Internet explorer redirected

[mopy]

Hi This worked there was nothing in the results window but after reboot this report was on the desk top.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver epmntdrv deleted successfully.
========== REGISTRY ==========
========== FILES ==========
c:\windows\system32\epmntdrv.sys moved successfully.
c:\windows\system32\CF11275.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\E6VJ7KTF\index[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\039389a7-7af1-4b4e-a0e7-49b101e85d73.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_58c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_628.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05312009_203456

Files moved on Reboot...
C:\DOCUME~1\User\LOCALS~1\Temp\WCESLog.log moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\E6VJ7KTF\index[2].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
C:\WINDOWS\temp\039389a7-7af1-4b4e-a0e7-49b101e85d73.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_58c.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_628.dat moved successfully.
Thanks Kevin.

[evilfantasy]

OK now delete ComboFix and download a new copy then try running it again.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[mopy]

Hi.
It still do not work i did just as you said.
Kevin.

[evilfantasy]

Download and install SUPERAntiSpyware Free for Home Users

* Start SUPERAntiSpyware and click Check for updates[/list]If you encounter any problems while downloading the updates, manually download and unzip them from here

* Once the update is finished, on the main screen, click Scan your computer
* Check Perform Complete Scan
* Click Next to start the scan.

* When finished SUPERAntiSpyware will list all the infections found.
* Make sure everything found has a check next to it and press Next
* Then click Finish

- It is possible that the SUPERAntiSpyware asks to reboot the PC in order to delete some files, please do so.
 
Locate the SUPERAntiSpyware log as follows:

* Click: Preferences
* Click the Statistics/Logs tab
* Under Scanner Logs, double-click SUPERAntiSpyware Scan Log
* The log will open in your default text editor (such as Notepad)
* Post the SUPERAntiSpyware log in your reply.

[mopy]

Superantispywere installs but says it has encountered a problem and mut close.
Kevin.

[evilfantasy]

We seem to be going backwards here.

Download RegQuery by Noviciate to your desktop

• Copy the following registry keypath.

Code: [Select]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

• Double click RegQuery.exe to run the program
  
• Paste the text you have copied using CRTL and V, into the textbox
  
• Click the Query button
  
• A Notepad file will open. Please paste the contents in your next reply
• You may now close the RegQuery program.

[mopy]

Hi evilfantasy here is the log.
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"vidc.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iyuv"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"vidc.uyvy"="msyuv.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvu9"="tsbyuv.dll"
"vidc.yvyu"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.iac2"="C:\\WINDOWS\\system32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="C:\\WINDOWS\\system32\\l3codeca.acm"
"wave1"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"aux"="wdmaud.drv"
"VIDC.ACDV"="ACDV.dll"
"MSACM.CEGSM"="mobilev.acm"
"msacm.voxacm160"="vct3216.acm"
"msacm.scg726"="scg726.acm"
"msacm.alf2cd"="alf2cd.acm"
"msacm.ac3acm"="AC3ACM.acm"
"vidc.dvsd"="mcdvd_32.dll"
"vidc.xvid"="xvidvfw.dll"
"vidc.DIVX"="DivX.dll"
"vidc.mpg4"="mpg4c32.dll"
"vidc.mp42"="mpg4c32.dll"
"vidc.mp43"="mpg4c32.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"mixer"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"

Your time is apprecated Kevin.

[evilfantasy]

Open Malwarebytes' Anti-Malware.

• Click the Update tab.
• Click Check for Updates
  
• If an update is found, it will download and install.
• Click the Scanner tab.
  
• Select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy & Paste the entire report in your next reply along with a fresh HijackThis log.

.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[mopy]

Good evening.
The scan found nothing i include log.
Hijack this will not open on this computer ,i have tried again but no joy.
Kevin.
mbam-log-2009-06-01 (18-14-13).txt

Scan type: Quick Scan
Objects scanned: 99749
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[evilfantasy]

* Download and run the following file to repair file and registry permissions: fixacl.exe

Download FixPolicies.exe by Bill Castner

Double-click FixPolicies.exe.
Click the Install button on the bottom toolbar of the box that will open.
The program will create a new Folder called FixPolicies.
Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd
A black box will briefly appear and then close.
Restart the computer so the changes can take effect.

