Need Touch to help: Cant remove spyware. HJT log/AVG & Combo Fix Attatched

BullGuard Antivirus Forum > Virus Removal > Removal Help > Need Touch to help: Cant remove spyware. HJT log/AVG & Combo Fix Attatched

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

stewart1

Date Joined Dec 2007
Total Posts : 0

Posted 12-27-2007 10:21 (GMT +1)

Happy belated Xmas to all.

Have tried SO hard to remove this on my own... got rid of the malware toolbar & home page redirect but am a noob so dont really know what im looking for have run about fifty full scans over last three days.

Have been using

1.Norton Antivirus 08 2.Spyware detector 3. Panda Active scan Pro all updated & removing cookies, trojans each time run but just seem to get back on somehow (have disabled system restore & enabled hidden files)

Problems being caused are:

1. Gold bar at top of IE saying 'click here to remove spyware'

2. New windows opening with fake offers of spyware removal

3. Norton blocking 'Downloader'

4. On booting up the laptop today had funky giant 'Doom' logo as background for the desktop caption underneath reading: 'Download privicy guard now'

Followed pre post thread & have the following logs

1. Hijack this 2. AVG Report 3. Combo Fix Report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:26, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cybertechhelp.com/forums/subscription.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - F:\MYDOCU~2\Programs\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SDAutoScan] "C:\Program Files\SpywareDetector\SpywareDetector.exe" -AUTOSCAN
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1686907679-1935298068-2883686305-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Administrator')
O4 - HKUS\S-1-5-21-1686907679-1935298068-2883686305-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-1686907679-1935298068-2883686305-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'Administrator')
O4 - HKUS\S-1-5-21-1686907679-1935298068-2883686305-501\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Guest')
O4 - HKUS\S-1-5-21-1686907679-1935298068-2883686305-501\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 10047 bytes

END OF HJT

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:34:45 27/12/2007

+ Scan result:

F:\Downloads\Downloaded Ebooks\Design and Photography Books\Adobe Photoshop\Plugins\234 Plugins with list\CRAWJPEG2000PBv10\-= Keygen Photoshop v7.0 =-\KeyGenPhotoShop7.exe -> Logger.Delf.ncs : No action taken.
C:\Documents and Settings\Terry Bell\Local Settings\Temporary Internet Files\Content.IE5\XNAKR2WH\install_en[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.au : No action taken.
:mozilla.20:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.52:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.18:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.31:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.35:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.36:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.49:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.64:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.79:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.85:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.27:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.28:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.37:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.38:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.39:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.40:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.41:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.42:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.43:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.44:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Msn : No action taken.
:mozilla.45:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Msn : No action taken.
:mozilla.46:C:\Documents and Settings\Terry Bell\Application Data\Flock\Browser\Profiles\6nj1r2xt.default\cookies.txt -> TrackingCookie.Msn : No action taken.

::Report end

End of AVG

ComboFix 07-12-28.1 - Terry Bell 2007-12-27 20:39:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.627 [GMT 0:00]
Running from: C:\Documents and Settings\Terry Bell\Local Settings\Temporary Internet Files\Content.IE5\HX32MZNS\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Terry Bell\Application Data\inst.exe
C:\Program Files\MediaVideoCodec
C:\Program Files\MediaVideoCodec\install.ico
C:\Temp\fCOe
C:\WINDOWS\alxvdvm.dll
C:\WINDOWS\bvtqfvx.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\domnftwlsd.dll
C:\WINDOWS\emlkdvo.dll
C:\WINDOWS\fvkwdrt.exe
C:\WINDOWS\hosts
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\lzhgin.dat
C:\WINDOWS\system32\lzhgin_nav.dat
C:\WINDOWS\system32\lzhgin_navps.dat
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\poof

