Help Virus Hijack This Log

C

coombesy

New Member
Hey i have a bad virus on my pc it will not let me usethe internet or run any program that uses the internet even if i rty to run avg it says it isnt installed and it cant install it gets a error i tried to run combo fix but it just stays on teh loading screen even if left for 6 hours any idea thanks alot chris
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27, on 2008-12-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\ChrisyC\LOCALS~1\Temp\winlogin.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\system32\sysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\rs32net.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\DOCUME~1\ChrisyC\LOCALS~1\Temp\csrssc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\ChrisyC\LOCALS~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINDOWS\system32\sysmgr.exe
O4 - HKLM\..\Run: [c4811295] rundll32.exe "C:\WINDOWS\system32\somugvuq.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NSeries.PCSync] C:\Program Files\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Windows] "C:\Windows\System32\windows.exe"
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\ChrisyC\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\ChrisyC\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKCU\..\Run: [12CFG94-z641-2SF-N31P-5M1ER6H6L1] C:\RECYCLER\S-1-5-21-8050998117-4677350942-853580909-0763\winigon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://www.flatcast.info/objects/NpFv41629.dll
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsne87fidgf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8049 bytes
 
Hey sorry i have now run one of those malwre scan but still have the problem although it is now better s i can get on internet just cnt see any pictures and some internet programs wont run here is the malware scan log
Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

2008-12-14 22:04:54
mbam-log-2008-12-14 (22-04-54).txt

Scan type: Quick Scan
Objects scanned: 56632
Time elapsed: 7 minute(s), 34 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 6
Registry Keys Infected: 48
Registry Values Infected: 12
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 115

Memory Processes Infected:
C:\Documents and Settings\ChrisyC\Local Settings\Temp\winlogin.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\WINDOWS\system32\rs32net.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\rs32net.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\sysmgr.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\efcDtRHw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\somugvuq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wingsa32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\meqarwng.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\jsne87fidgf.dll (Trojan.Clicker) -> Delete on reboot.
C:\WINDOWS\system32\hgGyAPhI.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4fd130ae-d8d2-4137-a680-c5cf233be545} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggyaphi (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4fd130ae-d8d2-4137-a680-c5cf233be545} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97993a77-bfd6-48ce-b999-dd1229ebaa0b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{97993a77-bfd6-48ce-b999-dd1229ebaa0b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingsa32 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\meqarwng (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\y456.y456mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{51fc8c8a-a290-44bb-9331-c2d3289976a6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\y456.y456mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4fd130ae-d8d2-4137-a680-c5cf233be545} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b200799f-9538-403d-9a6e-36f5942ec540} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b200799f-9538-403d-9a6e-36f5942ec540} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1fb1e1df-46b6-4077-800f-b18a1463b280} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1fb1e1df-46b6-4077-800f-b18a1463b280} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{97993a77-bfd6-48ce-b999-dd1229ebaa0b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2d806390-8480-47e2-b8da-cd500bf3461a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d806390-8480-47e2-b8da-cd500bf3461a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati0taxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati0taxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati0taxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati0taxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c4811295 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsjfn83jkemfofght (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsjfn83jkemfofght (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg94-z641-2sf-n31p-5m1er6h6l1 (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4fd130ae-d8d2-4137-a680-c5cf233be545} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft(R) System Manager (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efcdtrhw -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcdtrhw -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Rapid Antivirus (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Rapid Antivirus (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\124909 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\hgGyAPhI.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\efcDtRHw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wHRtDcfe.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wHRtDcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nitxmyta.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atymxtin.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smhfxsym.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysxfhms.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\somugvuq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\quvgumos.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\wingsa32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\meqarwng.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\jsne87fidgf.dll (Trojan.Clicker) -> Delete on reboot.
C:\Documents and Settings\ChrisyC\Local Settings\Temp\winlogin.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rs32net.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3406142399-2788157538-908212416-9039\winigon.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\124909\124909.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fklame32.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cslyfidn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXNEVnN.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fcccaYSI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ivkxpx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\skgmfvex.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vsvugiex.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vxyfqofd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bfgrrf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dyaaac.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eueajoeo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gzkxsg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgxpcdhh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lkatwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pemuphmn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaieje.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekaoivi.dll (Trojan.Seneka) -> Delete on reboot.
C:\WINDOWS\system32\tnkyvnun.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trpxfvjx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsfenyod.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iahjik.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iaxjrdoi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fqfrua.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpbqrb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qnmwuemy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uigmtlsa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xsfxcybu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yrjjqbme.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati0taxx.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\seneka.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekaqnea.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\ChrisyC\Local Settings\Temp\111.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\ChrisyC\Local Settings\Temp\301.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\ChrisyC\Local Settings\Temp\360.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\ChrisyC\Local Settings\Temp\4270544786.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ChrisyC\Local Settings\Temp\BN79.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ChrisyC\Local Settings\Temp\newbot.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN14.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN2.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN5.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN7B.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN9A7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNB.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNC84.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNC85.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNC88.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNC8E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNC90.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNC93.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNCA2.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNCA5.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNCA7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNCAA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNCAE.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BND.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BND26.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ChrisyC\Local Settings\Temporary Internet Files\Content.IE5\2WSBZO8C\newdon[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\ChrisyC\Local Settings\Temporary Internet Files\Content.IE5\KVU22FK0\zc113432[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Rapid Antivirus\Buy.url (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Rapid Antivirus\Help.url (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Rapid Antivirus\HowToBuy.txt (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Rapid Antivirus\ID.dat (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Rapid Antivirus\License.txt (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Rapid Antivirus\Uninstall.exe (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Rapid Antivirus\Purchase License.lnk (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Rapid Antivirus\Start Rapid Antivirus.lnk (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Rapid Antivirus\Support Page.lnk (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Rapid Antivirus\Uninstall.lnk (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\k86.bin (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\windows.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysmgr.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvcrt2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msiconf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ChrisyC\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hrpdcf.bin (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnonlli.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRIaAst.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRKDspN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtrRKdD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJDTKEU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJYQGaX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc7b22109.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc7b22109.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccbccBt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfGyyay.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\csrssc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
 
