Hi,

Please have the friend scan this file at Jotti one file scanner- takes just a few seconds to scan a file....

http://virusscan.jotti.org/

Just use the Browse button at the Jotti scan, then navigate in Windows Explorer to the file's location on the hard drive:

C:\WINDOWS\it.bat



Post the results here in a reply.

Next:

We are going to use ComboFix to remove some leftover items using the script in quote box below:

They have to turn off any protective programs same as before.

Directions and tips for using ComboFix:
http://www.bleepingcomputer.com/comb...o-use-combofix

There is a Printable Version button up under the Thread Tools drop down menu that will let you print a nice text version of these instructions.
Alternate way to save directions:Open Notepad> Copy and Paste any text you wish into Notepad, and Save the file as something you will recognize like TSGhelp.txt and save it onto your desktop.

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  
  -----------------------------------------------------------

• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Open notepad and copy/paste the text in the codebox below into it:
Save this as CFScript.txt and, Save As Type: All Files (*.*)


Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Thanks, passing everything over to him - will get back as soon as I can.
Debs

Hello,
Just checked with friend and he still cannot access internet browsers - is there a download version of the jotti scan or am I being particularly thick. Should we just proceed with the combo fix
Debs

Hi,

Please do ComboFix.

Make sure you send him the complete directions!

The Jotti scan is only online> It's just a way to quickly check a suspected file, but we will be fine without checking it now.

Your friend could register at TechGuy and read the posts here himself, from another computer... If he doesn't have a second working computer whereever he is, it might be beneficial if he could have someone loan one and set it up there. Just a thought.

I am pretty sure your friend has the type of infection that replaces legitimate files so programs will not run....we might get it fixed up enough, but perhaps not.

The ComboFix log will help a lot to identify that trojan.

Thanks, I have printed everything off and copied all the programmes will pass them to him tonight. If all else fails I can go over with my laptop next week. As a last resort I would be able to reinstall windows xp home for him.... as a very last resort... although at the moment that does appear a quicker option, possibly not as satisfying as beating the trojan tho.
Debs

Hi, If you know ahead of time when you will be there and working on this, let me know, and I can arrange to be at this forum.

There are several other tools we can use, so don't be discouraged.

RE: The file to scan at Jotti: If you can, that file should be able to be copied to disk or removable drive, you could scan it that way, but be careful not to Run the file.

Odds are good that it is not malware, but you never know.

Hello,
Have run the two programmes. Logs below:
ComboFix 08-03-25.4 - Darren Dabill 2008-04-02 12:17:33.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.241 [GMT 1:00]
Running from: C:\Documents and Settings\Darren Dabill\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Darren Dabill\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Hotbar\bin\10.0.412.0\HotbarSA.exe
C:\Program Files\Hotbar\bin\10.0.412.0\OEAddOn.exe
C:\Program Files\Hotbar\bin\10.0.412.0\Weather.exe
C:\Program Files\MalwareAlarm\MalwareAlarm.exe
C:\WINDOWS\DOWNLO~1\shopnet.dll
C:\WINDOWS\system32\dmvft.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MalwareAlarm
C:\Program Files\MalwareAlarm\MalwareAlarm.exe
C:\Program Files\MalwareAlarm\MalwareAlarm.lic
C:\Program Files\MalwareAlarm\MalwareAlarm1.ma
C:\WINDOWS\DOWNLO~1\shopnet.dll
C:\WINDOWS\system32\dmvft.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.

2008-03-26 16:23 . 2008-04-02 10:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-26 16:23 . 2008-03-26 16:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-21 17:45 . 2008-03-21 17:45 <DIR> d-------- C:\Program Files\XP TCPIP Repair

