[Screlge]

I have a Dell Optiplex GX280 with an Integrated SATA HDD. Windows XP Pro SPII is riddled with a virus infection and I have to reformat and reinstall.

However, I need to get off the data that is not backed up. I am trying System Rescue at the moment but am having difficulty copying my files to an external drive.

I was planning to buy a new PC anyway and thought, if necessary, I could take out the infected HDD and put it in the new one as a slave in order to transfer my files.

Some questions:

Are there any traps I need to be aware of?
Do I need a PC with a particular type of HDD for this to work?
Do all the latest PC's have an extra bay for a slave drive?
Is there any danger that the infected HDD could contaminate the OS of the new PC?

Advice would be appreciated.

[etaf]

you could try this
www.ubuntu.com
download the ISO
right click on it and burn to CD
so you get a bootable cd
put that in the machine and boot from the CD
(you may need to set the bios to boot from CD first)
then with the UBUNTU running from CD
you can copy data between HD and External drive

Quote:

Some questions:

Are there any traps I need to be aware of?
Do I need a PC with a particular type of HDD for this to work?
Do all the latest PC's have an extra bay for a slave drive?
Is there any danger that the infected HDD could contaminate the OS of the new PC?

see how you get on with UBUNTU
also you could post a HJT log - see my signature for the program and copy the log file here for someone to decode and try and remove the virus/malware

[Screlge]

Ubuntu is brilliant. I am now copying my files to the External Drive. I can't thank you enough.

I can't run HijackThis because I can't get beyond the log in screen in Windows nor do a System Restore, Last Previous Config, Safe Mode etc.

Below is a Task List from Nov 3 just before Windows became unusable from the increasingly destructive infection:

Operating system : Microsoft Windows XP Professional 2.0 2600
TUT version : 4.84
PC network name : TWPC
Up Time : 1 Hour, 1 Minute, 15 Seconds
Generated on 3-Nov-2009 at 10:06:30
Country Locale : United Kingdom

