Just a quick question

[iainmac]

Hi,

my computer was infected with the "bug screensaver" virus that is mentioned frequently in this forum.

I ran all of the various scans which you advise in your "read this before posting ..." thread and my computer now works fine.

Is the problem now fixed or is there something else I need to do?

Thanks,

Iain

[Broni]

We'd have to see all logs to answer your question.

[iainmac]

Right oh, here they are:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/30/2008 at 03:37 PM

Application Version : 4.1.1046

Core Rules Database Version : 3471
Trace Rules Database Version: 1462

Scan type       : Complete Scan
Total Scan Time : 00:38:39

Memory items scanned      : 458
Memory threats detected   : 5
Registry items scanned    : 4431
Registry threats detected : 29
File items scanned        : 63941
File threats detected     : 270

Trojan.Vundo-Variant/Small-GEN
   C:\WINDOWS\SYSTEM32\DDCYQRSP.DLL
   C:\WINDOWS\SYSTEM32\DDCYQRSP.DLL

Adware.Vundo Variant/Resident
   C:\WINDOWS\SYSTEM32\WVULLIYP.DLL
   C:\WINDOWS\SYSTEM32\WVULLIYP.DLL

Trojan.Downloader-Oreon-A/Resident
   C:\WINDOWS\RESOURCES\KERNELCD.DLL
   C:\WINDOWS\RESOURCES\KERNELCD.DLL

Trojan.Unclassified/PrintSrv32
   C:\WINDOWS\SYSTEM32\CTFMONA.EXE
   C:\WINDOWS\SYSTEM32\CTFMONA.EXE
   [ctfmona] C:\WINDOWS\SYSTEM32\CTFMONA.EXE

Trojan.Downloader-AntiViirus
   C:\PROGRAM FILES\ANTIVIIRUS.EXE
   C:\PROGRAM FILES\ANTIVIIRUS.EXE
   [antiviirus] C:\PROGRAM FILES\ANTIVIIRUS.EXE
   HKLM\Software\Microsoft\Windows\CurrentVersion\Run#antiviirus [ C:\Program Files\antiviirus.exe ]

Adware.Vundo-Variant
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EAC41B-0996-4BD0-A3AD-3B48430FC31E}
   HKCR\CLSID\{92EAC41B-0996-4BD0-A3AD-3B48430FC31E}
   HKCR\CLSID\{92EAC41B-0996-4BD0-A3AD-3B48430FC31E}\InprocServer32
   HKCR\CLSID\{92EAC41B-0996-4BD0-A3AD-3B48430FC31E}\InprocServer32#ThreadingModel

Trojan.Vundo-Variant/Small
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BC53E890-2693-4906-B6BD-BC2E293079F0}
   HKCR\CLSID\{BC53E890-2693-4906-B6BD-BC2E293079F0}
   HKCR\CLSID\{BC53E890-2693-4906-B6BD-BC2E293079F0}\InprocServer32
   HKCR\CLSID\{BC53E890-2693-4906-B6BD-BC2E293079F0}\InprocServer32#ThreadingModel
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{BC53E890-2693-4906-B6BD-BC2E293079F0}
   Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ddcYqrsP
   C:\WINDOWS\SYSTEM32\HOCLLMIW.DLL

[iainmac]

Adware.Tracking Cookie
   C:\Documents and Settings\Iain\Cookies\iain@overture[2].txt
   C:\Documents and Settings\Iain\Cookies\iain@hornymatches[2].txt
   C:\Documents and Settings\Iain\Cookies\iain@doubleclick[1].txt
   C:\Documents and Settings\Iain\Cookies\iain@imrworldwide[2].txt
   C:\Documents and Settings\Kirsty\Cookies\[email protected][2].txt
   C:\Documents and Settings\Kirsty\Cookies\[email protected][3].txt
   C:\Documents and Settings\Kirsty\Cookies\[email protected][1].txt
   C:\Documents and Settings\Kirsty\Cookies\[email protected][2].txt
   C:\Documents and Settings\Kirsty\Cookies\kirsty@advertising[1].txt
   C:\Documents and Settings\Kirsty\Cookies\[email protected][1].txt
   C:\Documents and Settings\Kirsty\Cookies\[email protected][1].txt
   C:\Documents and Settings\Kirsty\Cookies\kirsty@atdmt[1].txt
   C:\Documents and Settings\Kirsty\Cookies\kirsty@doubleclick[1].txt
   C:\Documents and Settings\Kirsty\Cookies\[email protected][1].txt
   C:\Documents and Settings\Kirsty\Cookies\kirsty@imrworldwide[2].txt
   C:\Documents and Settings\Kirsty\Cookies\kirsty@mediaplex[2].txt
   C:\Documents and Settings\Kirsty\Cookies\kirsty@overture[2].txt
   C:\Documents and Settings\Kirsty\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@247realmedia[2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@2o7[2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@adbrite[2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@adecn[2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@adinterax[1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@adlegend[2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@adrevolver[2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@adtech[2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@advertising[1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@adviva[2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@apmebf[2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@atdmt[2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@atwola[1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@azjmp[1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@bfast[2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@bizrate[1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@bluestreak[2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@burstnet[1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@casalemedia[2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@centralmediaserver[2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@clickbank[1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@clickinks[1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@collective-media[2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@dealtime[1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@doubleclick[2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   

[iainmac]