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 15:13 --------- d-----w C:\Documents and Settings\Darren Dabill\Application Data\AVG7
2008-03-23 16:52 --------- d-----w C:\Documents and Settings\Darren Dabill\Application Data\uTorrent
2008-03-21 19:27 --------- d-----w C:\Program Files\Google
2008-03-21 19:16 --------- d-----w C:\Documents and Settings\Darren Dabill\Application Data\Azureus
2008-03-20 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-20 16:56 --------- d-----w C:\Program Files\Opera7
2008-02-04 08:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-04 07:39 --------- d-----w C:\Program Files\iTunes
2008-02-04 07:39 --------- d-----w C:\Program Files\iPod
2008-02-04 07:36 --------- d-----w C:\Program Files\QuickTime
2008-02-03 16:17 230,432 ----a-w C:\StiImg.dat
2007-10-27 13:35 24,192 ----a-w C:\Documents and Settings\Darren Dabill\usbsermptxp.sys
2007-10-27 13:35 22,768 ----a-w C:\Documents and Settings\Darren Dabill\usbsermpt.sys
2004-06-03 09:06 157 --sha-w C:\WINDOWS\it.bat
2001-08-18 20:00 94,784 -csh--w C:\WINDOWS\twain.dll
2004-08-04 07:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 07:56 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:28 549,376 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 07:56 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 07:56 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-27_16.17.18.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 08:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 08:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2007-12-28 13:07:45 62,480 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-02 09:57:35 62,800 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-28 13:07:45 401,200 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-02 09:57:35 401,838 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2000-08-31 08:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-05-03 09:06 364544 C:\WINDOWS\system32\nwiz.exe]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 21:00 311350]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-08-26 15:47 155648]
"mswspl"="" []
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-27 10:24 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 18:23 32873]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 09:24 219136]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-19 02:47 8720384]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp psc 700 series) - 1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 1.lnk
backup=C:\WINDOWS\pss\HPAiODevice(hp psc 700 series) - 1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp psc 700 series) - 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 2.lnk
backup=C:\WINDOWS\pss\HPAiODevice(hp psc 700 series) - 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Darren Dabill^Start Menu^Programs^Startup^IMVU.lnk]
path=C:\Documents and Settings\Darren Dabill\Start Menu\Programs\Startup\IMVU.lnk
backup=C:\WINDOWS\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Darren Dabill^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Darren Dabill\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Messenger]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-12-19 02:47 8720384 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2001-07-03 10:11 57344 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-03-28 02:07 593920 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2002-03-21 09:23 46592 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2007-10-31 11:19 378784 C:\Program Files\TomTom HOME 2\HOMERunner.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=

R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 21:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 21:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 21:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 21:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 21:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 21:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 21:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{1a6b1cd2-c949-11d6-80ff-806d6172696f}]
\shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

.
Contents of the 'Scheduled Tasks' folder
"2008-03-08 15:35:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-02 11:22:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 12:20:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-02 12:26:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-02 11:26:28
ComboFix2.txt 2008-04-02 11:11:40
ComboFix3.txt 2008-04-02 08:24:11
ComboFix4.txt 2008-04-01 18:05:41
ComboFix5.txt 2008-03-27 17:07:37
.
2007-12-12 18:56:02 --- E O F ---

Hijack log below (didnt think i would have enough characters for both in one post.)
Logfile of HijackThis v1.99.1
Scan saved at 12:27:37, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Darren Dabill\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Darren Dabill\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093019513558
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129129611421
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

His internet connects but is unable to get onto browers or email.
Look forward to your reply.
Debs

Hi, Good...

Several things to try:

Have him try starting up in Windows' Safe Mode with Networking mode, often that will connect while in Normal, you won;t....

• If the computer is running, shut down Windows, and then turn off the power.
• Reboot your computer TO Safe Mode with Networking..... Here's how:
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the "Safe Mode with Networking" option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

***Note- if he can't connect or download anything....have him use a good computer to and burn or copy to disk or flash drive as before, and also get the manual update files as it says....

Download SUPERAntiSpyware Free for Home Users
alternate site

• Double-click SUPERAntiSpyware.exe to install and use the default settings for installation.
  Under Configuration and Preferences, click the Preferences button.
  · Click the Scanning Control tab.
  · Under Scanner Options make sure the following are checked:
  o Close browsers before scanning
  o Scan for tracking cookies
  o Terminate memory threats before quarantining.
  o Please leave the others unchecked.
  o Click the Close button to leave the control center screen.
• Run SUPERAntiSpyware and update the definitions before scanning by selecting "Check for Udates".
• When done, select "Scan for Harmful Software".
• There are three scanning options available. Choose "Perform Complete Scan" and click "Next".
• When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
• Place a checkmark next to items you wish to remove/quarantine and Click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked to Reboot, please do.
• After Reboot, double-click on SuperAnti-Spyware icon on your Desktop.
• Click Preferences, Click the Statistics/Logs Tab.
• Under Scanner logs, Double-click SuperAnti-Spyware Scan Log.
• It will open in your default text editor (such as Notepad or WordPad).
• Please Highlight everything in the Notepad, then right-click and choose copy.
• In your next reply, please post those results and include a fresh Hijackthis log.
• Select close to exit the program.