Task List


Status Task Name CPU Memory Started Manufacturer
Unknown 15 — 2.41 MB 3-Nov-2009 9:07:14
Unknown 958zg8tg — 4.62 MB 3-Nov-2009 9:55:07 Doctor Web, Ltd.
Unknown FastNetSrv — 5.07 MB 3-Nov-2009 9:07:35 Netopsystems A
Unknown InstallShield Licensing Service — 1.24 MB 3-Nov-2009 9:06:15 Macrovision
Unknown lsm32 1% 11.81 MB 3-Nov-2009 10:05:22 nxsb vjsrlf xkbr
Unknown reader_s — 2.00 MB 3-Nov-2009 9:09:01
Unknown reader_s — 2.07 MB 3-Nov-2009 9:07:12
Unknown restorer32_a — 1.84 MB 3-Nov-2009 9:09:01
Unknown restorer32_a — 1.92 MB 3-Nov-2009 9:07:13
Unknown t38byz — 3.11 MB 3-Nov-2009 9:53:53 Doctor Web, Ltd.
Unknown VRT9 — 6.57 MB 3-Nov-2009 9:06:55 Andreas Hauslade
Unknown XYplorer — 12.70 MB 3-Nov-2009 9:53:16 www.xyplorer.com
User's Choice AppleMobileDeviceService — 2.32 MB 3-Nov-2009 9:06:05 Apple Inc.
User's Choice DesktopSearchService — 18.00 MB 3-Nov-2009 9:09:02 Copernic Inc.
User's Choice GoogleToolbarNotifier — 1.63 MB 3-Nov-2009 9:09:03 Google Inc.
User's Choice GoogleUpdate — 1.52 MB 3-Nov-2009 9:09:02 Google Inc.
User's Choice GoogleWebAccClient — 6.32 MB 3-Nov-2009 9:09:21
User's Choice KService — 10.99 MB 3-Nov-2009 9:06:15 Kontiki Inc.
User's Choice mDNSResponder — 3.57 MB 3-Nov-2009 9:06:05 Apple Inc.
Multiple Possibilities OUTLOOK — 82.76 MB 3-Nov-2009 9:18:02 Microsoft Corporation
OK cmd — 2.50 MB 3-Nov-2009 9:07:13 Microsoft Corporation
OK csrss — 4.69 MB 3-Nov-2009 9:05:50 Microsoft Corporation
OK ctfmon — 3.73 MB 3-Nov-2009 9:09:01 Microsoft Corporation
OK Explorer — 59.59 MB 3-Nov-2009 9:08:18 Microsoft Corporation
OK firefox 7% 128.65 MB 3-Nov-2009 9:11:41 Mozilla Corporation
OK lsass — 1.29 MB 3-Nov-2009 9:05:54 Microsoft Corporation
OK mxtask — 21 MB 3-Nov-2009 9:06:05 Avanquest North America, Inc.
OK mxtask — 24.23 MB 3-Nov-2009 9:06:15 Avanquest North America, Inc.
OK nmsrvc — 4.86 MB 3-Nov-2009 9:06:20 Pure Networks, Inc.
OK RoboTaskBarIcon — 6.86 MB 3-Nov-2009 9:09:06 Siber Systems
OK schedul2 — 2.35 MB 3-Nov-2009 9:06:05 Acronis
OK ScsiAccess — 0.95 MB 3-Nov-2009 9:06:15
OK services — 7.13 MB 3-Nov-2009 9:05:53 Microsoft Corporation
OK smss — 0.38 MB 3-Nov-2009 9:05:35 Microsoft Corporation
OK spoolsv — 5.71 MB 3-Nov-2009 9:05:56 Microsoft Corporation
OK svchost — 19.09 MB 3-Nov-2009 9:08:12 Microsoft Corporation
OK svchost — 2.69 MB 3-Nov-2009 9:08:19 Microsoft Corporation
OK svchost — 7.30 MB 3-Nov-2009 9:05:56 Microsoft Corporation
OK svchost 2% 16.61 MB 3-Nov-2009 9:08:18 Microsoft Corporation
OK svchost — 3.52 MB 3-Nov-2009 9:05:55 Microsoft Corporation
OK svchost — 24.79 MB 3-Nov-2009 9:05:55 Microsoft Corporation
OK svchost — 4.65 MB 3-Nov-2009 9:05:55 Microsoft Corporation
OK svchost — 3.89 MB 3-Nov-2009 9:09:04 Microsoft Corporation
OK svchost — 2.69 MB 3-Nov-2009 9:08:19 Microsoft Corporation
OK svchost — 2.54 MB 3-Nov-2009 9:09:10 Microsoft Corporation
OK svchost — 5.34 MB 3-Nov-2009 9:05:55 Microsoft Corporation
OK svchost — 2.65 MB 3-Nov-2009 9:10:08 Microsoft Corporation
OK svchost — 4.71 MB 3-Nov-2009 9:07:13 Microsoft Corporation
OK svchost — 6.11 MB 3-Nov-2009 9:11:46 Microsoft Corporation
OK svchost — 11.09 MB 3-Nov-2009 9:17:44 Microsoft Corporation
OK svchost — 5.60 MB 3-Nov-2009 9:07:09 Microsoft Corporation
OK svchost — 4.24 MB 3-Nov-2009 9:06:15 Microsoft Corporation
OK svchost — 7.09 MB 3-Nov-2009 9:07:23 Microsoft Corporation
OK UltimateTroubleshooter — 1.89 MB 3-Nov-2009 9:51:34 AnswersThatWork.com
OK UltimateTroubleshooter 2% 29.09 MB 3-Nov-2009 9:51:35 AnswersThatWork.com
OK WasherSvc — 5.07 MB 3-Nov-2009 9:06:17 Webroot Software, Inc.
OK winlogon — 3.88 MB 3-Nov-2009 9:05:52 Microsoft Corporation

I have a HijackThis file from 4 days earlier if that is of any interest.