----------

Now try running HijackThis again.

[mopy]

Hi
Hijack this still not working have downloaded afresh but no go.
Two files have appeared on the desktop, thumbs .db and %userprofile%

[evilfantasy]

Two files have appeared on the desktop, thumbs .db and %userprofile%

That is probably because you have hidden files and folders set to Show.

Try this please.

Download Lop S&D by Eric_71 and save it to your Desktop. Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. If needed see: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click LopSD.exe - If you are using Windows Vista, right-click on the LopSD icon and select Run as administrator to perform this scan.

• Choose the language by typing of the corresponding letter and press Enter
• Click OK at the informative window
  
• Type 1, to choose Option 1 (Search) then press Enter
  
• Wait until the end of the scan
• A report will be generated, post the contents of it in your next reply.

A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt

[mopy]

This worked ok here is the log.

   --------------------\\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : User ( Administrator )
   BOOT : Normal boot
   Antivirus : AVG Anti-Virus 8.5 (Not Activated)
   A:\ (USB)
   C:\ (Local Disk) - NTFS - Total:87 Go (Free:23 Go)
   D:\ (CD or DVD)
   E:\ (CD or DVD)
   F:\ (USB)
   G:\ (USB)
   H:\ (Local Disk) - NTFS - Total:98 Go (Free:85 Go)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [1] ( 01/06/2009|19:52 )
 
   --------------------\\  Listing folders in APPLIC~1

   [06/04/2007|17:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [09/04/2009|17:42] C:\DOCUME~1\ADMINI~1.BAS\APPLIC~1\Microsoft
   [04/11/2008|21:12] C:\DOCUME~1\ADMINI~1.BAS\APPLIC~1\Spearit
   [04/10/2008|13:18] C:\DOCUME~1\ADMINI~1.BAS\APPLIC~1\WinCare2008


   [12/05/2007|16:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\4p-r9-67-55-p3-26
   [18/08/2007|09:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\55-66-54-16-s6-0o
   [12/05/2007|20:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\96-05-46-2p-3p-r9
   [16/05/2007|19:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
   [14/05/2009|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [06/04/2007|10:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
   [21/04/2008|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
   [11/05/2007|17:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [28/03/2009|22:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avanquest
   [30/05/2009|14:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
   [22/06/2008|17:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
   [28/03/2009|22:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
   [22/04/2007|07:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [21/10/2008|06:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Documents
   [29/02/2008|20:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [11/11/2008|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD X Studios
   [15/01/2008|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
   [31/10/2008|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [02/09/2008|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
   [31/10/2008|10:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
   [31/10/2008|10:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
   [31/10/2008|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HPSSUPPLY
   [10/05/2007|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
   [01/06/2009|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
   [30/05/2009|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
   [27/07/2007|05:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft(2)
   [30/05/2009|21:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [09/01/2009|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memory-Map-License
   [04/11/2008|18:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [21/04/2008|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
   [07/03/2009|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
   [14/05/2009|18:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
   [05/04/2007|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
   [12/04/2007|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Quest
   [12/06/2008|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
   [10/12/2007|19:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Softdisk LLC
   [04/11/2008|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spearit
   [03/04/2009|19:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
   [14/02/2009|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [08/04/2008|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TreeCardGames
   [22/06/2008|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
   [22/06/2008|19:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
   [02/09/2008|19:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
   [14/04/2007|07:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [17/12/2008|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
   [19/09/2008|18:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
   [11/11/2008|22:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\XOOM

   [16/05/2009|18:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
   [22/04/2008|19:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
   [04/11/2008|21:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Spearit

