Strange music playing on my speakers. WMP being tampered with

combofix:

"Owner" - 07-01-18 17:13:01 Service Pack 2
ComboFix 07-01-12 - Running from: "C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Desktop "

((((((((((((((((((((((((((((((( Files Created from 2006-12-18 to 2007-01-18 ))))))))))))))))))))))))))))))))))


2007-01-12 22:22 54,845 --a------ C:\WINDOWS\system32\newtrafficsector-remove.exe
2007-01-12 17:27 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-12 17:27 <DIR> d-------- C:\Program Files\Grisoft
2007-01-12 15:31 <DIR> d-------- C:\HJT
2007-01-07 18:15 36,864 --a------ C:\WINDOWS\system32\wbhllyjd.exe
2006-12-31 16:02 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\Morpheus
2006-12-31 16:00 <DIR> d-------- C:\Program Files\Morpheus


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-18 16:39 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-18 13:33 -------- d-------- C:\Program Files\mozilla firefox
2007-01-12 22:20 0 --a------ C:\DOCUME~1\OWNER~1.YOU\Application Data\internaldb41.dat
2007-01-12 22:15 -------- d-------- C:\Program Files\tmug
2007-01-12 17:00 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\xfire
2007-01-11 14:49 -------- d-------- C:\Program Files\call of duty
2007-01-07 18:15 45321 --a------ C:\WINDOWS\system32\caunst.exe
2007-01-01 19:58 -------- d-------- C:\Program Files\java
2006-12-22 12:53 -------- d---s---- C:\Program Files\xfire
2006-12-17 21:42 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\secondlife
2006-12-17 21:40 -------- d-------- C:\Program Files\secondlife
2006-12-13 13:20 -------- d-------- C:\Program Files\google
2006-12-12 19:12 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\adobeum
2006-12-12 17:27 -------- d-------- C:\Program Files\windows media connect 2
2006-12-12 17:25 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\imvu
2006-12-05 18:45 71680 --a------ C:\WINDOWS\system32\gdimx.exe
2006-11-16 14:45 36864 --a------ C:\WINDOWS\system32\slimptfr.exe
2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-03 02:36 81408 --a------ C:\WINDOWS\system32\nsy4.dll
2006-10-19 13:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"updateMgr "= "\ "C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1 "
"swg "= "C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp "= "\ "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\" "
"ccRegVfy "= "\ "C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\" "
"NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
"SunJavaUpdateSched "= "\ "C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\" "
"Symantec NetDriver Monitor "= "C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer "
"iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"nwiz "= "nwiz.exe /install "
"NvMediaCenter "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit "
"TkBellExe "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"!AVG Anti-Spyware "= "\ "C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange "= "1 "
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "AVG Anti-Spyware 7.5 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj "= "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"\\1.exe "= "C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\Tools\\1.exe "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=" "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"\\1.exe "= "C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\Tools\\1.exe "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-18 17:18:33
C:\ComboFix2.txt ... 07-01-12 22:36

 

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:35:10 18/01/2007

+ Scan result:



C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar/content/isearch/isearch.js -> Adware.ISearch : No action taken.
C:\Documents and Settings\All Users\Application Data\Log\log.dll -> Adware.MediaBack : No action taken.
:mozilla.137:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.145:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.69:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.70:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.71:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.118:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.19:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.20:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.21:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.166:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.167:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.168:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.169:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.170:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.24:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Adviva : No action taken.
:mozilla.66:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.204:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.192:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.193:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.68:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.18:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.240:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.241:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.242:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.243:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.244:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.57:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.251:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.224:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.72:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.250:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.25:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.26:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.27:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.28:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.29:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.32:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.222:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.223:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.176:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.177:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.178:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.15:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.16:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.17:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.237:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.238:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.239:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.39:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.56:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.160:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.59:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.60:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.62:C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP367\A0081627.exe -> Trojan.Dialer.j : No action taken.
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP367\A0081580.dll -> Trojan.IEService : No action taken.
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP367\A0081633.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP367\A0081622.exe -> Trojan.Small.cy : No action taken.


::Report end


there was a lot of "system information restore" entries which i deleted but i then noticed that it said something about trojan at the end of the system string so i left the last few there as an example. i wasn't sure should i have deleted the others

 

OK, just a few more to remove, this next pass oughta do it.

Download the Killbox from here and save it to the desktop.

• Double-click the KillBox icon on your desktop to open it
• Select "Delete on Reboot "
• Then select "All files ".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\DOCUME~1\OWNER~1.YOU\Application Data\internaldb41.dat
C:\WINDOWS\system32\newtrafficsector-remove.exe
C:\WINDOWS\system32\wbhllyjd.exe
C:\WINDOWS\system32\gdimx.exe
C:\WINDOWS\system32\slimptfr.exe
C:\Program Files\tmug

Return to Killbox

• Go to the File menu, and choose "Paste from Clipboard ".
• Click the red-and-white [Delete File] button.
• Click "Yes" at the Delete on Reboot prompt. Click "No" at the 'Pending Operations' prompt.

Do not allow a reboot by KillBox, manually reboot.

Reboot and run ComboFix first, then HJT and post both logs back into this thread.