[etaf]

Quote:

Ubuntu is brilliant. I am now copying my files to the External Drive. I can't thank you enough

yep I played with it for the first time a few weeks ago, and keep mentioning in posts here (almost getting boring) But it really seems to work for data recovering

glad it working ok

I guess you next step would be to put the recovery CD and repair/or reinstal

[Screlge]

If you mean the Win XP Recovery Disk, I did that a few days ago and it was looking good when my settings started to load and then I got the BSOD. It looks like a Format and Reinstallation unless you think there is any hope of getting rid of the virus. I have tried pretty well everything but the virus just kills everything before it even starts and redirects the browser away from malware and other sites.

[etaf]

you could try downloading UBCD4WIN
http://www.ubcd4win.com/
and creating a boot cd from the ISO
that has a few virus scans on it - including F-Prot

Or try F-Prot
http://www.avdisk.org/pages/mtx/f-prot.html
you may need this info
http://antivirus.about.com/c/ht/00/0...0963693426.htm

[Screlge]

I did that and eventually burnt it to CD (slow speed seems the most reliable way).

It worked brilliantly. When I ran the virus scan it came up with 44 items of malware which it removed. I ran Windows in normal mode. Initially I got these messages:
W has closed this program to protect your computer: Run a dll as an app.
Winlogon, Register Server, Application Layer Gateway Service has encountered a problem and needs to close.

After a reboot Windows started up normally!!. Thanks again.

There are residual issues, which relate back to the original malware infection. I have reinstalled Bit Defender Total Security and it works fine except I cannot Update and get the error message: "Invalid server or proxy settngs" I also reinstalled Malawarebytes' Anti-Malware and again it won't update. The error message here is "Make sure you are connected to the internet [I am] and that your firewall is set to allow access [It is]. The only things listed as blocked by the firewall are winnit.exe, explorer.exe and services.exe and one each of a number of instances of svchost.exe and Isass.exe.

I ran Malawarebytes without the update and it came up with 34 items of malware.

I am still getting redirected or blocked when I try to access malware sites using Google which suggests that there is a residual infection.
I attach my HijackThis file:

