please can't do anything on explorer because constant popups of winantivirus pro have tried avg antispy, xsoft, adaware, spybot, register mechanic, spydoctor and can't get rid of this please help me thankyou

wallflower

Temporarily disable any of the following anti-spyware realtime protection programs that you may have Disable Realtime Protection or the fixes will not work. Be sure to turn yout anti-spyware programs back on once the computer is clean.

Turn off Norton's ScriptBlocking:

To disable Norton AntiVirus Script Blocking:

Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
Click Options.
If you see a menu, click Norton AntiVirus.
In the left pane, click Script Blocking.
In the right pane, uncheck Enable Script Blocking (recommended).
Click OK.

Please download VundoFix.exe to your C:\.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Run Vundofix again.

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces.

Please download and install the latest version of HijackThis v2.0.2:

Download the HijackThis Installer from this link: HijackThis

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

thank u
vundo found nothing
i don't have norton antivirus
i have mcafee and avg
here are the logs you asked for

ComboFix 07-10-04.6 - tracy 2007-10-04 15:51:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.59 [GMT 8:00]
Running from: C:\Documents and Settings\tracy\Desktop\downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\tracy\Application Data\inst.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awtuvsr.dll
C:\WINDOWS\system32\cbxxu.dll
C:\WINDOWS\system32\clabvtpi.dll
C:\WINDOWS\system32\epsrauqu.dll
C:\WINDOWS\system32\iifdaby.dll
C:\WINDOWS\system32\iptvbalc.ini
C:\WINDOWS\system32\jdypjrqy.dll
C:\WINDOWS\system32\kaosyhiv.dll
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\matjmssg.exe
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\ppbafaeu.dll
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\ttsut.bak1
C:\WINDOWS\system32\ttsut.bak2
C:\WINDOWS\system32\ttsut.ini
C:\WINDOWS\system32\tustt.dll
C:\WINDOWS\system32\ueafabpp.ini
C:\WINDOWS\system32\uquarspe.ini
C:\WINDOWS\system32\uxxbc.ini
C:\WINDOWS\system32\vihysoak.ini
C:\WINDOWS\system32\yqrjpydj.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-10-04 15:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 09:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 09:39 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-10-03 09:39 47,360 --a------ C:\Documents and Settings\tracy\Application Data\pcouffin.sys
2007-10-03 09:39 <DIR> d-------- C:\Program Files\DVDFab Gold 3
2007-10-03 09:39 <DIR> d-------- C:\Documents and Settings\tracy\Application Data\Vso
2007-10-03 01:25 <DIR> d-------- C:\Program Files\DVDIdle
2007-10-03 00:57 899,414 --a------ C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
2007-10-03 00:57 468,992 --a------ C:\Program Files\DVDFabDecrypter.exe
2007-10-03 00:57 <DIR> d-------- C:\Program Files\DVDFab Decrypter2977
2007-10-03 00:57 <DIR> d-------- C:\Program Files\dvd shrink
2007-10-03 00:57 <DIR> d-------- C:\Program Files\dvd decrypter
2007-10-03 00:55 258,560 --a------ C:\Program Files\DVDRegionFree.exe
2007-10-03 00:33 <DIR> d-------- C:\WINDOWS\system\DRIVER
2007-10-02 23:38 <DIR> d-------- C:\Program Files\Webroot Spy Sweeper 5[1].2.3
2007-10-02 23:38 <DIR> d-------- C:\Program Files\Uniblue
2007-10-02 23:38 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Std
2007-10-02 23:38 <DIR> d-------- C:\Program Files\tracy unzipped
2007-10-02 23:38 <DIR> d-------- C:\Program Files\STOPzilla!
2007-10-02 23:38 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-02 23:37 <DIR> d-------- C:\Program Files\SlySoft CloneCD v5.2.9.1-YAG
2007-10-02 23:37 <DIR> d-------- C:\Program Files\PopupVanish
2007-10-02 23:33 <DIR> d-------- C:\Program Files\PC-Doctor 5 for Windows
2007-10-02 23:33 <DIR> d-------- C:\Program Files\NoAdware
2007-10-02 23:33 <DIR> d-------- C:\Program Files\ffdshow
2007-10-02 23:33 <DIR> d-------- C:\Program Files\DVDIdle Pro
2007-10-02 23:33 <DIR> d-------- C:\Program Files\DVD Region+CSS Free Lite
2007-10-02 23:32 <DIR> d-------- C:\Program Files\DVD Region+CSS Free
2007-10-02 23:32 <DIR> d-------- C:\Program Files\12Ghosts
2007-10-02 21:32 77,376 --a------ C:\WINDOWS\system32\vvwkpdsv.dll
2007-10-02 20:16 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-02 13:43 6,473 --ahs---- C:\WINDOWS\system32\jihjl.bak1
2007-10-02 11:51 87,104 --a------ C:\WINDOWS\system32\jwiuaiet.dll
2007-10-02 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-02 11:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-02 10:36 87,104 --a------ C:\WINDOWS\system32\rmkpeldm.dll
2007-10-02 10:32 310,880 --a------ C:\WINDOWS\system32\rqrpn.dll
2007-10-02 08:45 310,880 --a------ C:\WINDOWS\system32\ljhij.dll
2007-10-01 23:06 87,104 --a------ C:\WINDOWS\system32\fuaffcyc.dll
2007-10-01 19:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-10-01 17:19 310,880 --a------ C:\WINDOWS\system32\xxyyw.dll
2007-10-01 17:07 <DIR> d-------- C:\Documents and Settings\tracy\Application Data\Lavasoft
2007-10-01 17:06 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-01 17:05 2,855,080 --a------ C:\Program Files\aawsepersonal.exe
2007-10-01 12:47 310,880 --a------ C:\WINDOWS\system32\ddaay.dll
2007-10-01 09:13 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-30 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-30 12:43 <DIR> d-------- C:\Program Files\Nero
2007-09-30 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-09-30 12:26 <DIR> d-------- C:\Program Files\AskTBar
2007-09-30 10:28 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-09-29 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-29 18:47 <DIR> d-------- C:\Program Files\Smart PC Solutions
2007-09-29 18:47 <DIR> d-------- C:\Documents and Settings\tracy\Application Data\Smart PC Solutions
2007-09-29 17:33 <DIR> d-------- C:\Program Files\Word Wizard Deluxe
2007-09-29 17:33 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-09-29 15:32 63 --a------ C:\WINDOWS\system\SYSRegC.dll
2007-09-29 15:31 143,360 --a------ C:\WINDOWS\system32\GetHardDiskNo.dll
2007-09-29 15:30 <DIR> d-------- C:\Program Files\Max Registry Cleaner
2007-09-28 23:26 <DIR> d-------- C:\Program Files\.limewire
2007-09-28 14:24 <DIR> d-------- C:\Program Files\PCPitstop
2007-09-28 12:47 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-28 12:31 <DIR> d-------- C:\Incomplete
2007-09-28 12:31 <DIR> d-------- C:\Downloads
2007-09-28 12:28 <DIR> d-------- C:\Documents and Settings\tracy\Shared
2007-09-28 12:28 <DIR> d-------- C:\Documents and Settings\tracy\Incomplete
2007-09-28 12:28 <DIR> d-------- C:\Documents and Settings\tracy\.limewire
2007-09-28 12:24 <DIR> d-------- C:\Program Files\LimeWire
2007-09-28 12:13 <DIR> d-------- C:\Program Files\Limewire Lime Wire Pro v.4.9 Cracked with Java Runtime Environment
2007-09-28 11:54 <DIR> d-------- C:\Program Files\ares ultra
2007-09-28 09:57 <DIR> d-------- C:\VundoFix Backups
2007-09-12 20:26 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-12 18:05 733,148 --ahs---- C:\WINDOWS\system32\wacfe.bak2
2007-09-12 16:05 <DIR> d-------- C:\Program Files\WinZip Self-Extractor
2007-09-12 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZipSE
2007-09-12 11:28 6,488 --ahs---- C:\WINDOWS\system32\wacfe.bak1
2007-09-11 19:35 <DIR> d-------- C:\QUARANTINE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-03 1rogram Files\MSN Games
2007-10-03 1ocuments and Settings\All Users\Application Data\DVD Shrink
2007-10-02 1rogram Files\Windows Live Toolbar
2007-09-30 1rogram Files\Common Files\Ahead
2007-09-28 2rogram Files\.limewire
2007-09-20 1ocuments and Settings\All Users\Application Data\Kodak
2007-08-23 1rogram Files\MSXML 4.0
2007-04-29 09:27 81408 --a------ C:\Program Files\ParetoLogic_Slayer_v1.3.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{980B74ED-C830-4444-BB44-23D1BBA0FEB8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [2004-04-30 18:56]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [2004-04-30 18:56]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-19 22:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 21:31]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-02 12:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVDIdle\DVDShell.dll [2004-10-09 15:18 49152]