   [07/06/2008|21:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\Acronis
   [02/04/2008|05:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
   [30/05/2009|05:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
   [09/04/2009|17:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [09/04/2009|17:42] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [11/05/2007|17:34] C:\DOCUME~1\User\APPLIC~1\ACD Systems
   [14/05/2009|18:38] C:\DOCUME~1\User\APPLIC~1\Adobe
   [16/08/2007|17:34] C:\DOCUME~1\User\APPLIC~1\AdobeUM
   [07/04/2007|08:48] C:\DOCUME~1\User\APPLIC~1\Ahead
   [18/11/2007|15:38] C:\DOCUME~1\User\APPLIC~1\Alien Skin
   [15/08/2007|16:45] C:\DOCUME~1\User\APPLIC~1\Andrex Puppy
   [25/05/2007|07:03] C:\DOCUME~1\User\APPLIC~1\Apple Computer
   [28/03/2009|22:02] C:\DOCUME~1\User\APPLIC~1\Avanquest
   [22/06/2008|17:16] C:\DOCUME~1\User\APPLIC~1\AVS4YOU
   [22/06/2008|18:07] C:\DOCUME~1\User\APPLIC~1\AVSMedia
   [22/04/2007|07:56] C:\DOCUME~1\User\APPLIC~1\CyberLink
   [19/08/2007|08:47] C:\DOCUME~1\User\APPLIC~1\DMCache
   [13/05/2007|17:50] C:\DOCUME~1\User\APPLIC~1\EPSON
   [29/03/2009|08:15] C:\DOCUME~1\User\APPLIC~1\EurekaLog
   [21/04/2007|09:05] C:\DOCUME~1\User\APPLIC~1\fltk.org
   [29/11/2007|18:19] C:\DOCUME~1\User\APPLIC~1\FontHit
   [29/03/2008|16:22] C:\DOCUME~1\User\APPLIC~1\GetRightToGo
   [05/04/2007|19:48] C:\DOCUME~1\User\APPLIC~1\Google
   [07/04/2007|18:33] C:\DOCUME~1\User\APPLIC~1\Help
   [06/03/2009|21:11] C:\DOCUME~1\User\APPLIC~1\HideIP
   [08/09/2008|17:23] C:\DOCUME~1\User\APPLIC~1\HP
   [02/09/2008|17:34] C:\DOCUME~1\User\APPLIC~1\HPAppData
   [02/04/2007|11:59] C:\DOCUME~1\User\APPLIC~1\Identities
   [07/04/2007|18:16] C:\DOCUME~1\User\APPLIC~1\ieSpell
   [31/08/2007|18:06] C:\DOCUME~1\User\APPLIC~1\InterTrust
   [06/04/2007|11:04] C:\DOCUME~1\User\APPLIC~1\IsolatedStorage
   [25/07/2007|18:26] C:\DOCUME~1\User\APPLIC~1\Lavasoft
   [06/01/2008|20:31] C:\DOCUME~1\User\APPLIC~1\LimeWire
   [12/08/2007|07:40] C:\DOCUME~1\User\APPLIC~1\LogicWeave Software
   [14/04/2007|18:43] C:\DOCUME~1\User\APPLIC~1\Macromedia
   [08/04/2008|19:40] C:\DOCUME~1\User\APPLIC~1\MahJong Suite
   [30/05/2009|21:10] C:\DOCUME~1\User\APPLIC~1\Malwarebytes
   [02/05/2009|21:38] C:\DOCUME~1\User\APPLIC~1\Microsoft
   [31/07/2007|21:08] C:\DOCUME~1\User\APPLIC~1\Mozilla
   [14/12/2007|23:26] C:\DOCUME~1\User\APPLIC~1\Nero
   [21/04/2007|21:32] C:\DOCUME~1\User\APPLIC~1\Opera
   [26/12/2007|13:14] C:\DOCUME~1\User\APPLIC~1\SecuROM
   [13/02/2009|19:08] C:\DOCUME~1\User\APPLIC~1\Simply Super Software
   [04/11/2008|21:12] C:\DOCUME~1\User\APPLIC~1\Spearit
   [02/08/2007|17:21] C:\DOCUME~1\User\APPLIC~1\Sun
   [10/05/2008|16:39] C:\DOCUME~1\User\APPLIC~1\SUPERAntiSpyware.com
   [03/04/2009|19:04] C:\DOCUME~1\User\APPLIC~1\Symantec
   [17/01/2009|17:53] C:\DOCUME~1\User\APPLIC~1\U3
   [25/06/2008|20:58] C:\DOCUME~1\User\APPLIC~1\Vso
   [27/07/2008|10:46] C:\DOCUME~1\User\APPLIC~1\WinCare2008
   [05/04/2007|19:28] C:\DOCUME~1\User\APPLIC~1\WinRAR
 