Logfile of HijackThis v1.99.1
Scan saved at 12:31:16, on 12/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\PROGRA~1\Fix-It\mxtask.exe
C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\Fix-It\mxtask.exe
C:\Program Files\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Network Magic\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_000\bdc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Your Uninstaller 2008\uruninstaller.exe
C:\DOCUME~1\TONYWE~1\LOCALS~1\Temp\dc34902284\t38byz.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\TONYWE~1\LOCALS~1\Temp\{71E72AFA-BE2A-43B9-B511-85F1C5C88928}\setup.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\The Ultimate Troubleshooter\UltimateTroubleshooter.exe
C:\Program Files\The Ultimate Troubleshooter\UltimateTroubleshooter.exe
C:\Documents and Settings\Tony Wells\My Documents\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbShar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WRShell.BHO - {255215E2-87DC-4819-8724-D0B4C94DBEF5} - C:\Program Files\Web Research\WRShell.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NewzCrawlerRSSAutodiscovery2 Object - {5F50A50A-0A0F-4F58-8B1C-62BC60F9B05A} - C:\PROGRA~1\NEWZCR~1\NCRSSA~1.DLL
O2 - BHO: Powermarks - {6172E460-FAE3-11D2-B494-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MSOFFI~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {C99EC891-4A46-4C9C-AB54-397B2BD492BA} - (no file)
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Web Research Toolbar - {8F0F47B1-7D4B-4834-A981-91E2A3DCE069} - C:\Program Files\Web Research\WRShell.dll
O3 - Toolbar: Web Research Editing Bar - {5338DF6C-3B3B-4E38-8B31-7B99986627B2} - C:\Program Files\Web Research\WRShell.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbShar.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\DownloadStudio\WebDLBar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Copernic Desktop Search CE - {435FAE9B-81A9-49D8-A0B1-A85ED3121976} - C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchBand300000061.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ctfmon] RUNDLL32.EXE C:\WINDOWS\system32\fgjk4wvb.dll,w
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tony Wells\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Copernic Desktop Search - Corporate] "C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [Windows Thumbnails] C:\WINDOWS\system32\winthumb.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\MS Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\DownloadStudio\ds_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MSOFFI~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: New &NetMark - C:\Program Files\NetMarks Manager\OpenNM.htm
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\Omnipage 15\PDFConverter3\IEShellExt.dll /100
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe in NewzCrawler - file://C:\Program Files\NewzCrawler\context.htm
O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\DownloadStudio\ds_rss.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: Web Research: Save Link Address As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#110
O8 - Extra context menu item: Web Research: Save Page Area (Frame) - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#102
O8 - Extra context menu item: Web Research: Save Page Area (Frame) As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#106
O8 - Extra context menu item: Web Research: Save Picture - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#101
O8 - Extra context menu item: Web Research: Save Picture As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#108
O8 - Extra context menu item: Web Research: Save Selected Targets As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#111
O8 - Extra context menu item: Web Research: Save Selection - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#104
O8 - Extra context menu item: Web Research: Save Selection As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#109
O8 - Extra context menu item: Web Research: Save Target - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#103
O8 - Extra context menu item: Web Research: Save Target As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#107
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: NetMarks Manager - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: New &NetMark - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\DownloadStudio\DownloadStudio.exe
O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\DownloadStudio\DownloadStudio.exe
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: TweakIE 3.0 - {79F436C2-3CA2-45A4-A52E-694B23DFFA88} - C:\Program Files\TweakIE 3.0\TweakIE.exe
O9 - Extra 'Tools' menuitem: TweakIE 3.0 - {79F436C2-3CA2-45A4-A52E-694B23DFFA88} - C:\Program Files\TweakIE 3.0\TweakIE.exe
O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - C:\Program Files\DownloadStudio\WebDLBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MSOFFI~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {A02676A0-9F00-11D6-8FE3-0040D005E5DC} - C:\Program Files\BookmarkManagerPro\Bmp.exe
O9 - Extra 'Tools' menuitem: Bookmark Manager Pro - {A02676A0-9F00-11D6-8FE3-0040D005E5DC} - C:\Program Files\BookmarkManagerPro\Bmp.exe
O9 - Extra button: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
O9 - Extra 'Tools' menuitem: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
O9 - Extra button: Bmp - {D1C84700-E074-11D6-8FE4-0040D005E5DC} - C:\Program Files\BookmarkManagerPro\Bmp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager.egg.com/Pinsafe...nttracking.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1232083179109
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MSOFFI~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\rdolib.dll
O20 - Winlogon Notify: iifCtUoN - iifCtUoN.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: aawservice - Unknown owner - C:\WINDOWS\TEMP\VRT145.tmp (file missing)
O23 - Service: AcrSch2Svc - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeActiveFileMonitor5.0 - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: AdobeActiveFileMonitor6.0 - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: BAsfIpM - Unknown owner - C:\WINDOWS\system32\basfipm.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CCALib8 - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: clr_optimization_v2.0.50727_32 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: DfSdkS - mst software GmbH, Germany - C:\Program Files\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: DirectGazn - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EraserThread - Unknown owner - C:\Program Files\Secure Clean PC\erasrv.exe (file missing)
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Unknown owner - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriverT - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LEC TranslateDotNet Server - Unknown owner - C:\Program Files\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MSSQL$LIFESTYLE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$LIFESTYLE\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: nmraapache - Unknown owner - C:\Program Files\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: nmservice - Pure Networks, Inc. - C:\Program Files\Network Magic\nmsrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Roxio UPnP Renderer 11 - Unknown owner - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: RoxLiveShare9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\ProShowGold\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: SQLAgent$LIFESTYLE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$LIFESTYLE\Binn\sqlagent.EXE (file missing)
O23 - Service: SystemSuite Task Manager - Unknown owner - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe" /service (file missing)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: YPCService - Unknown owner - C:\WINDOWS\system32\YPCSER~1.EXE (file missing)