R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
S3 wanusb;D-Link DSL-200 USB ADSL Modem(WAN);C:\WINDOWS\system32\DRIVERS\gwausb.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-04 08:11:32 C:\WINDOWS\Tasks\XoftSpySE 2.job"
"2007-10-02 12:17:04 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 16:12:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-04 16:16:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-04 16:15
.
--- E O F ---

Scan saved at 7:38:34 AM, on 10/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {980B74ED-C830-4444-BB44-23D1BBA0FEB8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.c...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewo...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

wallflower

Go to start> control panel. add/remove programs and uninstall this program if found:

LimeWire

Please download “Avenger” by swandog46 to your desktop from this link Avenger
1. Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text contained in the area between the X"s below to your Clipboard by highlighting it and pressing (Ctrl+C):
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Files to delete:
C:\WINDOWS\system32\jihjl.bak1
C:\WINDOWS\system32\rqrpn.dll
C:\WINDOWS\system32\ljhij.dll
C:\WINDOWS\system32\fuaffcyc.dll
C:\WINDOWS\system32\xxyyw.dll
C:\WINDOWS\system32\ddaay.dll
C:\WINDOWS\system32\wacfe.bak2
C:\WINDOWS\system32\wacfe.bak1

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger's actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

Go to this link, VirusTotal copy the following files one at the time into the "upload and scan box", click submit then post the results.

C:\WINDOWS\system32\vvwkpdsv.dll

C:\WINDOWS\system32\jwiuaiet.dll

C:\WINDOWS\system32\jwiuaiet.dll

You java is out of date.