 

"Owner" - 07-01-19 16:38:44 Service Pack 2
ComboFix 07-01-12 - Running from: "C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Desktop "

((((((((((((((((((((((((((((((( Files Created from 2006-12-19 to 2007-01-19 ))))))))))))))))))))))))))))))))))


2007-01-19 16:26 <DIR> d-------- C:\!KillBox
2007-01-19 16:21 <DIR> d-------- C:\Program Files\Mozilla Firefox
2007-01-12 17:27 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-12 17:27 <DIR> d-------- C:\Program Files\Grisoft
2007-01-12 15:31 <DIR> d-------- C:\HJT
2006-12-31 16:02 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\Morpheus
2006-12-31 16:00 <DIR> d-------- C:\Program Files\Morpheus


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-19 16:34 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-12 17:00 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\xfire
2007-01-11 14:49 -------- d-------- C:\Program Files\call of duty
2007-01-07 18:15 45321 --a------ C:\WINDOWS\system32\caunst.exe
2007-01-01 19:58 -------- d-------- C:\Program Files\java
2006-12-22 12:53 -------- d---s---- C:\Program Files\xfire
2006-12-17 21:42 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\secondlife
2006-12-17 21:40 -------- d-------- C:\Program Files\secondlife
2006-12-13 13:20 -------- d-------- C:\Program Files\google
2006-12-12 19:12 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\adobeum
2006-12-12 17:27 -------- d-------- C:\Program Files\windows media connect 2
2006-12-12 17:25 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\imvu
2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-03 02:36 81408 --a------ C:\WINDOWS\system32\nsy4.dll
2006-10-19 13:56 713216 --a------ C:\WINDOWS\system32\sxs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"updateMgr "= "\ "C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1 "
"swg "= "C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp "= "\ "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\" "
"ccRegVfy "= "\ "C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\" "
"NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
"SunJavaUpdateSched "= "\ "C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\" "
"Symantec NetDriver Monitor "= "C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer "
"iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"nwiz "= "nwiz.exe /install "
"NvMediaCenter "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit "
"TkBellExe "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"!AVG Anti-Spyware "= "\ "C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange "= "1 "
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "AVG Anti-Spyware 7.5 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj "= "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"\\1.exe "= "C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\Tools\\1.exe "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=" "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"\\1.exe "= "C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\Tools\\1.exe "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-19 16:44:37
C:\ComboFix2.txt ... 07-01-18 17:18
C:\ComboFix3.txt ... 07-01-12 22:36

 

Logfile of HijackThis v1.99.1
Scan saved at 16:47:00, on 19/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10908.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Only problem was that Killbox rebooted for me. i clicked "yes" at the delete on reboot prompt but there was no "pending operations" prompt and it just rebooted.

 

Ok, well looks like I over looked one item, but I'm sure it will delete fine with KillBox.

Using the same instructions as above, paste the following line for deletion:
C:\WINDOWS\system32\nsy4.dll

Reboot, run ComboFix again, see if that file is in the 'Find3M Report' section of ComboFix log, if not then no need to post again.

We also need to remove a couple of errant registry items as well.

But lets first back up your registry. This is just a precautionary step, and you can delete the saved file once we are done.

Click the 'Start' button, select 'Run', hit 'Enter'.

When box appears, type 'regedit', hit 'Enter'.

Navigate to the following key, by unticking the '+' next to each subkey:
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\Run]

Look for:
\\1.exe "= "C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\Tools \\1.exe

Right-click it, and select 'Delete'.

Do the same for the following path also:
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]

Close out the registry editor.

And you're done. Let me know how that went.

 

It all went swimmingly. no problems. do you want me to post any other hijackthis logs or avg scans or are we done?

Also what caused all these viruses? i presume it was a combination of downloading music (using morpheus, gonna get rid of that) games etc. and unknowingly downloading spyware and things. Is there any peer-2-peer program other than morpheus that would be safe for downloading music? e.g. limewire?

 

Glad to hear all is well, and no we do not require any more logs everything is clean.

In so far as P2P apps go, pretty much all of them will get you infected, it's a matter of when and not if. The only safe music apps are the 'legal' pay for types.

The file sharing likely caused alot of this, tho having protection installed may have deterred or prevented some of it.

Installing IE7 may have prevented some as well, tho many have not opted to install it. It's a case by case type of thing. I have it and it's fine no big problems for me. For others it does not appear to work as well.

We have 3 more things to do, mostly maintenance and then our recommendations for secure surfing:

Empty the TIF (Temporary Internet Files)
Delete all the files in (and any subfolders of) the C:\Windows\Temp folder
The app below will help with temp files.
Index.dat Suite

Also, delete all your cookies, and empty your recycle bin. But remember, by deleting your cookies, you will have to re-enter any passwords and log-in info for any sites you are usually required to do so with.

This would also be a good time to set a new system restore point for your machine.
Set New System Restore Point. Do not do this unless there are no other user accounts to be diagnosed.

Also, as you are an XP user, if there are any other accounts on this machine, they too, must be cleaned with AdAware, Spybot S&D, then HJT. Not all infections are global, nor are all the HJT fixes global. You can post each user account here into this thread, but please, do only one at a time to avoid confusion. It is very rare that anything significant is ever found.

Here is a link which describes how security apps work with WIN XP machines.
XP User Accts Security Apps Operation

To further prevent the installation of ad/mal/spyware, DL the apps below, which are just as good the fight against ad/mal/spyware as AdAware & Spybot S&D:

SpywareBlaster
With SpywareBlaster v3.5.1 , just DL, install and check for updates, enable Internet Explorer protection, and your done! I don't recommend using IE restricted sites protection as it's not a very large database. Use IE-SPYADs below.

To avoid known malware infested sites from loading in IE install IESPY ADS.
And MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.

And to prevent unknown applications from being inserted to start up on your machine install WinPatrol v10.0.5.

Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.

Links for tutorials for all the apps I mentioned can be found on my site as well.

Confused about which apps are good or not? Read about Rogue/Approved Anti Security apps

And just because you have security apps installed, they are useless unless updated regularly. Keep track of updates for ALL your security needs here:
Calendar of Updates

Subscribe to update alerts for all the above security apps here.

You can also see my own ongoing security testing with all the above apps proving how securely you can safe with them installed.
TeMerc Test Box Forum

Happy surfing!!
Tom