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-27 18:10 . 2007-12-27 18:10 <DIR> d-------- C:\Documents and Settings\Terry Bell\Application Data\Grisoft
2007-12-27 18:10 . 2007-12-27 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-27 18:10 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-27 15:35 . 2007-12-27 15:36 81,256,221 --a------ C:\WINDOWS\pav.sig
2007-12-27 15:23 . 2005-10-20 10:34 69,632 --a------ C:\WINDOWS\system32\asprouni.exe
2007-12-27 15:22 . 2007-12-27 17:53 <DIR> d-------- C:\WINDOWS\system32\ASPRO
2007-12-27 15:22 . 2007-12-27 17:24 30,590 --a------ C:\WINDOWS\system32\pavaspro.ico
2007-12-27 15:22 . 2007-12-27 17:24 3,377 --a------ C:\WINDOWS\system32\.ico
2007-12-27 15:22 . 2007-12-27 17:24 2,550 --a------ C:\WINDOWS\system32\Uninstallpro.ico
2007-12-27 15:22 . 2007-12-27 17:24 1,406 --a------ C:\WINDOWS\system32\Helppro.ico
2007-12-27 14:43 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2007-12-27 14:42 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\dvshhyuuhrxe.sys
2007-12-27 14:38 . 2007-12-27 14:38 83,456 --a------ C:\WINDOWS\system32\123.tmp
2007-12-27 14:19 . 2007-12-27 15:38 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-27 14:19 . 2007-12-27 14:40 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-27 14:19 . 2007-12-27 14:40 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-27 14:19 . 2007-12-27 14:40 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-27 13:38 . 2007-12-27 13:38 <DIR> d-------- C:\Documents and Settings\Terry Bell\Application Data\SpywareBot
2007-12-27 11:49 . 2007-12-27 11:49 0 --a------ C:\WINDOWS\pestpatrol5.INI
2007-12-27 11:46 . 2007-12-27 11:47 812,344 --a------ C:\Program Files\HJTInstall.exe
2007-12-26 17:36 . 2007-12-26 19:21 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-26 12:28 . 2007-12-27 17:22 58,517 --a------ C:\WINDOWS\system32\DeleteDB.db
2007-12-25 11:03 . 2007-12-25 11:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-24 21:02 . 2007-12-24 21:02 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-12-24 21:02 . 2007-12-27 15:38 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-12-24 21:01 . 2007-12-24 21:21 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-24 21:01 . 2007-12-24 21:21 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-24 21:01 . 2007-12-24 21:21 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-24 21:01 . 2007-12-24 21:21 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-24 17:58 . 2007-12-24 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-24 17:21 . 2007-12-24 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2007-12-24 15:03 . 2007-12-24 15:03 <DIR> d-------- C:\Documents and Settings\Terry Bell\Application Data\Axialis
2007-12-23 11:30 . 2007-12-23 11:30 <DIR> d-------- C:\WINDOWS\lhsp
2007-12-23 11:29 . 2007-12-23 11:30 <DIR> d-------- C:\WINDOWS\speech
2007-12-22 15:45 . 2007-06-16 15:57 445,440 --a------ C:\WINDOWS\system32\ppsys.dll
2007-12-22 13:10 . 2007-12-27 15:38 <DIR> d-------- C:\Program Files\CDBurnerXP
2007-12-21 22:42 . 2007-12-22 11:15 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2007-12-21 19:15 . 2007-12-21 21:54 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-21 13:07 . 2007-12-21 13:07 <DIR> d-------- C:\Documents and Settings\Terry Bell\Application Data\Nero
2007-12-21 13:03 . 2007-12-21 22:13 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-12-21 13:03 . 2007-12-21 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-12-20 13:14 . 2007-12-20 13:14 <DIR> d-------- C:\Program Files\vso
2007-12-20 13:14 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-12-20 13:14 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-12-20 13:14 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-12-19 10:44 . 2007-12-19 10:44 <DIR> d-------- C:\Program Files\ACW
2007-12-18 13:03 . 2007-12-19 10:32 <DIR> d-------- C:\Program Files\Error Expert
2007-12-18 11:27 . 2007-12-18 11:27 <DIR> d-------- C:\WINDOWS\__SkypeIEToolbar_Cache
2007-12-16 18:07 . 2007-12-20 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2007-12-16 15:40 . 2007-12-26 16:22 <DIR> d-------- C:\Documents and Settings\Terry Bell\Application Data\Vso
2007-12-16 15:40 . 2007-12-20 13:14 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-16 15:40 . 2007-12-20 13:14 47,360 --a------ C:\Documents and Settings\Terry Bell\Application Data\pcouffin.sys
2007-12-15 16:12 . 2007-12-20 11:45 79 --a------ C:\WINDOWS\PXROBO_B.INI
2007-12-15 12:18 . 2007-12-15 12:18 <DIR> d-------- C:\Documents and Settings\Terry Bell\Application Data\Media Player Classic