Your java is out of date and can be exploited.

Download the latest version of http://java.sun.com/javase/downloads/index.jsp

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".

Click the "Download" button to the right.

Check the box that says: "Accept License Agreement". The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Close any programs you may have running - especially your web browser.

Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.

Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed

. Then from your desktop double-click on jre-1_6_2-windowsi586-p.exe to install the newest version.

have done what you have asked thanku so much for your help:-)

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pjcpxcfc

*******************

Script file located at: \??\C:\WINDOWS\xywydhba.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\jihjl.bak1 deleted successfully.

File C:\WINDOWS\system32\rqrpn.dll not found!
Deletion of file C:\WINDOWS\system32\rqrpn.dll failed!

Could not process line:
C:\WINDOWS\system32\rqrpn.dll
Status: 0xc0000034

File C:\WINDOWS\system32\ljhij.dll not found!
Deletion of file C:\WINDOWS\system32\ljhij.dll failed!

Could not process line:
C:\WINDOWS\system32\ljhij.dll
Status: 0xc0000034

File C:\WINDOWS\system32\fuaffcyc.dll deleted successfully.

File C:\WINDOWS\system32\xxyyw.dll not found!
Deletion of file C:\WINDOWS\system32\xxyyw.dll failed!

Could not process line:
C:\WINDOWS\system32\xxyyw.dll
Status: 0xc0000034

File C:\WINDOWS\system32\ddaay.dll not found!
Deletion of file C:\WINDOWS\system32\ddaay.dll failed!

Could not process line:
C:\WINDOWS\system32\ddaay.dll
Status: 0xc0000034

File C:\WINDOWS\system32\wacfe.bak2 deleted successfully.
File C:\WINDOWS\system32\wacfe.bak1 deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

wallflower

hi me again other posts you requested from
virus tool

File vvwkpdsv.dll received on 10.05.2007 05:42:25 (CET)
Current status: finished
Result: 3/32 (9.38%)
Compact
Print results
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.10.5.0 2007.10.04 -
AntiVir 7.6.0.20 2007.10.04 TR/Dldr.ConHook.Gen
Authentium 4.93.8 2007.10.04 -
Avast 4.7.1051.0 2007.10.04 -
AVG 7.5.0.488 2007.10.04 -
BitDefender 7.2 2007.10.05 -
CAT-QuickHeal 9.00 2007.10.03 -
ClamAV 0.91.2 2007.10.04 -
DrWeb 4.44.0.09170 2007.10.04 -
eSafe 7.0.15.0 2007.10.04 -
eTrust-Vet 31.2.5187 2007.10.04 -
Ewido 4.0 2007.10.04 -
FileAdvisor 1 2007.10.05 -
Fortinet 3.11.0.0 2007.10.05 -
F-Prot 4.3.2.48 2007.10.04 -
F-Secure 6.70.13030.0 2007.10.05 -
Ikarus T3.1.1.12 2007.10.05 -
Kaspersky 7.0.0.125 2007.10.05 -
McAfee 5134 2007.10.04 -
Microsoft 1.2803 2007.10.04 -
NOD32v2 2572 2007.10.04 -
Norman 5.80.02 2007.10.04 -
Panda 9.0.0.4 2007.10.05 Suspicious file
Prevx1 V2 2007.10.05 -
Rising 19.43.30.00 2007.10.04 -
Sophos 4.22.0 2007.10.05 -
Sunbelt 2.2.907.0 2007.10.04 -
Symantec 10 2007.10.05 -
TheHacker 6.2.6.076 2007.10.03 -
VBA32 3.12.2.4 2007.10.03 -
VirusBuster 4.3.26:9 2007.10.04 -
Webwasher-Gateway 6.0.1 2007.10.04 Trojan.Dldr.ConHook.Gen
Additional information
File size: 77376 bytes
MD5: 179a308738b2754d8617227bb13bc5e9
SHA1: 9437252b64496663709180ca956a9ab8ad91da08
Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español

Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

File jwiuaiet.dll received on 10.05.2007 06:01:22 (CET)
Current status: finished
Result: 4/32 (12.5%)
Compact
Print results
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.10.5.0 2007.10.04 -
AntiVir 7.6.0.20 2007.10.04 TR/Dldr.ConHook.Gen
Authentium 4.93.8 2007.10.04 -
Avast 4.7.1051.0 2007.10.04 -
AVG 7.5.0.488 2007.10.04 -
BitDefender 7.2 2007.10.05 -
CAT-QuickHeal 9.00 2007.10.03 -
ClamAV 0.91.2 2007.10.04 -
DrWeb 4.44.0.09170 2007.10.04 -
eSafe 7.0.15.0 2007.10.04 -
eTrust-Vet 31.2.5187 2007.10.04 -
Ewido 4.0 2007.10.04 -
FileAdvisor 1 2007.10.05 -
Fortinet 3.11.0.0 2007.10.05 -
F-Prot 4.3.2.48 2007.10.04 -
F-Secure 6.70.13030.0 2007.10.05 -
Ikarus T3.1.1.12 2007.10.05 -
Kaspersky 7.0.0.125 2007.10.05 -
McAfee 5134 2007.10.04 -
Microsoft 1.2803 2007.10.04 -
NOD32v2 2572 2007.10.04 -
Norman 5.80.02 2007.10.04 -
Panda 9.0.0.4 2007.10.05 -
Prevx1 V2 2007.10.05 Trojan.Vundo
Rising 19.43.30.00 2007.10.04 -
Sophos 4.22.0 2007.10.05 Virtumundo
Sunbelt 2.2.907.0 2007.10.04 -
Symantec 10 2007.10.05 -
TheHacker 6.2.6.076 2007.10.03 -
VBA32 3.12.2.4 2007.10.03 -
VirusBuster 4.3.26:9 2007.10.04 -
Webwasher-Gateway 6.0.1 2007.10.04 Trojan.Dldr.ConHook.Gen
Additional information
File size: 87104 bytes
MD5: e5559a37ae419df0544c414c719187eb
SHA1: 865dd2e7013c671ea41b154adac99c20e01eb878
Prevx info: http://fileinfo.prevx.com/fileinfo....
Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español

Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

File jwiuaiet.dll received on 10.05.2007 06:26:38 (CET)
Current status: finished
Result: 4/32 (12.5%)
Compact
Print results
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.10.5.0 2007.10.04 -
AntiVir 7.6.0.20 2007.10.04 TR/Dldr.ConHook.Gen
Authentium 4.93.8 2007.10.04 -
Avast 4.7.1051.0 2007.10.04 -
AVG 7.5.0.488 2007.10.04 -
BitDefender 7.2 2007.10.05 -
CAT-QuickHeal 9.00 2007.10.03 -
ClamAV 0.91.2 2007.10.04 -
DrWeb 4.44.0.09170 2007.10.04 -
eSafe 7.0.15.0 2007.10.04 -
eTrust-Vet 31.2.5187 2007.10.04 -
Ewido 4.0 2007.10.04 -
FileAdvisor 1 2007.10.05 -
Fortinet 3.11.0.0 2007.10.05 -
F-Prot 4.3.2.48 2007.10.04 -
F-Secure 6.70.13030.0 2007.10.05 -
Ikarus T3.1.1.12 2007.10.05 -
Kaspersky 7.0.0.125 2007.10.05 -
McAfee 5134 2007.10.04 -
Microsoft 1.2803 2007.10.04 -
NOD32v2 2572 2007.10.04 -
Norman 5.80.02 2007.10.04 -
Panda 9.0.0.4 2007.10.05 -
Prevx1 V2 2007.10.05 Trojan.Vundo
Rising 19.43.30.00 2007.10.04 -
Sophos 4.22.0 2007.10.05 Virtumundo
Sunbelt 2.2.907.0 2007.10.02 -
Symantec 10 2007.10.05 -
TheHacker 6.2.6.076 2007.10.03 -
VBA32 3.12.2.4 2007.10.03 -
VirusBuster 4.3.26:9 2007.10.04 -
Webwasher-Gateway 6.0.1 2007.10.04 Trojan.Dldr.ConHook.Gen
Additional information
File size: 87104 bytes
MD5: e5559a37ae419df0544c414c719187eb
SHA1: 865dd2e7013c671ea41b154adac99c20e01eb878
Prevx info: http://fileinfo.prevx.com/fileinfo....

wallflower

Run Avenger again and delete these files:

C:\WINDOWS\system32\vvwkpdsv.dll

C:\WINDOWS\system32\jwiuaiet.dll

C:\WINDOWS\system32\rmkpeldm.dll

Post a new Hijack This log and a new Combofix log please.

hi thanx again have run avenger and deleted files here are logs of hijack and combofix :-)

Logfile of HijackThis v1.99.1
Scan saved at 18:28, on 2007-10-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {980B74ED-C830-4444-BB44-23D1BBA0FEB8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr0...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewo...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

ComboFix 07-10-04.6 - tracy 2007-10-06 18:17:07.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.55 [GMT 8:00]
Running from: C:\Documents and Settings\tracy\Desktop\downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-06 to 2007-10-06 )))))))))))))))))))))))))))))))
.