And here is new hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11, on 2008-12-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NSeries.PCSync] C:\Program Files\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://www.flatcast.info/objects/NpFv41629.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7121 bytes
 
Hello:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply i will need:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
When I try to run combo fix I get the following error:
Some files could not be created.
Please close all applications, reboot windows and restart the installation

I have tried doing all 3 of these thing twice and both time i get the same error i also tried deleting that version and re downloading but to no prevail.

Thanks for all your help so far
Chris
 
Also try running ComboFix in Safe Mode (tap F8 just before Windows starts to load and select Safe Mode from the list).
 
Hey i have now run combo fix and the pc does seem better although now my wireless internet connection dongle is broke it only works for like 2 mins at a time. The internet does seem better although internet explorer wont show any pictures or logos but safari works fine just very slow here is my combo fix log and hijack thislog thanks very much for all your help Chris
ComboFix 08-12-15.01 - ChrisyC 2008-12-16 22:22:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.601 [GMT 0:00]
Running from: c:\documents and settings\ChrisyC\Desktop\coombesy.exe.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\avgqevnh.dll
c:\windows\system32\bkxodubj.ini
c:\windows\system32\cshgputx.dll
c:\windows\system32\cveyzh.dll
c:\windows\system32\cwcylh.dll
c:\windows\system32\dhoiivns.dll
c:\windows\system32\drivers\ati0taxx.sys
c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\fqnfss.dll
c:\windows\system32\gyuksrjg.dll
c:\windows\system32\hkrjpiuq.ini
c:\windows\system32\hqqcvcia.dll
c:\windows\system32\hrrlrxvv.dll
c:\windows\system32\ivxxyheo.dll
c:\windows\system32\jsrefenl.dll
c:\windows\system32\k86.bin
c:\windows\system32\kwave.sys
c:\windows\system32\lrmmcufv.dll
c:\windows\system32\nbajmxce.dll
c:\windows\system32\ndqusi.dll
c:\windows\system32\njsiojgx.dll
c:\windows\system32\oknhxn.dll
c:\windows\system32\pfoorfvc.ini
c:\windows\system32\pjvpdtof.ini
c:\windows\system32\pkmipq.dll
c:\windows\system32\pmoxafvw.dll
c:\windows\system32\rkskt.sys
c:\windows\system32\rksocket.dll
c:\windows\system32\rornunyd.dll
c:\windows\system32\skjujumf.dll
c:\windows\system32\spsylisf.dll
c:\windows\system32\tvpttxqa.dll
c:\windows\system32\uyjesqpg.dll
c:\windows\system32\vfgcodfh.ini
c:\windows\system32\wapgggoy.dll
c:\windows\system32\ydwzvz.dll
c:\windows\system32\yiymewaw.dll
c:\windows\Tasks\xhupvdtv.job

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATI0TAXX
-------\Legacy_FCI
-------\Service_ati0taxx
-------\Service_restore
-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 )))))))))))))))))))))))))))))))
.