   --------------------\\  Scheduled Tasks located in C:\WINDOWS\Tasks

   [01/06/2009 11:01][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
   [01/06/2009 11:01][--ah-----] C:\WINDOWS\tasks\SA.DAT
   [28/02/2006 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

   --------------------\\  Listing Folders in C:\Program Files

   [01/02/2009|11:21] C:\Program Files\1 Click PC Fix
   [30/05/2009|07:31] C:\Program Files\A1Click Ultra PC Cleaner
   [14/05/2009|18:39] C:\Program Files\Adobe
   [01/06/2009|18:22] C:\Program Files\Advanced Diary
   [25/02/2009|18:53] C:\Program Files\AgataSoft
   [21/04/2008|21:00] C:\Program Files\Ahead
   [18/11/2007|15:25] C:\Program Files\Alien Skin
   [15/08/2007|16:44] C:\Program Files\Andrex Puppy
   [14/11/2007|22:28] C:\Program Files\Astro Gemini Software
   [02/02/2009|07:44] C:\Program Files\Atomic Clock Sync
   [18/02/2009|18:11] C:\Program Files\audiograbber
   [28/03/2009|21:56] C:\Program Files\Avanquest
   [31/08/2007|17:07] C:\Program Files\AvantGo Connect
   [23/11/2008|08:01] C:\Program Files\AVG
   [22/06/2008|18:40] C:\Program Files\AVSMedia
   [24/04/2007|07:36] C:\Program Files\Backup
   [27/07/2007|05:53] C:\Program Files\BearSharePro
   [01/05/2007|20:40] C:\Program Files\Bodrag
   [10/11/2007|23:21] C:\Program Files\Bonjour
   [30/05/2009|17:17] C:\Program Files\CCleaner
   [31/01/2009|08:36] C:\Program Files\Christmas Time 3D Screensaver
   [24/04/2007|07:49] C:\Program Files\cm2gpx
   [24/04/2007|07:49] C:\Program Files\CmConvert
   [14/05/2009|18:38] C:\Program Files\Common Files
   [02/04/2007|11:49] C:\Program Files\ComPlus Applications
   [24/04/2007|07:54] C:\Program Files\data
   [08/12/2008|19:13] C:\Program Files\Driver Checker
   [01/02/2009|21:33] C:\Program Files\Driver-Soft
   [04/08/2007|19:08] C:\Program Files\DVD Shrink
   [11/11/2008|17:54] C:\Program Files\DVD X Studios
   [04/04/2009|20:33] C:\Program Files\EASEUS
   [30/05/2009|17:14] C:\Program Files\Enigma Software Group
   [11/11/2007|22:05] C:\Program Files\Fantasy Moon 3D Screensaver
   [22/05/2009|21:20] C:\Program Files\File Renamer
   [29/11/2007|18:19] C:\Program Files\FontHit Software
   [12/05/2007|16:21] C:\Program Files\GameHouse
   [31/05/2009|15:19] C:\Program Files\GASK
   [19/04/2008|07:02] C:\Program Files\GetRight
   [31/05/2009|19:39] C:\Program Files\Google
   [17/08/2007|17:59] C:\Program Files\Grisoft
   [26/12/2007|13:14] C:\Program Files\Hasbro
   [31/10/2008|10:04] C:\Program Files\Hewlett-Packard
   [31/10/2008|09:35] C:\Program Files\HP
   [06/04/2007|18:11] C:\Program Files\ieSpell
   [09/01/2008|18:07] C:\Program Files\images
   [28/03/2009|21:57] C:\Program Files\InstallShield Installation Information
   [15/04/2009|22:06] C:\Program Files\Internet Explorer
   [19/10/2007|18:29] C:\Program Files\iPAQ Download Agent
   [19/10/2007|18:36] C:\Program Files\iTRIS
   [31/05/2009|06:50] C:\Program Files\Java
   [19/10/2007|18:38] C:\Program Files\JewelMine
   [18/04/2009|07:19] C:\Program Files\Jigsaw Puzzle Platinum Edition
   [19/10/2007|18:50] C:\Program Files\Kakuro
   [14/10/2008|20:54] C:\Program Files\Kontiki
   [27/11/2008|21:10] C:\Program Files\Lavalys
   [05/05/2008|21:32] C:\Program Files\LogicWeave
   [16/04/2009|20:03] C:\Program Files\LSoft Technologies
   [07/03/2008|18:31] C:\Program Files\Mahjong Fortuna 2 Deluxe
   [08/04/2008|19:39] C:\Program Files\MahJong Suite
   [30/05/2009|21:10] C:\Program Files\Malwarebytes' Anti-Malware
   [29/05/2008|17:00] C:\Program Files\Memory-Map
   [12/01/2008|17:46] C:\Program Files\Messenger
   [30/05/2009|17:13] C:\Program Files\Microsoft ActiveSync
   [28/03/2009|07:45] C:\Program Files\Microsoft AutoRoute