2007-10-05 20:27 <DIR> d-------- C:\Program Files\InstallShield Installation Information
2007-10-05 20:26 <DIR> d-------- C:\Documents and Settings\tracy\Application Data\Leadertech
2007-10-05 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fellowes
2007-10-05 20:19 <DIR> d-------- C:\Program Files\Fellowes
2007-10-05 19:02 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-10-05 16:29 98,816 --a------ C:\Program Files\NOTEPAPE.DLL
2007-10-05 16:29 97,792 --a------ C:\Program Files\STAMP.DLL
2007-10-05 16:29 97,792 --a------ C:\Program Files\GRAPHICP.DLL
2007-10-05 16:29 97,792 --a------ C:\Program Files\EMBOSS.DLL
2007-10-05 16:29 777,216 --a------ C:\Program Files\PHOTOED.EXE
2007-10-05 16:29 183,808 --a------ C:\Program Files\TEXTURIZ.DLL
2007-10-05 16:29 115,712 --a------ C:\Program Files\STAINEDG.DLL
2007-10-05 16:29 110,080 --a------ C:\Program Files\WATERCOL.DLL
2007-10-05 16:29 104,448 --a------ C:\Program Files\CHALKCHA.DLL
2007-10-05 12:19 17,920 --a------ C:\Documents and Settings\tracy\Application Data\GDIPFONTCACHEV1.DAT
2007-10-05 11:16 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-10-05 11:12 <DIR> d-------- C:\WINDOWS\ShellNew
2007-10-04 15:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 09:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 09:39 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-10-03 09:39 47,360 --a------ C:\Documents and Settings\tracy\Application Data\pcouffin.sys
2007-10-03 09:39 <DIR> d-------- C:\Program Files\DVDFab Gold 3
2007-10-03 09:39 <DIR> d-------- C:\Documents and Settings\tracy\Application Data\Vso
2007-10-03 01:25 <DIR> d-------- C:\Program Files\DVDIdle
2007-10-03 00:57 899,414 --a------ C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
2007-10-03 00:57 468,992 --a------ C:\Program Files\DVDFabDecrypter.exe
2007-10-03 00:57 <DIR> d-------- C:\Program Files\DVDFab Decrypter2977
2007-10-03 00:57 <DIR> d-------- C:\Program Files\dvd shrink
2007-10-03 00:57 <DIR> d-------- C:\Program Files\dvd decrypter
2007-10-03 00:55 258,560 --a------ C:\Program Files\DVDRegionFree.exe
2007-10-03 00:33 <DIR> d-------- C:\WINDOWS\system\DRIVER
2007-10-02 23:38 <DIR> d-------- C:\Program Files\Webroot Spy Sweeper 5[1].2.3
2007-10-02 23:38 <DIR> d-------- C:\Program Files\Uniblue
2007-10-02 23:38 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Std
2007-10-02 23:38 <DIR> d-------- C:\Program Files\tracy unzipped
2007-10-02 23:38 <DIR> d-------- C:\Program Files\STOPzilla!
2007-10-02 23:38 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-02 23:37 <DIR> d-------- C:\Program Files\SlySoft CloneCD v5.2.9.1-YAG
2007-10-02 23:37 <DIR> d-------- C:\Program Files\PopupVanish
2007-10-02 23:33 <DIR> d-------- C:\Program Files\PC-Doctor 5 for Windows
2007-10-02 23:33 <DIR> d-------- C:\Program Files\NoAdware
2007-10-02 23:33 <DIR> d-------- C:\Program Files\ffdshow
2007-10-02 23:33 <DIR> d-------- C:\Program Files\DVDIdle Pro
2007-10-02 23:33 <DIR> d-------- C:\Program Files\DVD Region+CSS Free Lite
2007-10-02 23:32 <DIR> d-------- C:\Program Files\DVD Region+CSS Free
2007-10-02 23:32 <DIR> d-------- C:\Program Files\12Ghosts
2007-10-02 20:16 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-02 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-02 11:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-01 19:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-10-01 17:07 <DIR> d-------- C:\Documents and Settings\tracy\Application Data\Lavasoft
2007-10-01 17:06 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-01 17:05 2,855,080 --a------ C:\Program Files\aawsepersonal.exe
2007-10-01 09:13 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-30 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-30 12:43 <DIR> d-------- C:\Program Files\Nero
2007-09-30 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-09-30 12:26 <DIR> d-------- C:\Program Files\AskTBar
2007-09-30 10:28 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-09-29 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-29 18:47 <DIR> d-------- C:\Program Files\Smart PC Solutions
2007-09-29 18:47 <DIR> d-------- C:\Documents and Settings\tracy\Application Data\Smart PC Solutions
2007-09-29 17:33 <DIR> d-------- C:\Program Files\Word Wizard Deluxe
2007-09-29 17:33 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-09-29 15:32 63 --a------ C:\WINDOWS\system\SYSRegC.dll
2007-09-29 15:31 143,360 --a------ C:\WINDOWS\system32\GetHardDiskNo.dll
2007-09-29 15:30 <DIR> d-------- C:\Program Files\Max Registry Cleaner
2007-09-28 23:26 <DIR> d-------- C:\Program Files\.limewire
2007-09-28 14:24 <DIR> d-------- C:\Program Files\PCPitstop
2007-09-28 12:47 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-28 12:31 <DIR> d-------- C:\Incomplete
2007-09-28 12:31 <DIR> d-------- C:\Downloads
2007-09-28 12:28 <DIR> d-------- C:\Documents and Settings\tracy\Shared
2007-09-28 12:28 <DIR> d-------- C:\Documents and Settings\tracy\Incomplete
2007-09-28 12:28 <DIR> d-------- C:\Documents and Settings\tracy\.limewire
2007-09-28 12:24 <DIR> d-------- C:\Program Files\LimeWire
2007-09-28 12:13 <DIR> d-------- C:\Program Files\Limewire Lime Wire Pro v.4.9 Cracked with Java Runtime Environment
2007-09-28 11:54 <DIR> d-------- C:\Program Files\ares ultra
2007-09-28 09:57 <DIR> d-------- C:\VundoFix Backups
2007-09-12 20:26 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-12 16:05 <DIR> d-------- C:\Program Files\WinZip Self-Extractor
2007-09-12 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZipSE
2007-09-11 19:35 <DIR> d-------- C:\QUARANTINE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-05 18:47 104 --a------ C:\Program Files\Microsoft Outlook (2).lnk
2007-10-05 1ocuments and Settings\tracy\Application Data\Ahead
2007-10-05 17:48 104 --a------ C:\Program Files\Microsoft Outlook.lnk
2007-10-05 16:26 554 --a------ C:\Program Files\Shortcut to PHOTOED.lnk
2007-10-04 1ocuments and Settings\All Users\Application Data\DVD Shrink
2007-10-03 1rogram Files\MSN Games
2007-10-02 1rogram Files\Windows Live Toolbar
2007-09-30 1rogram Files\Common Files\Ahead
2007-09-29 22:26 90624 --a------ C:\WINDOWS\system32\mydocs.dll
2007-09-28 2rogram Files\.limewire
2007-09-20 1ocuments and Settings\All Users\Application Data\Kodak
2007-08-23 1rogram Files\MSXML 4.0
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-04-29 09:27 81408 --a------ C:\Program Files\ParetoLogic_Slayer_v1.3.exe
1998-11-14 02:09 89059 --a------ C:\Program Files\PHOTOED.HLP
1998-09-10 18:31 4171 --a------ C:\Program Files\PHOTOED.CNT
1996-11-17 00:00 9902 --a------ C:\Program Files\PHOTOED.SRG
.