Note: If you encounter any problems while downloading the updates, manually download and unzip them from here.


((He would have to do the manual upate method:

Hello,
Problem with internet isnt connecting - that connects... two tv's inbottom corner at speed of 3.6. When you click to email or a browser message comes up cannot find server. Anyways, have run superspyware and hijack, reports below:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/03/2008 at 05:44 PM

Application Version : 4.0.1154

Core Rules Database Version : 3412
Trace Rules Database Version: 1404

Scan type : Complete Scan
Total Scan Time : 01:20:42

Memory items scanned : 343
Memory threats detected : 0
Registry items scanned : 4963
Registry threats detected : 359
File items scanned : 76001
File threats detected : 14

Adware.MyWebSearch
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\Programmable
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\TypeLib
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL

Adware.HotBar/SpamBlockerUtility (Low Risk)
HKLM\Software\Classes\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Control
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Implemented Categories
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\InprocServer32
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\InprocServer32#ThreadingModel
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Instance
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Instance#CLSID
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Instance\InitPropertyBag
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Instance\InitPropertyBag#Url
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\MiscStatus
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\MiscStatus\1
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\ProgID
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Programmable
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\ToolboxBitmap32
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\TypeLib
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Version
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\VersionIndependentProgID
C:\PROGRAM FILES\HOTBAR\BIN\10.0.412.0\HOSTIE.DLL

Adware.MyWay
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssista nt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssista nt#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssista nt#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssista nt#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssista nt#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssista nt#UrlInfoAbout