   [19/09/2008|21:59] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [06/04/2007|07:35] C:\Program Files\microsoft frontpage
   [22/05/2007|17:16] C:\Program Files\Microsoft IntelliPoint
   [22/05/2007|17:15] C:\Program Files\Microsoft IntelliPoint 5.5
   [02/02/2009|07:15] C:\Program Files\Microsoft IntelliType Pro
   [01/11/2008|21:10] C:\Program Files\Microsoft IntelliType Pro 5.2
   [26/04/2009|17:41] C:\Program Files\Microsoft Office
   [26/10/2008|11:54] C:\Program Files\Microsoft Works
   [26/04/2009|17:41] C:\Program Files\Microsoft.NET
   [15/10/2007|17:29] C:\Program Files\MobiMate
   [23/04/2009|18:04] C:\Program Files\Moffsoft Calculator 2
   [26/04/2007|18:07] C:\Program Files\Motorola
   [02/04/2007|11:49] C:\Program Files\Movie Maker
   [07/12/2007|18:31] C:\Program Files\MSI
   [02/04/2007|11:48] C:\Program Files\MSN
   [02/04/2007|11:48] C:\Program Files\MSN Gaming Zone
   [27/04/2007|06:58] C:\Program Files\MSXML 4.0
   [02/02/2009|07:14] C:\Program Files\MSXML 6.0
   [14/12/2007|23:24] C:\Program Files\Nero
   [02/04/2007|11:49] C:\Program Files\NetMeeting
   [14/05/2009|18:29] C:\Program Files\NOS
   [02/04/2007|14:39] C:\Program Files\NVIDIA Corporation
   [30/04/2009|21:14] C:\Program Files\Outlook Express
   [19/10/2007|18:52] C:\Program Files\PAQmanP
   [14/06/2007|19:03] C:\Program Files\Paragon Software
   [18/01/2009|08:34] C:\Program Files\PCNetSoftware
   [09/11/2007|18:20] C:\Program Files\Picasa2
   [08/12/2007|09:15] C:\Program Files\Plus!
   [27/10/2007|18:02] C:\Program Files\PopCap Games
   [09/01/2008|18:07] C:\Program Files\QSort2000
   [27/07/2007|05:54] C:\Program Files\QSort2000(2)
   [12/04/2007|20:12] C:\Program Files\Quest
   [11/05/2007|17:31] C:\Program Files\QuickTime
   [17/01/2009|23:00] C:\Program Files\RCLogon
   [01/02/2009|22:35] C:\Program Files\Realtek AC97
   [10/05/2007|22:19] C:\Program Files\ReflexiveArcade
   [21/01/2009|22:41] C:\Program Files\RegistryFix
   [01/06/2009|18:49] C:\Program Files\RegVac Registry Cleaner
   [26/05/2009|19:00] C:\Program Files\ReNamer
   [05/04/2007|18:34] C:\Program Files\SAGEM
   [10/12/2007|21:20] C:\Program Files\Santas Workshop
   [07/04/2007|20:53] C:\Program Files\ScanSoft
   [08/12/2007|09:18] C:\Program Files\Setup Files
   [05/04/2007|19:35] C:\Program Files\Siber Systems
   [09/12/2008|21:50] C:\Program Files\SIW -Technicians v1.71 (Build 636) +Businness License
   [01/02/2009|11:21] C:\Program Files\Spotmau WinCare 2008
   [30/05/2009|17:14] C:\Program Files\SpywareBlaster
   [19/10/2007|18:54] C:\Program Files\SuDokuV2
   [31/05/2009|22:01] C:\Program Files\SUPERAntiSpyware
   [06/01/2008|20:32] C:\Program Files\temp
   [18/04/2008|19:15] C:\Program Files\Tetris 5000
   [05/04/2007|18:26] C:\Program Files\Tiscali Broadband
   [02/05/2009|18:41] C:\Program Files\Top Password
   [31/05/2009|08:28] C:\Program Files\Trend Micro
   [14/02/2009|15:41] C:\Program Files\Trojan Remover
   [02/04/2007|11:59] C:\Program Files\Uninstall Information
   [07/04/2007|18:32] C:\Program Files\UserImages
   [11/07/2008|20:10] C:\Program Files\VideoLAN
   [22/06/2008|19:01] C:\Program Files\VSO
   [19/09/2008|18:41] C:\Program Files\Windows Live
   [09/01/2008|18:07] C:\Program Files\Windows Media Connect 2
   [22/02/2008|23:17] C:\Program Files\Windows Media Player
   [02/04/2007|11:48] C:\Program Files\Windows NT
   [02/04/2007|11:50] C:\Program Files\WindowsUpdate
   [24/11/2008|19:23] C:\Program Files\WinRar
   [17/12/2008|19:16] C:\Program Files\WinZip
   [30/05/2009|15:20] C:\Program Files\ww
   [02/04/2007|11:51] C:\Program Files\xerox
   [11/11/2008|22:01] C:\Program Files\XOOM