((((((((((((((((((((((((((((( snapshot@2007-10-04_16.14.26.48 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 379,704 2006-06-20 07:44:04 C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
----a-w 117,088 2006-11-20 03:04:18 C:\WINDOWS\Downloaded Program Files\PURen-au.dll
----a-r 10,134 2007-10-05 12:24:08 C:\WINDOWS\Installer\{41979C2F-34B8-4F92-8111-B13C5864682D}\ARPPRODUCTICON.exe
----a-r 3,638 2007-10-05 12:24:09 C:\WINDOWS\Installer\{41979C2F-34B8-4F92-8111-B13C5864682D}\MediaFACEPrintCalib.exe
----a-r 10,134 2007-10-05 12:24:09 C:\WINDOWS\Installer\{41979C2F-34B8-4F92-8111-B13C5864682D}\MediaFACESkinWizard.exe
----a-r 10,134 2007-10-05 12:24:09 C:\WINDOWS\Installer\{41979C2F-34B8-4F92-8111-B13C5864682D}\MediaFACE_1.exe
----a-r 167,936 2007-10-05 03:18:15 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
----a-r 34,304 2007-10-05 03:18:14 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
----a-r 8,192 2007-10-05 03:18:15 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
----a-r 3,584 2007-10-05 03:18:15 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
----a-r 114,688 2007-10-05 03:18:15 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
----a-r 16,384 2007-10-05 03:18:14 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
----a-r 30,720 2007-10-05 03:18:15 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
----a-r 22,528 2007-10-05 03:18:16 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
----a-r 45,056 2007-10-05 03:18:14 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
----a-r 90,112 2007-10-05 03:18:14 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
----a-r 34,304 2007-10-05 10:47:30 C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0050048383C9}\misc.exe
----a-r 8,192 2007-10-05 10:47:30 C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
----a-r 3,584 2007-10-05 10:47:30 C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
----a-r 16,384 2007-10-05 10:47:29 C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
----a-r 12,800 2007-10-05 10:47:29 C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0050048383C9}\pubs.exe
----a-w 32,768 2001-01-21 19:25:24 C:\WINDOWS\system32\ATHPRXY.DLL
----a-w 1,129,232 1999-10-17 11:01:42 C:\WINDOWS\system32\FM20.DLL
----a-w 26,384 1999-10-17 11:01:16 C:\WINDOWS\system32\FM20ENU.DLL
----a-w 237,552 2007-10-06 01:12:57 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 135,168 2007-09-24 14:30:28 C:\WINDOWS\system32\java.exe
----a-w 135,168 2007-09-24 14:30:30 C:\WINDOWS\system32\javaw.exe
----a-w 139,264 2007-09-24 15:31:42 C:\WINDOWS\system32\javaws.exe
----a-w 293,376 2003-08-12 03:58:14 C:\WINDOWS\system32\lfAFP13n.dll
----a-w 25,600 2003-08-12 03:58:14 C:\WINDOWS\system32\lfani13n.dll
----a-w 18,944 2003-08-12 03:58:14 C:\WINDOWS\system32\lfavi13n.dll
----a-w 23,040 2003-08-12 03:58:14 C:\WINDOWS\system32\lfawd13n.dll
----a-w 35,840 2003-08-12 03:58:14 C:\WINDOWS\system32\lfcal13n.dll
----a-w 65,536 2003-08-12 03:58:14 C:\WINDOWS\system32\Lfcgm13n.dll
----a-w 29,184 2003-08-12 03:58:14 C:\WINDOWS\system32\lfclp13n.dll
----a-w 445,440 2003-08-12 03:58:16 C:\WINDOWS\system32\LFCMW13n.dll
----a-w 21,504 2003-08-12 03:58:16 C:\WINDOWS\system32\lfCUT13n.dll
----a-w 54,784 2003-08-12 03:58:16 C:\WINDOWS\system32\Lfdgn13n.dll
----a-w 52,224 2003-08-12 03:58:16 C:\WINDOWS\system32\lfdrw13n.dll
----a-w 482,816 2003-08-12 03:58:18 C:\WINDOWS\system32\lfdwf13n.dll
----a-w 122,880 2003-08-12 03:58:18 C:\WINDOWS\system32\lfdwg13n.dll
----a-w 133,632 2003-08-12 03:58:18 C:\WINDOWS\system32\lfdxf13n.dll