Adware.Zango Toolbar/Hb
HKCR\CoreSrv.CoreServices
HKCR\CoreSrv.CoreServices\CLSID
HKCR\CoreSrv.CoreServices\CurVer
HKCR\CoreSrv.CoreServices.1
HKCR\CoreSrv.CoreServices.1\CLSID
HKCR\CoreSrv.LfgAx
HKCR\CoreSrv.LfgAx\CLSID
HKCR\CoreSrv.LfgAx\CurVer
HKCR\CoreSrv.LfgAx.1
HKCR\CoreSrv.LfgAx.1\CLSID
HKCR\HBMain.CommBand
HKCR\HBMain.CommBand\CLSID
HKCR\HBMain.CommBand\CurVer
HKCR\HBMain.CommBand.1
HKCR\HBMain.CommBand.1\CLSID
HKCR\hbr.HbMain
HKCR\hbr.HbMain\CLSID
HKCR\hbr.HbMain\CurVer
HKCR\hbr.HbMain.1
HKCR\hbr.HbMain.1\CLSID
HKCR\HostOL.MailAnim
HKCR\HostOL.MailAnim\CLSID
HKCR\HostOL.MailAnim\CurVer
HKCR\HostOL.MailAnim.1
HKCR\HostOL.MailAnim.1\CLSID
HKCR\HostOL.WebmailSend
HKCR\HostOL.WebmailSend\CLSID
HKCR\HostOL.WebmailSend\CurVer
HKCR\HostOL.WebmailSend.1
HKCR\HostOL.WebmailSend.1\CLSID
HKCR\InstIE.HbInstObj
HKCR\InstIE.HbInstObj\CLSID
HKCR\InstIE.HbInstObj\CurVer
HKCR\InstIE.HbInstObj.1
HKCR\InstIE.HbInstObj.1\CLSID
HKCR\Srv.CoreServices
HKCR\Srv.CoreServices\CLSID
HKCR\Srv.CoreServices\CurVer
HKCR\Srv.CoreServices.1
HKCR\Srv.CoreServices.1\CLSID
HKCR\Toolbar.HtmlMenuUI
HKCR\Toolbar.HtmlMenuUI\CLSID
HKCR\Toolbar.HtmlMenuUI\CurVer
HKCR\Toolbar.HtmlMenuUI.1
HKCR\Toolbar.HtmlMenuUI.1\CLSID
HKCR\Toolbar.ToolbarCtl
HKCR\Toolbar.ToolbarCtl\CLSID
HKCR\Toolbar.ToolbarCtl\CurVer
HKCR\Toolbar.ToolbarCtl.1
HKCR\Toolbar.ToolbarCtl.1\CLSID
HKCR\CLSID\{54A3F8B7-228E-4ED8-895B-DE832B2C3959}
HKCR\CLSID\{54A3F8B7-228E-4ED8-895B-DE832B2C3959}\InprocServer32
HKCR\CLSID\{54A3F8B7-228E-4ED8-895B-DE832B2C3959}\InprocServer32#ThreadingModel
HKCR\CLSID\{54A3F8B7-228E-4ED8-895B-DE832B2C3959}\ProgID
HKCR\CLSID\{54A3F8B7-228E-4ED8-895B-DE832B2C3959}\Programmable
HKCR\CLSID\{54A3F8B7-228E-4ED8-895B-DE832B2C3959}\TypeLib
HKCR\CLSID\{54A3F8B7-228E-4ED8-895B-DE832B2C3959}\VersionIndependentProgID
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\InprocServer32
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\InprocServer32#ThreadingModel
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\ProgID
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\Programmable
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\TypeLib
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\VersionIndependentProgID
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\Control
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\InprocServer32
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\InprocServer32#ThreadingModel
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\MiscStatus
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\MiscStatus\1
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\ProgID
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\Programmable
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\ToolboxBitmap32
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\TypeLib
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\Version
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\VersionIndependentProgID
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}\LocalServer32
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}\ProgID
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}\Programmable
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}\TypeLib
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}\VersionIndependentProgID
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\Control
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\InprocServer32
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\InprocServer32#ThreadingModel
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\ProgID
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\Programmable
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\ToolboxBitmap32
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\TypeLib
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\VersionIndependentProgID
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}#AppID
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Control
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Implemented Categories
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\InprocServer32
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\InprocServer32#ThreadingModel
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\MiscStatus
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\MiscStatus\1
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\ProgID
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Programmable
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\ToolboxBitmap32
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\TypeLib
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Version
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\VersionIndependentProgID
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\InprocServer32
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\InprocServer32#ThreadingModel
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\ProgID
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\Programmable
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\TypeLib
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\VersionIndependentProgID
HKCR\CLSID\{BF1BF02C-5A86-4ECF-ADAC-472C54C4D21E}
HKCR\CLSID\{BF1BF02C-5A86-4ECF-ADAC-472C54C4D21E}\Implemented Categories
HKCR\CLSID\{BF1BF02C-5A86-4ECF-ADAC-472C54C4D21E}\Implemented Categories\{7EF771FA-79EA-40AF-AAD1-4AA3D1E2C6F7}
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\InprocServer32
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\InprocServer32#ThreadingModel
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\ProgID
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\Programmable
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\TypeLib
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\VersionIndependentProgID
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\InprocServer32
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\InprocServer32#ThreadingModel
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\ProgID
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\TypeLib
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\VersionIndependentProgID
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\InprocServer32
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\InprocServer32#ThreadingModel
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\ProgID
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\Programmable
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\TypeLib
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\VersionIndependentProgID
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}\1.0
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}\1.0\0
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}\1.0\0\win32
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}\1.0\FLAGS
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}\1.0\HELPDIR
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}\1.0
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}\1.0\0
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}\1.0\0\win32
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}\1.0\FLAGS
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}\1.0\HELPDIR
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0\0
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0\0\win32
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0\FLAGS
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0\HELPDIR
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}\1.0
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}\1.0\0
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}\1.0\0\win32
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}\1.0\FLAGS
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}\1.0\HELPDIR
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}\1.0
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}\1.0\0
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}\1.0\0\win32
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}\1.0\FLAGS
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}\1.0\HELPDIR
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}\1.0
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}\1.0\0
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}\1.0\0\win32
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}\1.0\FLAGS
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}\1.0\HELPDIR
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\ProxyStubClsid
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\ProxyStubClsid32
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\TypeLib
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\TypeLib#Version
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\ProxyStubClsid
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\ProxyStubClsid32
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\TypeLib
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\TypeLib#Version
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\ProxyStubClsid
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\ProxyStubClsid32
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\TypeLib
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\TypeLib#Version
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}\ProxyStubClsid
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}\ProxyStubClsid32
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}\TypeLib
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}\TypeLib#Version
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}\ProxyStubClsid
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}\ProxyStubClsid32
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}\TypeLib
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}\TypeLib#Version
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}\ProxyStubClsid
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}\ProxyStubClsid32
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}\TypeLib
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}\TypeLib#Version
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}\ProxyStubClsid
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}\ProxyStubClsid32
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}\TypeLib
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}\TypeLib#Version
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}\ProxyStubClsid
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}\ProxyStubClsid32
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}\TypeLib
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}\TypeLib#Version
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}\ProxyStubClsid
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}\ProxyStubClsid32
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}\TypeLib
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}\TypeLib#Version
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\ProxyStubClsid
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\ProxyStubClsid32
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\TypeLib
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\TypeLib#Version
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\ProxyStubClsid
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\ProxyStubClsid32
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\TypeLib
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\TypeLib#Version
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\ProxyStubClsid
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\ProxyStubClsid32
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\TypeLib
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\TypeLib#Version
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}\ProxyStubClsid
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}\ProxyStubClsid32
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}\TypeLib
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}\TypeLib#Version
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\ProxyStubClsid
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\ProxyStubClsid32
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\TypeLib
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\TypeLib#Version
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}\ProxyStubClsid
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}\ProxyStubClsid32
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}\TypeLib
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}\TypeLib#Version
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\ProxyStubClsid
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\ProxyStubClsid32
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\TypeLib
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\TypeLib#Version
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\ProxyStubClsid
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\ProxyStubClsid32
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\TypeLib
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\TypeLib#Version
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\ProxyStubClsid
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\ProxyStubClsid32
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\TypeLib
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\TypeLib#Version
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\ProxyStubClsid
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\ProxyStubClsid32
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\TypeLib
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\TypeLib#Version
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\ProxyStubClsid
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\ProxyStubClsid32
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\TypeLib
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\TypeLib#Version
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\ProxyStubClsid
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\ProxyStubClsid32
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\TypeLib
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\TypeLib#Version
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}\ProxyStubClsid
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}\ProxyStubClsid32
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}\TypeLib
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}\TypeLib#Version
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}\ProxyStubClsid
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}\ProxyStubClsid32
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}\TypeLib
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}\TypeLib#Version
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}\ProxyStubClsid
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}\ProxyStubClsid32
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}\TypeLib
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}\TypeLib#Version