   --------------------\\  Listing Folders in C:\Program Files\Common Files

   [16/11/2008|09:45] C:\Program Files\Common Files\Adobe
   [14/05/2009|18:38] C:\Program Files\Common Files\Adobe AIR
   [31/12/2007|09:11] C:\Program Files\Common Files\Adobe Systems Shared
   [21/04/2008|20:50] C:\Program Files\Common Files\Ahead
   [28/03/2009|22:40] C:\Program Files\Common Files\AntiVirus
   [22/06/2008|18:40] C:\Program Files\Common Files\AVSMedia
   [26/04/2009|17:42] C:\Program Files\Common Files\DESIGNER
   [05/04/2007|20:05] C:\Program Files\Common Files\EPSON
   [02/09/2008|17:31] C:\Program Files\Common Files\Hewlett-Packard
   [02/09/2008|17:31] C:\Program Files\Common Files\HP
   [13/05/2007|17:05] C:\Program Files\Common Files\InstallShield
   [02/08/2007|17:24] C:\Program Files\Common Files\Java
   [10/11/2007|23:16] C:\Program Files\Common Files\Macrovision Shared
   [27/04/2009|07:00] C:\Program Files\Common Files\Microsoft Shared
   [26/04/2007|18:07] C:\Program Files\Common Files\Motorola Shared
   [02/04/2007|11:49] C:\Program Files\Common Files\MSSoap
   [04/05/2008|15:35] C:\Program Files\Common Files\Nero
   [02/04/2007|14:39] C:\Program Files\Common Files\NVIDIA Shared
   [02/04/2007|12:17] C:\Program Files\Common Files\ODBC
   [12/04/2007|20:12] C:\Program Files\Common Files\Quest
   [02/04/2007|11:49] C:\Program Files\Common Files\Services
   [02/04/2007|12:17] C:\Program Files\Common Files\SpeechEngines
   [03/04/2009|19:46] C:\Program Files\Common Files\Symantec Shared
   [26/04/2009|17:41] C:\Program Files\Common Files\System
   [19/09/2008|18:41] C:\Program Files\Common Files\WindowsLiveInstaller
   [31/05/2009|22:01] C:\Program Files\Common Files\Wise Installation Wizard

   --------------------\\  Process

   ( 51 Processes )

   IEXPLORE.EXE ~ [PID:3696]

   --------------------\\  Searching with S_Lop

   No Lop folder found !
 