2007-12-15 12:16 . 2007-08-18 07:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2007-12-14 11:22 . 2007-12-14 11:22 <DIR> d-------- C:\Documents and Settings\Terry Bell\Application Data\ImgBurn
2007-12-12 13:31 . 2007-12-12 13:31 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 16:41 . 2000-10-29 00:00 3,145,728 --a------ C:\Program Files\Streets of Rage 3 (E).bin
2007-12-08 21:40 . 2007-12-18 10:36 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-12-08 21:39 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\richtx32.ocx
2007-12-08 19:19 . 2007-12-08 19:21 29 --a------ C:\WINDOWS\Battle.ini
2007-12-08 18:20 . 2007-12-09 11:53 <DIR> d-------- C:\Program Files\Macromedia
2007-12-08 18:20 . 2007-12-09 11:53 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2007-12-08 17:06 . 2007-12-27 17:53 <DIR> d-------- C:\Program Files\BitZipper
2007-12-08 17:06 . 2007-12-08 17:06 <DIR> d-------- C:\Documents and Settings\Terry Bell\Application Data\BitZipper
2007-12-08 15:39 . 2007-12-17 13:01 <DIR> d-------- C:\Program Files\MagicISO
2007-12-08 13:28 . 2007-12-18 11:32 <DIR> d-------- C:\Program Files\SureThing
2007-12-08 11:55 . 2002-06-03 17:59 249,856 --a------ C:\WINDOWS\system32\PxSub.dll
2007-12-08 11:55 . 2002-06-13 17:40 98,304 --a------ C:\WINDOWS\Unin.exe
2007-12-08 11:55 . 2007-12-15 22:00 86,016 --------- C:\WINDOWS\system32\PxWMA.dll
2007-12-08 11:51 . 2001-10-24 17:36 6,915 --a------ C:\WINDOWS\system32\LANGMON.DLL
2007-12-06 22:52 . 2007-12-18 11:33 <DIR> dr------- C:\UDC Output Files
2007-12-02 13:18 . 2007-12-02 13:28 <DIR> d-------- C:\Documents and Settings\Terry Bell\Application Data\jah
2007-12-02 12:57 . 2007-12-02 17:33 <DIR> d-------- C:\Program Files\Simple CD-DVD Menu
2007-12-01 14:50 . 2007-12-01 14:50 <DIR> d-------- C:\videodvdmaker
2007-12-01 14:50 . 2007-12-01 14:50 <DIR> d-------- C:\Documents and Settings\Terry Bell\Application Data\Video DVD Maker FREE
2007-12-01 12:32 . 2007-12-01 12:32 <DIR> d-------- C:\f-29-retaliator
2007-12-01 12:12 . 2007-12-01 12:14 27,506,688 --a------ C:\none.avi
2007-12-01 11:49 . 2002-07-17 09:03 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-12-01 11:49 . 2002-07-17 08:05 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-12-01 11:26 . 2007-12-01 11:26 140,408 --a------ C:\Worms-(8)-[!].gs0
2007-12-01 11:11 . 2007-12-01 11:11 <DIR> d-------- C:\SB2
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-29 12:36 . 2007-12-05 13:27 5,000 --a------ C:\WINDOWS\system\COMM64.DLL
2007-11-28 13:41 . 2007-12-08 21:37 <DIR> d-------- C:\Program Files\CamStudio
2007-11-28 11:58 . 2007-12-16 15:39 454,144 ---hs---- C:\Program Files\Common Files\msdp.dll
2007-11-28 10:31 . 2007-11-28 10:31 1,611,924 --a------ C:\Program Files\streets_of_rage_2.exe
2007-11-28 10:30 . 2007-11-28 10:30 945,363 --a------ C:\Program Files\streets_of_rage1.exe
2007-11-28 10:19 . 2007-11-28 10:19 908,613 --a------ C:\Program Files\golden_axe_2.exe
2007-11-28 10:15 . 2007-11-28 10:16 1,268,883 --a------ C:\Program Files\golden_axe_3.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 20:45 --------- d-----w C:\Program Files\SpywareDetector
2007-12-27 17:53 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-27 17:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-27 15:38 --------- d-----w C:\Program Files\MSN Messenger
2007-12-27 12:03 --------- d-----w C:\Program Files\QuickTime
2007-12-26 23:00 --------- d-----w C:\Documents and Settings\Terry Bell\Application Data\Azureus
2007-12-24 21:21 --------- d-----w C:\Program Files\Symantec
2007-12-24 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-24 17:58 --------- d-----w C:\Program Files\Apple Software Update
2007-12-24 17:56 --------- d-----w C:\Documents and Settings\Terry Bell\Application Data\Corel
2007-12-24 17:53 5,642 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-24 13:39 --------- d-----w C:\Documents and Settings\Terry Bell\Application Data\AutoPlay Express
2007-12-22 18:11 --------- d-----w C:\Documents and Settings\Terry Bell\Application Data\FileVOoM
2007-12-21 12:21 --------- d-----w C:\Documents and Settings\Terry Bell\Application Data\Skype
2007-12-20 13:40 --------- d-----w C:\Program Files\Azureus
2007-12-18 12:38 --------- d-----w C:\Program Files\Google
2007-12-18 11:49 --------- d-----w C:\Program Files\Sonic
2007-12-18 11:38 --------- d-----w C:\Program Files\DivX
2007-12-18 11:35 --------- d-----w C:\Program Files\XnView
2007-12-18 11:35 --------- d-----w C:\Program Files\xKiosk2