[etaf]

you seem to have some nasties in there
Cqn you use the link in my signature to getthe latest version of HJT and post a new HJT log

you could also try http://www.superantispyware.com/index.html

i'll also move to malware forum, but may take a while for a shield to reply - post back if no answer in 24-48hrs

[Screlge]

It really is pernicious!
Tried superantispyware but as with everything I am blocked from downloading updates. The defintions on the download are 49 days old. It found 53 infections.
This is the log I created before I ran it :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:51, on 12/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\Fix-It\mxtask.exe
C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\Fix-It\mxtask.exe
C:\Program Files\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Network Magic\nmsrvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\The Ultimate Troubleshooter\UltimateTroubleshooter.exe
C:\Program Files\The Ultimate Troubleshooter\UltimateTroubleshooter.exe
C:\DOCUME~1\TONYWE~1\LOCALS~1\Temp\dc87217917\hn4ga4.exe
C:\Program Files\XYplorer\XYplorer.exe
C:\Program Files\Your Uninstaller 2008\uruninstaller.exe
C:\Documents and Settings\Tony Wells\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbShar.dll
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WRShell.BHO - {255215E2-87DC-4819-8724-D0B4C94DBEF5} - C:\Program Files\Web Research\WRShell.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NewzCrawlerRSSAutodiscovery2 Object - {5F50A50A-0A0F-4F58-8B1C-62BC60F9B05A} - C:\PROGRA~1\NEWZCR~1\NCRSSA~1.DLL
O2 - BHO: Powermarks - {6172E460-FAE3-11D2-B494-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MSOFFI~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {C99EC891-4A46-4C9C-AB54-397B2BD492BA} - (no file)
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Web Research Toolbar - {8F0F47B1-7D4B-4834-A981-91E2A3DCE069} - C:\Program Files\Web Research\WRShell.dll
O3 - Toolbar: Web Research Editing Bar - {5338DF6C-3B3B-4E38-8B31-7B99986627B2} - C:\Program Files\Web Research\WRShell.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbShar.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\DownloadStudio\WebDLBar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Copernic Desktop Search CE - {435FAE9B-81A9-49D8-A0B1-A85ED3121976} - C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchBand300000061.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ctfmon] RUNDLL32.EXE C:\WINDOWS\system32\fgjk4wvb.dll,w
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tony Wells\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Copernic Desktop Search - Corporate] "C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [Windows Thumbnails] C:\WINDOWS\system32\winthumb.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Tony Wells\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [restorer32_a] C:\Documents and Settings\Tony Wells\restorer32_a.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Tony Wells\reader_s.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\MS Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\DownloadStudio\ds_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MSOFFI~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: New &NetMark - C:\Program Files\NetMarks Manager\OpenNM.htm
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\Omnipage 15\PDFConverter3\IEShellExt.dll /100
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe in NewzCrawler - file://C:\Program Files\NewzCrawler\context.htm
O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\DownloadStudio\ds_rss.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: Web Research: Save Link Address As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#110
O8 - Extra context menu item: Web Research: Save Page Area (Frame) - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#102
O8 - Extra context menu item: Web Research: Save Page Area (Frame) As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#106
O8 - Extra context menu item: Web Research: Save Picture - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#101
O8 - Extra context menu item: Web Research: Save Picture As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#108
O8 - Extra context menu item: Web Research: Save Selected Targets As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#111
O8 - Extra context menu item: Web Research: Save Selection - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#104
O8 - Extra context menu item: Web Research: Save Selection As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#109
O8 - Extra context menu item: Web Research: Save Target - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#103
O8 - Extra context menu item: Web Research: Save Target As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#107
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: NetMarks Manager - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: New &NetMark - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\DownloadStudio\DownloadStudio.exe
