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-17 03:25:14 745472]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-07 10:59:03 126136]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-12-03 11:10:00 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-18 00:14]
R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 21:46]
R3 PAC207;SoC [EMAIL="PC-Camer&#64;;C:\WINDOWS\system32\DRIVERS\pfc027.sys"]PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys[/EMAIL] [2005-02-24 19:29]
S2 0306991201001959mcinstcleanup;McAfee Application Installer Cleanup (0306991201001959);C:\WINDOWS\TEMP\030699~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\sharon\LOCALS~1\Temp\DMSKSSRh.sys []
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-04 10:23]
S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-07-27 15:37]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 18:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 18:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 18:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 18:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 18:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 18:06]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 18:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!09c9cb66-a676-11dc-988a-0016ecb9f82d}]
\Shell\AutoRun\command - J:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!2faa9bf8-a5ae-11dc-9889-0016ecb9f82d}]
\Shell\AutoRun\command - J:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!2faa9bf9-a5ae-11dc-9889-0016ecb9f82d}]
\Shell\AutoRun\command - J:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!2faa9bfd-a5ae-11dc-9889-0016ecb9f82d}]
\Shell\AutoRun\command - J:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!8291ef64-b211-11dc-98a6-00038a000015}]
\Shell\AutoRun\command - J:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!8291ef65-b211-11dc-98a6-00038a000015}]
\Shell\AutoRun\command - J:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea559742-b227-11dc-98ab-00038a000015}]
\Shell\AutoRun\command - J:\AutoRun.exe
*Newly Created Service* - MPFSERVICE
.
Contents of the 'Scheduled Tasks' folder
"2007-07-24 15:00:27 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-12-01 01:00:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-01-18 15:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-01-21 14:32:11 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.sharon.Runs RegistrySmart to optimize your registry.
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 12:32:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-22 12:33:56
ComboFix-quarantined-files.txt 2008-01-22 12:33:49
ComboFix2.txt 2008-01-16 11:15:33
ComboFix3.txt 2008-01-16 10:27:38
ComboFix4.txt 2008-01-04 11:52:49
ComboFix5.txt 2007-07-27 13:56:06
.
2008-01-21 20:59:28 --- E O F ---

Browntoa

that looks reasonably ok

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

Now copy/paste the entire line below into the Notepad window:

Folder::C:\DOCUME~1\ALLUSE~1\Applic~1\Admin Inter 1 Mags

Save the above as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Browntoa

After reboot, (in case it asks to reboot),

download this

http://www.superantispyware.com/

the Blue Icon and let it update

then boot into safe mode (this shows how)

http://service1.symantec.com/SUPPORT...01052409420406

and run a Complete Scan of the Pc, then let it fix everything when it has run.

Then reboot the Pc and see how things are running