2007-12-18 11:33 --------- d-----w C:\Program Files\Win64
2007-12-18 11:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-18 11:32 --------- d-----w C:\Program Files\SWiSHmax
2007-12-18 11:27 --------- d-----w C:\Program Files\Nvu
2007-12-18 11:25 --------- d-----w C:\Program Files\Samsung
2007-12-18 10:44 --------- d-----w C:\Program Files\MediaFood
2007-12-18 10:44 --------- d-----w C:\Program Files\Lincoln
2007-12-10 18:57 67,024 ----a-w C:\WINDOWS\system32\CloseAll.exe
2007-12-08 18:30 11,728 ----a-w C:\WINDOWS\system32\SDEarlyDelete.exe
2007-12-08 13:54 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-12-02 17:32 --------- d-----w C:\Program Files\GIMP-2.0
2007-12-02 14:25 --------- d-----w C:\Program Files\Easy Icon Maker
2007-12-02 14:22 --------- d-----w C:\Program Files\Corel
2007-12-02 14:22 --------- d-----w C:\Program Files\Common Files\Corel
2007-12-02 14:16 --------- d-----w C:\Program Files\CoffeeCup Software
2007-11-27 11:41 --------- d-----w C:\Documents and Settings\Terry Bell\Application Data\EbkReader
2007-11-25 10:00 --------- d-----w C:\Program Files\BitComet
2007-11-24 20:03 --------- d-----w C:\Documents and Settings\Terry Bell\Application Data\InfraRecorder
2007-11-17 20:29 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-16 10:05 --------- d-----w C:\Program Files\SymplisIT
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 19:43 172,032 ----a-w C:\WINDOWS\system32\cncs32.dll
2007-11-07 10:45 --------- d-----w C:\Program Files\Skype
2007-11-07 10:45 --------- d-----w C:\Program Files\Common Files\Skype
2007-11-07 10:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-11-06 13:10 --------- d-----w C:\Documents and Settings\Terry Bell\Application Data\Inkscape
2007-11-06 09:50 --------- d-----w C:\Documents and Settings\Terry Bell\Application Data\Ulead Systems
2007-11-06 09:24 --------- d-----w C:\Program Files\Windows Media Components
2007-11-06 09:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-11-06 09:22 --------- d-----w C:\Program Files\Ulead Systems
2007-11-06 09:22 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-11-06 09:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-06 09:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-11-04 12:01 --------- d-----w C:\Program Files\AutoPlay Express 4.5
2007-10-31 18:06 3,491 ----a-w C:\setup_aim6.exe
2007-10-31 18:05 3,491 ----a-w C:\wr-1-312.exe
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:32 817,664 ---h--w C:\WINDOWS\system32\wodfamoh.dll
2007-10-28 12:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-10-28 12:54 --------- d-----w C:\Program Files\mlt
2007-10-28 12:54 --------- d-----w C:\Program Files\Jahshaka
2007-10-28 12:54 --------- d-----w C:\Program Files\gtk2
2007-10-28 12:52 --------- d-----w C:\Program Files\FriendAdder Combo Pack
2007-10-28 12:49 --------- d-----w C:\Program Files\VstPlugins
2007-10-28 12:48 --------- d-----w C:\Program Files\Image-Line
2007-10-28 12:48 --------- d-----w C:\Program Files\clickclock
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-26 09:43 29,363 ----a-w C:\is68197.exe
2007-10-26 09:43 111,695 ----a-w C:\eLibo2291.exe
2007-10-19 08:52 958,464 ---h--w C:\WINDOWS\system32\wodfamop.dll
2007-09-28 12:42 2,790,976 ----a-w C:\WINDOWS\system32\GPhotos.scr
2006-10-03 18:21 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-24 21:04 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 05:07]
"SDAutoScan"="C:\Program Files\SpywareDetector\SpywareDetector.exe" [2007-12-12 20:29]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [2007-12-24 17:28]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 2007-12-06 11:41 167936 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 03:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVStation Premium 3.7]
2006-01-09 19:04 131072 --a------ C:\Program Files\Samsung\AVStation Premium 3.7\AVSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BatteryManager]
2005-12-21 00:53 2764800 --a------ C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKeyboard]
2005-04-11 21:01 151552 --a------ C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManagementCenter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 04:24 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestoreIT!]
   C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE VBStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
   C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
   C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions

R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.sys [2004-05-18 05:43]
R2 DOSMEMIO;MEMIO;C:\WINDOWS\system32\MEMIO.SYS [2005-12-28 17:58]
R2 FBAPI;FBAPI;C:\WINDOWS\system32\drivers\FBAPI.sys [2004-05-18 05:43]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 05:07]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-05-04 09:27]
R2 SNM WLAN Service;SNM WLAN Service;"C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe" [2005-05-28 16:35]
R2 SRS_PostInstaller;SRS PostInstaller Service;"C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe" [2005-11-28 20:06]
R2 StkASSrv;Syntek STK1160 Service;C:\WINDOWS\System32\StkASv2K.exe [2006-05-23 23:49]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]
R3 wowfilter;WOW XT Filter Driver;C:\WINDOWS\system32\drivers\wowfilter.sys [2005-11-28 20:06]
S3 ADDMEM;ADDMEM;C:\WINDOWS\TEMP\__Samsung_Update\ADDMEM.SYS []
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 CW50;CW50 Device;C:\WINDOWS\system32\DRIVERS\CW50.sys []
S3 SDVC05;USB SDVC05;C:\WINDOWS\system32\Drivers\SDVC05.sys [2003-07-22 18:50]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys []
S3 StkAMini;Syntek STK1160;C:\WINDOWS\system32\Drivers\StkAMini.sys [2006-11-15 17:32]
S3 StkScan;Syntek STK1160 Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys [2006-06-27 18:27]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 20:48:12 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-24 21:06:04 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Terry Bell.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
"2007-12-28 20:45:28 C:\WINDOWS\Tasks\RegCure Program Check.job"
- F:\My Documents 2\Programs\RegCure\RegCure.exe
"2007-12-19 10:36:47 C:\WINDOWS\Tasks\RegCure.job"
- F:\My Documents 2\Programs\RegCure\RegCure.exe
"2007-12-27 13:38:38 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
"2007-12-28 20:39:59 C:\WINDOWS\Tasks\User_Feed_Synchronization-{0DEB379A-FD3B-493F-8F5D-16471D2FB2A6}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 20:47:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-28 20:49:35 - machine was rebooted
.
2007-12-24 22:56:20 --- E O F ---

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 12-28-2007 12:51 (GMT +1)

Hi stewart1 cool

Please download Free Version of Superantispyware

http://www.superantispyware.com/superantispywarefreevspro.html

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.

Start Superantispyware.

Hit - Scan Your Computer - button

Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,

it will scan now. When scan have finished, put a checkmark with all items it found. Next, after cleaning, allow it to Reboot

Start Superantispyware again –

Click Preferences and then click the statistics/logs tab.

Click the dated log and press view log and a text file will appear.

Post this log along with fresh hijackthis log, and tell how things are running ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Forum Information

Currently it is Saturday, November 21, 2009 9:46 AM (GMT +1)
There are a total of 73.028 posts in 17.116 threads.
In the last 3 days there were 14 new threads and 69 reply posts. View Active Threads