O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\DownloadStudio\DownloadStudio.exe
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: TweakIE 3.0 - {79F436C2-3CA2-45A4-A52E-694B23DFFA88} - C:\Program Files\TweakIE 3.0\TweakIE.exe
O9 - Extra 'Tools' menuitem: TweakIE 3.0 - {79F436C2-3CA2-45A4-A52E-694B23DFFA88} - C:\Program Files\TweakIE 3.0\TweakIE.exe
O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - C:\Program Files\DownloadStudio\WebDLBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MSOFFI~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {A02676A0-9F00-11D6-8FE3-0040D005E5DC} - C:\Program Files\BookmarkManagerPro\Bmp.exe
O9 - Extra 'Tools' menuitem: Bookmark Manager Pro - {A02676A0-9F00-11D6-8FE3-0040D005E5DC} - C:\Program Files\BookmarkManagerPro\Bmp.exe
O9 - Extra button: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
O9 - Extra 'Tools' menuitem: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
O9 - Extra button: Bmp - {D1C84700-E074-11D6-8FE4-0040D005E5DC} - C:\Program Files\BookmarkManagerPro\Bmp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager.egg.com/Pinsafe...nttracking.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1232083179109
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MSOFFI~1\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\rdolib.dll
O20 - Winlogon Notify: iifCtUoN - iifCtUoN.dll (file missing)
O23 - Service: aawservice - Unknown owner - C:\WINDOWS\TEMP\VRT145.tmp (file missing)
O23 - Service: AcrSch2Svc - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeActiveFileMonitor5.0 - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: AdobeActiveFileMonitor6.0 - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: BAsfIpM - Unknown owner - C:\WINDOWS\system32\basfipm.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CCALib8 - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: clr_optimization_v2.0.50727_32 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: DfSdkS - mst software GmbH, Germany - C:\Program Files\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: DirectGazn - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EraserThread - Unknown owner - C:\Program Files\Secure Clean PC\erasrv.exe (file missing)
O23 - Service: fastnetsrv Service (fastnetsrv) - Unknown owner - C:\WINDOWS\system32\FastNetSrv.exe (file missing)
O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Unknown owner - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriverT - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LEC TranslateDotNet Server - Unknown owner - C:\Program Files\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MSSQL$LIFESTYLE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$LIFESTYLE\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: nmraapache - Pure Networks, Inc. - C:\Program Files\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: nmservice - Pure Networks, Inc. - C:\Program Files\Network Magic\nmsrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Roxio UPnP Renderer 11 - Unknown owner - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: RoxLiveShare9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\ProShowGold\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: SQLAgent$LIFESTYLE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$LIFESTYLE\Binn\sqlagent.EXE (file missing)
O23 - Service: SystemSuite Task Manager - Unknown owner - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: YPCService - Unknown owner - C:\WINDOWS\system32\YPCSER~1.EXE (file missing)
O24 - Desktop Component 0: (no name) - http://ads.searchextreme.com/getBann...geZone=SESide1

--
End of file - 23826 bytes

[Screlge]

Quote:

Originally Posted by etaf

you seem to have some nasties in there
Cqn you use the link in my signature to getthe latest version of HJT and post a new HJT log

you could also try http://www.superantispyware.com/index.html

i'll also move to malware forum, but may take a while for a shield to reply - post back if no answer in 24-48hrs

Haven't heard anything and it is now over 72 hours.
I was able to run Spybot earlier and it picked up 6 malwares including Virut.bg. The others were dealt with, but Virut proved resistant even after a reboot.

[etaf]

it can take a while for a guru to answer as its very busy - if no reply soon - hit the report button

[Screlge]

OK. Thanks for that.

[dvk01]

Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

then you should have internet connection back again so you can update MBAM & antivirus

run MBAm & post its log befopre we go any further

[Screlge]

Sorry for the delay in getting back. I really appreciate the support.

I am back to the position where I can no longer boot up in Windows whether it is Normal, Last Known Config, or Safe Mode.

I have been using a Ubuntu Boot Disk to access my data.

[dvk01]

your best bet then is to backup important data & reinstall windows