----a-w 37,888 2003-08-12 03:58:18 C:\WINDOWS\system32\lfeps13n.dll
----a-w 73,216 2003-08-12 03:58:18 C:\WINDOWS\system32\lffax13n.dll
----a-w 38,400 2003-08-12 03:58:18 C:\WINDOWS\system32\lfflc13n.dll
----a-w 84,480 2003-08-12 03:58:18 C:\WINDOWS\system32\lffpx13n.dll
----a-w 338,944 2003-08-12 03:58:20 C:\WINDOWS\system32\lffpx7.dll
----a-w 83,968 2003-08-12 03:58:20 C:\WINDOWS\system32\lfgbr13n.dll
----a-w 48,128 2003-08-12 03:58:20 C:\WINDOWS\system32\lfica13n.dll
----a-w 27,136 2003-08-12 03:58:20 C:\WINDOWS\system32\lfiff13n.dll
----a-w 20,992 2003-08-12 03:58:20 C:\WINDOWS\system32\lfimg13n.dll
----a-w 19,968 2003-08-12 03:58:20 C:\WINDOWS\system32\lfitg13n.dll
----a-w 252,928 2003-08-12 03:58:20 C:\WINDOWS\system32\LFJ2K13n.dll
----a-w 90,112 2003-08-12 03:58:22 C:\WINDOWS\system32\lfjbg13n.dll
----a-w 118,784 2003-08-12 03:58:22 C:\WINDOWS\system32\lfkodak.dll
----a-w 29,184 2003-08-12 03:58:22 C:\WINDOWS\system32\lflma13n.dll
----a-w 31,744 2003-08-12 03:58:22 C:\WINDOWS\system32\lflmb13n.dll
----a-w 18,944 2003-08-12 03:58:22 C:\WINDOWS\system32\lfmac13n.dll
----a-w 101,888 2003-08-12 03:58:22 C:\WINDOWS\system32\lfmpg13n.dll
----a-w 18,944 2003-08-12 03:58:22 C:\WINDOWS\system32\lfmsp13n.dll
----a-w 19,968 2003-08-12 03:58:22 C:\WINDOWS\system32\lfpcd13n.dll
----a-w 93,184 2003-08-12 03:58:22 C:\WINDOWS\system32\lfPCL13n.dll
----a-w 59,392 2003-08-12 03:58:24 C:\WINDOWS\system32\Lfpct13n.dll
----a-w 26,112 2003-08-12 03:58:24 C:\WINDOWS\system32\lfpcx13n.dll
----a-w 170,496 2003-08-12 03:58:24 C:\WINDOWS\system32\lfpdf13n.dll
----a-w 74,240 2003-08-12 03:58:24 C:\WINDOWS\system32\lfplt13n.dll
----a-w 148,480 2003-08-12 03:58:24 C:\WINDOWS\system32\Lfpng13n.dll
----a-w 31,232 2003-08-12 03:58:24 C:\WINDOWS\system32\LFPNM13n.dll
----a-w 55,296 2003-08-12 03:58:24 C:\WINDOWS\system32\lfpsd13n.dll
----a-w 69,632 2003-08-12 03:58:24 C:\WINDOWS\system32\LFPTK13n.dll
----a-w 19,456 2003-08-12 03:58:24 C:\WINDOWS\system32\lfras13n.dll
----a-w 17,920 2003-08-12 03:58:26 C:\WINDOWS\system32\lfRaw13n.dll
----a-w 58,368 2003-08-12 03:58:26 C:\WINDOWS\system32\lfsct13n.dll
----a-w 20,480 2003-08-12 03:58:26 C:\WINDOWS\system32\lfsgi13n.dll
----a-w 82,432 2003-08-12 03:58:26 C:\WINDOWS\system32\lfshp13n.dll
----a-w 33,792 2003-08-12 03:58:26 C:\WINDOWS\system32\LFSMP13n.dll
----a-w 23,552 2003-08-12 03:58:26 C:\WINDOWS\system32\lftga13n.dll
----a-w 131,072 2003-08-12 03:58:26 C:\WINDOWS\system32\lftif13n.dll
----a-w 19,456 2003-08-12 03:58:26 C:\WINDOWS\system32\lfvec13n.dll
----a-w 19,968 2003-08-12 03:58:26 C:\WINDOWS\system32\lfwfx13n.dll
----a-w 49,152 2003-08-12 03:58:26 C:\WINDOWS\system32\Lfwmf13n.dll
----a-w 33,280 2003-08-12 03:58:26 C:\WINDOWS\system32\lfwmp13n.dll
----a-w 20,480 2003-08-12 03:58:26 C:\WINDOWS\system32\lfwpg13n.dll
----a-w 45,056 2003-08-12 03:58:28 C:\WINDOWS\system32\lfXbm13n.dll
----a-w 47,104 2003-08-12 03:58:28 C:\WINDOWS\system32\lfXpm13n.dll
----a-w 25,600 2003-08-12 03:58:28 C:\WINDOWS\system32\lfxwd13n.dll
----a-w 777,728 2003-08-12 03:58:28 C:\WINDOWS\system32\ltann13n.dll
----a-w 116,736 2003-08-12 03:58:28 C:\WINDOWS\system32\LTAUT13n.dll
----a-w 1,685,504 2003-08-12 03:58:30 C:\WINDOWS\system32\LTCLR13n.dll
----a-w 80,384 2003-08-12 03:58:32 C:\WINDOWS\system32\LTCON13n.dll
----a-w 708,608 2003-08-12 03:58:32 C:\WINDOWS\system32\ltcry13n.dll
----a-w 920,576 2003-08-12 03:58:34 C:\WINDOWS\system32\LTDic13n.dll
----a-w 1,368,064 2003-08-12 03:58:36 C:\WINDOWS\system32\ltdlg13n.dll
----a-w 34,816 2003-08-12 03:58:38 C:\WINDOWS\system32\ltisi13n.dll
----a-w 50,176 2003-08-12 03:58:38 C:\WINDOWS\system32\ltlst13n.dll