Malware.MalwareAlarm
HKU\S-1-5-21-3652652152-3825283475-173008773-1006\Software\MalwareAlarm

Adware.Zango/ShoppingReport
HKCR\WeatherDPA.WeatherController
HKCR\WeatherDPA.WeatherController\CLSID
HKCR\WeatherDPA.WeatherController\CurVer
HKCR\WeatherDPA.WeatherController.1
HKCR\WeatherDPA.WeatherController.1\CLSID
HKCR\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}
HKCR\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}\LocalServer32
HKCR\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}\ProgID
HKCR\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}\Programmable
HKCR\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}\TypeLib
HKCR\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}\VersionIndependentProgID
HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}
HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}\1.0
HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}\1.0\0
HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}\1.0\0\win32
HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}\1.0\FLAGS
HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}\1.0\HELPDIR
HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}
HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\ProxyStubClsid
HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\ProxyStubClsid32
HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\TypeLib
HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\TypeLib#Version
HKCR\Interface\{AF55160D-CDE1-4A8B-8001-66DA06BEE740}
HKCR\Interface\{AF55160D-CDE1-4A8B-8001-66DA06BEE740}\ProxyStubClsid
HKCR\Interface\{AF55160D-CDE1-4A8B-8001-66DA06BEE740}\ProxyStubClsid32
HKCR\Interface\{AF55160D-CDE1-4A8B-8001-66DA06BEE740}\TypeLib
HKCR\Interface\{AF55160D-CDE1-4A8B-8001-66DA06BEE740}\TypeLib#Version
C:\Documents and Settings\Darren Dabill\Application Data\WeatherDPA\Weather\log.txt
C:\Documents and Settings\Darren Dabill\Application Data\WeatherDPA\Weather\WeatherDPA\ACItems
C:\Documents and Settings\Darren Dabill\Application Data\WeatherDPA\Weather\WeatherDPA\WeatherPreferences
C:\Documents and Settings\Darren Dabill\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Error
C:\Documents and Settings\Darren Dabill\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Loading
C:\Documents and Settings\Darren Dabill\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML
C:\Documents and Settings\Darren Dabill\Application Data\WeatherDPA\Weather\WeatherDPA
C:\Documents and Settings\Darren Dabill\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\Darren Dabill\Application Data\WeatherDPA\Weather\Weather_XML
C:\Documents and Settings\Darren Dabill\Application Data\WeatherDPA\Weather
C:\Documents and Settings\Darren Dabill\Application Data\WeatherDPA

Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 17:50:02, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Darren Dabill\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Darren Dabill\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093019513558
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129129611421
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2D5C5DB-E363-4105-923E-91D716B65DA2}: NameServer = 193.36.79.101 193.36.79.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device -