   --------------------\\  Searching for Lop Files - Folders

   C:\DOCUME~1\User\Cookies\user@advertising[1].txt
 
   --------------------\\  Searching within the Registry
 
   ..... OK !

   --------------------\\  Checking the Hosts file

   Hosts file CLEAN


   --------------------\\  Searching for hidden files with Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-06-01 19:53:05
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   disk error: C:\WINDOWS\System32\
   please note that you need administrator rights to perform deep scan
 
   --------------------\\  Searching for other infections

   --------------------\\  Cracks & Keygens ..

   C:\DOCUME~1\User\Desktop\Favorites\Serials\keygen.in Snowflake Screen Saver 3.0 keygen.url
   C:\DOCUME~1\User\Desktop\Favorites\Serials\PROGRAMZ - retail software for download, no cracks or warez.url
   C:\DOCUME~1\User\Desktop\Favorites\Serials\PROMODDL - Alien skin FULL WAREZ APPZ GAMES MOVIES TORRENTS CRACKS SERIALS RAPIDSHARE.url
   C:\DOCUME~1\User\Desktop\New Folder\1.Click.PC.Fix\crack.1.Click.PC.Fix.3.5
   C:\DOCUME~1\User\Desktop\New Folder\KEVIN\Favorites\Serials\keygen.in Snowflake Screen Saver 3.0 keygen.url
   C:\DOCUME~1\User\Desktop\New Folder\KEVIN\Favorites\Serials\PROGRAMZ - retail software for download, no cracks or warez.url
   C:\DOCUME~1\User\Desktop\New Folder\KEVIN\Favorites\Serials\PROMODDL - Alien skin FULL WAREZ APPZ GAMES MOVIES TORRENTS CRACKS SERIALS RAPIDSHARE.url
   C:\DOCUME~1\User\Desktop\New Folder\KEVIN\Favorites\Serials\REG Full Warez Downloads - REG serial, REG crack, REG full torrent, REG+searial+crack.rar.url
   C:\DOCUME~1\User\Desktop\New Folder\New Disc\Favorites\Serials\keygen.in Snowflake Screen Saver 3.0 keygen.url
   C:\DOCUME~1\User\Desktop\New Folder\New Disc\Favorites\Serials\PROGRAMZ - retail software for download, no cracks or warez.url
   C:\DOCUME~1\User\Desktop\New Folder\New Disc\Favorites\Serials\PROMODDL - Alien skin FULL WAREZ APPZ GAMES MOVIES TORRENTS CRACKS SERIALS RAPIDSHARE.url
   C:\DOCUME~1\User\Desktop\New Folder\New Disc\Favorites\Serials\REG Full Warez Downloads - REG serial, REG crack, REG full torrent, REG+searial+crack.rar.url
   C:\DOCUME~1\User\Desktop\New Folder\RenameMaestro 2.5.2 - Upload_KiNg\keygen.exe
   C:\DOCUME~1\User\My Documents\Adobe\Adobe Photoshop CS2\Adobe.PhotoShop.CS2.KeyGen-PANTHEON.rar
   C:\DOCUME~1\User\My Documents\New Disc\AI.Roboform.Pro.v6.9.88\Crack
   C:\DOCUME~1\User\My Documents\New Disc\AI.Roboform.Pro.v6.9.88\Crack\roboform.dll
   C:\DOCUME~1\User\My Documents\New Disc\Favorites\Serials\keygen.in Snowflake Screen Saver 3.0 keygen.url
   C:\DOCUME~1\User\My Documents\New Disc\Favorites\Serials\PROGRAMZ - retail software for download, no cracks or warez.url
   C:\DOCUME~1\User\My Documents\New Disc\Favorites\Serials\PROMODDL - Alien skin FULL WAREZ APPZ GAMES MOVIES TORRENTS CRACKS SERIALS RAPIDSHARE.url