----a-w 76,288 2003-08-12 03:58:38 C:\WINDOWS\system32\ltpdg13n.dll
----a-w 122,368 2003-08-12 03:58:38 C:\WINDOWS\system32\Ltpnt13n.dll
----a-w 794,624 2003-08-12 03:58:38 C:\WINDOWS\system32\LTRTN13n.dll
----a-w 139,776 2003-08-12 03:58:40 C:\WINDOWS\system32\LTSCR13n.dll
----a-w 110,592 2003-08-12 03:58:40 C:\WINDOWS\system32\Ltsgm13n.dll
----a-w 77,312 2003-08-12 03:58:40 C:\WINDOWS\system32\LTTLB13n.dll
----a-w 147,456 2003-08-12 03:58:40 C:\WINDOWS\system32\lttls13n.dll
----a-w 32,256 2003-08-12 03:58:40 C:\WINDOWS\system32\lttmb13n.dll
----a-w 104,960 2003-08-12 03:58:40 C:\WINDOWS\system32\lttw213n.dll
----a-w 35,328 2003-08-12 03:58:40 C:\WINDOWS\system32\lttwn13n.dll
----a-w 825,344 2003-08-12 03:58:42 C:\WINDOWS\system32\ltwen13n.dll
----a-w 30,208 2003-08-12 03:58:42 C:\WINDOWS\system32\LTWND13n.dll
----a-w 888,832 2003-08-12 03:58:44 C:\WINDOWS\system32\LTWVC13n.dll
----a-w 229,376 2003-08-12 03:58:44 C:\WINDOWS\system32\Lvkrn13n.dll
----a-w 520,128 1998-10-01 04:00:38 C:\WINDOWS\system32\MAPI.DLL
----a-w 38,160 1998-03-25 16:00:00 C:\WINDOWS\system32\MAPISRVR.EXE
----a-w 53,248 1998-06-17 10:08:32 C:\WINDOWS\system32\MFC42ENU.DLL
----a-w 397,312 2000-05-11 05:06:20 C:\WINDOWS\system32\MSRDO20.DLL
----a-w 118,784 2000-05-23 13:45:58 C:\WINDOWS\system32\MSSTDFMT.DLL
----a-w 94,208 1998-08-09 02:07:34 C:\WINDOWS\system32\MSSTKPRP.DLL
----a-w 212,480 2003-08-12 03:58:44 C:\WINDOWS\system32\Pcdlib32.dll
----a-w 45,056 1998-09-29 08:43:34 C:\WINDOWS\system32\PUBDLG.DLL
----a-w 151,552 2000-04-03 09:52:54 C:\WINDOWS\system32\RDOCURS.DLL
----a-w 15,872 1998-03-24 12:54:08 C:\WINDOWS\system32\SCP32.DLL
----a-w 40,960 1999-11-24 09:40:50 C:\WINDOWS\system32\VBAME.DLL
----a-r 206,336 2003-08-12 04:01:40 C:\WINDOWS\system32\Vic32.dll
----a-w 126,976 2003-08-12 03:59:04 C:\WINDOWS\system32\zip.exe
.
----a-w 372,736 2004-10-08 08:01:22 C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
----a-w 91,888 2007-06-18 11:10:30 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 49,248 2004-12-06 12:04:12 C:\WINDOWS\system32\java.exe
----a-w 49,250 2004-12-06 12:04:20 C:\WINDOWS\system32\javaw.exe
----a-w 127,078 2004-12-06 13:31:50 C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{980B74ED-C830-4444-BB44-23D1BBA0FEB8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [2004-04-30 18:56]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [2004-04-30 18:56]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-19 22:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-02 12:58]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-08-18 17:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVDIdle\DVDShell.dll [2004-10-09 15:18 49152]

R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
S3 wanusb;D-Link DSL-200 USB ADSL Modem(WAN);C:\WINDOWS\system32\DRIVERS\gwausb.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-06 10:09:56 C:\WINDOWS\Tasks\XoftSpySE 2.job"
"2007-10-02 12:17:04 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.

wallflower

Looks like you still have LimeWire installed.

It will cause you to get reinfected, you should uninstall it. Other than that the computer looks clean. How is the computer operating.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {980B74ED-C830-4444-BB44-23D1BBA0FEB8} - (no file)

Run Hijack This, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

thanku so much for your help and patience with me. have done all you have asked.
my computer is running alot better now.
thanks again huge help and a lifesaver:-)

wallflower

Glad we could help.