2008-12-14 21:50 . 2008-12-14 21:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 21:50 . 2008-12-14 21:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-14 21:50 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 21:50 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-13 17:29 . 2008-12-16 22:20 <DIR> d-------- C:\ComboFix
2008-12-13 17:27 . 2008-12-13 17:27 <DIR> d-------- c:\program files\Trend Micro
2008-12-06 08:59 . 2008-12-06 08:59 1,467,816 --ahs---- c:\windows\system32\rbugpcjx.tmp
2008-11-30 14:44 . 2008-11-30 14:44 <DIR> d--hs---- c:\windows\system32\config\systemprofile\PrivacIE
2008-11-29 22:44 . 2008-11-29 22:44 3,306 --a------ c:\windows\system32\cnf.dat
2008-11-29 22:44 . 2008-12-14 22:14 7 --a------ c:\windows\system32\nxg.bin
2008-11-29 22:44 . 2008-11-29 22:44 0 --a------ c:\windows\system32\cmdl.lock
2008-11-29 22:00 . 2008-11-29 22:00 <DIR> d--h----- c:\program files\Zero G Registry
2008-11-29 22:00 . 2008-12-16 22:27 <DIR> d-------- c:\program files\Steam
2008-11-29 22:00 . 2008-11-29 22:00 <DIR> d-------- c:\program files\Sports Interactive
2008-11-29 21:59 . 2008-11-29 21:59 <DIR> d--h----- c:\documents and settings\ChrisyC\InstallAnywhere
2008-11-26 20:30 . 2008-07-09 08:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2008-11-26 19:35 . 2008-11-26 19:35 <DIR> d-------- c:\program files\Mediatwins software
2008-11-26 19:32 . 2008-11-26 19:32 <DIR> d-------- c:\program files\GPL MPEG Decoder
2008-11-26 11:39 . 2008-11-26 11:46 1,614,592 --ahs---- c:\windows\system32\lcmhyuch.tmp
2008-11-25 03:02 . 2008-11-25 03:02 127 --a------ c:\windows\system32\MRT.INI
2008-11-24 22:15 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-24 22:15 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-20 22:12 . 2008-11-20 22:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-20 22:09 . 2008-11-20 22:09 <DIR> d-------- c:\program files\MSBuild
2008-11-20 22:09 . 2008-11-20 22:09 <DIR> d-------- c:\program files\Bethesda Softworks
2008-11-20 22:09 . 2008-11-20 22:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-11-20 22:08 . 2008-11-20 22:08 <DIR> d-------- c:\windows\Logs
2008-11-20 22:05 . 2008-11-20 22:05 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-20 22:05 . 2008-11-20 22:05 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-20 22:04 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-11-20 22:03 . 2008-11-20 22:03 <DIR> d-------- c:\windows\system32\xlive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 22:43 8,544 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-29 22:39 --------- d-----w c:\program files\RAR Password Cracker
2008-11-26 12:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 12:25 --------- d-----w c:\program files\Bonjour
2008-11-25 08:24 --------- d-----w c:\program files\DivX
2008-11-21 08:14 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-20 22:29 --------- d-----w c:\program files\LimeWire
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-08-14 12:29 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NSeries.PCSync"="c:\program files\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe" [2007-02-23 1716224]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-11-20 270128]
"Steam"="c:\program files\Steam\Steam.exe" [2008-11-29 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-06-11 83968]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-15 185896]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wpbqrb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 11:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-15 23:23 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe []
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-01-14 33792]
S1 rkskt;Raw Socket Filtering Driver;c:\windows\system32\rkskt.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - h:\recycler\lasass.exe
\Shell\open\command - h:\recycler\lasass.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{120b6c66-5727-11dd-9f54-001195896dd8}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c78e0a5-362b-11dc-b9a9-806d6172696f}]
\Shell\AutoRun\command - f:\bin\assetup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-12-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-12-16 c:\windows\Tasks\User_Feed_Synchronization-{1B11C220-F8E5-4763-9AFF-D29DCDE2DE0E}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 02:05]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-msiexec.exe - msiconf.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\NpFv41629.dll - O16 -: {E55FD215-A32E-43FE-A777-A7E8F165F554}
hxxp://www.flatcast.info/objects/NpFv41629.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 22:27:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000002E7418F9BBE37C32E4 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-12-16 22:33:01 - machine was rebooted [ChrisyC]
ComboFix-quarantined-files.txt 2008-12-16 22:32:58

Pre-Run: 2,565,726,208 bytes free
Post-Run: 2,900,656,128 bytes free

231 --- E O F --- 2008-11-29 21:21:07
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:39, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NSeries.PCSync] C:\Program Files\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://www.flatcast.info/objects/NpFv41629.dll
O20 - AppInit_DLLs: wpbqrb.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6692 bytes
 
Hi, sorry for the delay please do the following;

Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.


In your next reply i will need:
  • The Kaspersky log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
Same issue with which I am dealing. ati0taxx is the source of the problem. Didn't see a fix posted within the forum. Still working on it. Had the same issue with the files. Six removed without a problem, but ati0taxx still abides in the windows\system32\driver folder and the registry. Pain in the hind end. Source is not email, as I don't have email on my device. If you have a fix, please post where to locate it. If not, as soon as I discover a means to ridding my device of this nuisance, I will post it.
 
Dyslexic Lunatic said:
Same issue with which I am dealing. ati0taxx is the source of the problem. Didn't see a fix posted within the forum. Still working on it. Had the same issue with the files. Six removed without a problem, but ati0taxx still abides in the windows\system32\driver folder and the registry. Pain in the hind end. Source is not email, as I don't have email on my device. If you have a fix, please post where to locate it. If not, as soon as I discover a means to ridding my device of this nuisance, I will post it.
Click to expand...

Please start your own thread. ;)
 
You must log in or register to reply here.
Back
Top