   C:\DOCUME~1\User\My Documents\New Disc\Favorites\Serials\REG Full Warez Downloads - REG serial, REG crack, REG full torrent, REG+searial+crack.rar.url
   C:\DOCUME~1\User\My Documents\Set ups\VSO_ConvertXtoDVD_3.1.0.26___Keygen.rar
   C:\DOCUME~1\User\My Documents\Set ups\AI.Roboform.Pro.v6.9.88\Crack
   C:\DOCUME~1\User\My Documents\Set ups\AI.Roboform.Pro.v6.9.88\Crack\roboform.dll
   C:\DOCUME~1\User\My Documents\Set ups\Alien Skin Blow Up 1.0 for Adobe Photoshop\CyberCrack.nfo
   C:\DOCUME~1\User\My Documents\Set ups\MOVER\keygen.exe
   C:\DOCUME~1\User\My Documents\Set ups\O&O Defrag Professional 11.5.4065 x86\Keygen
   C:\DOCUME~1\User\My Documents\Set ups\O&O Defrag Professional 11.5.4065 x86\Keygen\CORE.NFO
   C:\DOCUME~1\User\My Documents\Set ups\O&O Defrag Professional 11.5.4065 x86\Keygen\CORE10k.EXE
   C:\DOCUME~1\User\My Documents\Set ups\O&O Defrag Professional 11.5.4065 x86\Keygen\file_id.diz
   C:\DOCUME~1\User\My Documents\Set ups\Sherrod_File_Renamer_Deluxe_v5.0_Oxava.com\Crack
   C:\DOCUME~1\User\My Documents\Set ups\Sherrod_File_Renamer_Deluxe_v5.0_Oxava.com\Crack\Keygen.exe
   C:\DOCUME~1\User\My Documents\Set ups\SpyHunter_Security_Suite_3.4.9\Crack
   C:\DOCUME~1\User\My Documents\Set ups\SpyHunter_Security_Suite_3.4.9\Crack\def.dat
   C:\DOCUME~1\User\My Documents\Set ups\SpyHunter_Security_Suite_3.4.9\Crack\MKDEV TEAM.nfo
   C:\DOCUME~1\User\My Documents\ZZZZ\New Disc\AI.Roboform.Pro.v6.9.88\Crack
   C:\DOCUME~1\User\My Documents\ZZZZ\New Disc\AI.Roboform.Pro.v6.9.88\Crack\roboform.dll
   C:\DOCUME~1\User\My Documents\ZZZZ\WinZip 12.0\Crack+Serial
   C:\DOCUME~1\User\My Documents\ZZZZ\WinZip 12.0\Crack+Serial\Serialkey.txt
   C:\DOCUME~1\User\My Documents\ZZZZ\WinZip 12.0\Crack+Serial\WinZip_12_Keygen.exe


   [F:24][D:1]-> C:\DOCUME~1\User\LOCALS~1\Temp
   [F:102][D:0]-> C:\DOCUME~1\User\Cookies
   [F:4526][D:9]-> C:\DOCUME~1\User\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 01/06/2009|19:53 - Option : [1]

   --------------------\\  Scan completed at 19:53:36

[evilfantasy]

Remove all of the Cracks & Keygens, that is almost 100% likely where the problems came from, then run this next step.

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.

Double click LopSD.exe - If you are using Windows Vista, right-click on the LopSD icon and select Run as administrator to perform this scan.

• Choose the language by typing of the corresponding letter and press Enter
  
• Click OK at the informative window.
  
• Type 2 to choose Option 2 (Delete with Hosts File Restore), then press Enter
  
• Wait until the end of the scan.
• A report will be generated, post the contents of it in your next reply.

.
After removing the cracks and restarting the computer try running ComboFix again.

[mopy]

Hi
Removed all files problem still exist.
Combofix still not working.
Hijackthis still not working.
I have put the 2 files on the desktop in the windows file.
Thanks Kevin.