C:\Documents and Settings\Susanne\Cookies\susanne@fastclick[2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@findaproperty[2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@findarticles[1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@hitbox[1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@imrworldwide[2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@indexstats[1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@insightexpressai[2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@keywordmax[1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@kontera[2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@mediaplex[2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@mediataskmaster[2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@mediauk[2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@overture[1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@partner2profit[1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@popularscreensavers[1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@pro-market[1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@propertyfinder[1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@questionmarket[1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@revsci[1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@roiservice[1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][3].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][3].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][4].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][3].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@serving-sys[2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@smileycentral[1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@specificclick[2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@statcounter[2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@tacoda[2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@toplist[1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@tradedoubler[1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@tribalfusion[1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@tripod[2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@ukaccommodationfinder[1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@ukpubfinder[2].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@windowsmedia[1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][10].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][11].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][2].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][3].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][4].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][5].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][6].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][7].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][8].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][9].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@xiti[1].txt
   C:\Documents and Settings\Susanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\Susanne\Cookies\susanne@zedo[1].txt

Adware.E404 Helper/Hij
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
   HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
   HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
   HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
   HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
   HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

Adware.Zango/ShoppingReport
   HKU\S-1-5-21-1935655697-1682526488-839522115-1004\Software\ShoppingReport
   C:\Documents and Settings\Iain\Application Data\ShoppingReport\cs\Config.xml
   C:\Documents and Settings\Iain\Application Data\ShoppingReport\cs\db\Aliases.dbs
   C:\Documents and Settings\Iain\Application Data\ShoppingReport\cs\db\Sites.dbs
   C:\Documents and Settings\Iain\Application Data\ShoppingReport\cs\db
   C:\Documents and Settings\Iain\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
   C:\Documents and Settings\Iain\Application Data\ShoppingReport\cs\dwld
   C:\Documents and Settings\Iain\Application Data\ShoppingReport\cs\report\aggr_storage.xml
   C:\Documents and Settings\Iain\Application Data\ShoppingReport\cs\report\send_storage.xml
   C:\Documents and Settings\Iain\Application Data\ShoppingReport\cs\report
   C:\Documents and Settings\Iain\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
   C:\Documents and Settings\Iain\Application Data\ShoppingReport\cs\res1
   C:\Documents and Settings\Iain\Application Data\ShoppingReport\cs
   C:\Documents and Settings\Iain\Application Data\ShoppingReport

Adware.Vundo Variant/Rel
   HKLM\SOFTWARE\Microsoft\aoprndtws
   HKLM\SOFTWARE\Microsoft\FCOVM
   HKLM\SOFTWARE\Microsoft\RemoveRP
   HKU\S-1-5-21-1935655697-1682526488-839522115-1004\Software\Microsoft\rdfa

Adware.E404 Helper/Variant-C
   C:\WINDOWS\SYSTEM32\818646\818646.DLL

Trojan.Unknown Origin
   C:\WINDOWS\SYSTEM32\CTFMONB.BMP



                             

[iainmac]

Malwarebytes' Anti-Malware 1.14
Database version: 800

16:17:01 30/05/2008
mbam-log-5-30-2008 (16-17-01).txt

Scan type: Quick Scan
Objects scanned: 55455
Time elapsed: 13 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54192079-8e8a-43d8-bcbc-3874916159af} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\818646 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kirsty\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kirsty\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kirsty\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kirsty\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kirsty\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kirsty\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\tmp0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\tmp1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\tmp2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Iain\Local Settings\Temp\rbnpsrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kirsty\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kirsty\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kirsty\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kirsty\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kirsty\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kirsty\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kirsty\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kirsty\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kirsty\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Iain\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Iain\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

[iainmac]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:16, on 30/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1935655697-1682526488-839522115-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205523236343
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: KernelCD - {ed9f547e-7725-46f4-a938-95c4abb21edf} - C:\WINDOWS\Resources\KernelCD.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device -   - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe

--
End of file - 7641 bytes

[Broni]

Go Start>Run, type in:
cmd
Click OK.

At Command Prompt, type in:
sc stop FreezeScreenSaver
Hit Enter.

Type in:
sc delete FreezeScreenSaver
Hit Enter.

Restart in Safe Mode (keep tapping F8 key until menu appears).
Delete FreezeScreenSaver.exe file from C:\WINDOWS\system32

Restart in Normal Mode.
Post fresh HJT log.

[iainmac]

Thanks Broni, I really appreciate your help.

Here is the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:56, on 30/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1935655697-1682526488-839522115-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205523236343
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: KernelCD - {ed9f547e-7725-46f4-a938-95c4abb21edf} - C:\WINDOWS\Resources\KernelCD.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device -   - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe

--
End of file - 7413 bytes

[Broni]

You're welcome

Your computer is clean

1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version.
Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html.
Run CCleaner.

2. Turn off System Restore:

- Windows XP:
   1. Click Start.
   2. Right-click the My Computer icon, and then click Properties.
   3. Click the System Restore tab.
   4. Check "Turn off System Restore".
   5. Click Apply.   
   6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
   7. Click OK.
- Windows Vista:
   1. Click Start.
   2. Right-click the Computer icon, and then click Properties.
   3. Click on System Protection under the Tasks column on the left side
   4. Click on Continue on the "User Account Control" window that pops up
   5. Under the System Protection tab, find Available Disks
   6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
   7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
   8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Download, and install free version of ThreatFire: http://www.threatfire.com/. It'll give you an extra protection against malwares. It won't interfere with your antivirus program

6. Read So how did I get infected in the first place?: http://www.castlecops.com/postlite7736-.html

7. Let me know, how your computer is doing.

[iainmac]

Thanks for all your help.

You're a true gent!

Iain

[Broni]

Thank you

[iainmac]

Hello again!

when I started my computer today I noticed that when I press CTRL+ALT+DLT I get the following message:

"Task manager has been disabled by your administrator"

I found a previous post with the same problem and ran the Restrictions Removal Tool which you recommended, but it has not helped.

Any ideas??

[Broni]

Try here: http://www.pchell.com/support/taskmanagerdisabled.shtml

[iainmac]

That worked a treat!  I'm back in business.

Thank you once again, kind sir!