hi all keep getting a copy-book problem can someone help me please

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:09, on 14/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\Hijackcheck\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086DADBB-6802-4D63-AA15-E0622FCEF116} - (no file)
O2 - BHO: (no name) - {1C1B8A44-61FE-411E-8F33-813A4E2E2984} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {30E4D173-F765-4801-B28D-B24DF2E3DAF9} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {45C5F9C7-DC42-4A8B-BA60-75F56BCC59C5} - (no file)
O2 - BHO: (no name) - {51C8A6AB-4133-49DB-9BDD-28E0B318381C} - (no file)
O2 - BHO: (no name) - {61A34FFE-C6CD-4A7A-83CD-F21075BCCD9A} - (no file)
O2 - BHO: (no name) - {6E02A0AB-CBDD-4B27-97E9-95B72A23D697} - (no file)
O2 - BHO: (no name) - {6F89E9FA-6CF5-4002-A166-0E4C7082317A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {B37E29A4-D35F-4ED3-B68D-06A71F97BF66} - (no file)
O2 - BHO: (no name) - {C6BCA742-7C24-47AB-B727-9250329657F1} - (no file)
O2 - BHO: (no name) - {CC2152B1-061B-49EF-8E64-CC55D61F5D93} - (no file)
O2 - BHO: (no name) - {E9D01196-DB74-4497-BB8A-23E21E62BAFE} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\FreshDownload\fdiebar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [e426ffab] rundll32.exe "C:\Users\lee\AppData\Local\Temp\trgckpcx.dll",b
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FreshDownload - {F752393A-9774-4EB0-A3B7-9A3F9C156814} - D:\FreshDownload\fd.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553534500} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0209D71E-4D76-486E-97B8-4DD5D3D35FC7}: NameServer = 85.255.112.60;85.255.112.237
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CD9DA14-2E77-454A-9CA4-5129358B54E9}: NameServer = 85.255.112.60;85.255.112.237
O17 - HKLM\System\CS1\Services\Tcpip\..\{0209D71E-4D76-486E-97B8-4DD5D3D35FC7}: NameServer = 85.255.112.60;85.255.112.237
O17 - HKLM\System\CS2\Services\Tcpip\..\{0209D71E-4D76-486E-97B8-4DD5D3D35FC7}: NameServer = 85.255.112.60;85.255.112.237
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdjrx.exe (file missing)

--
End of file - 9929 bytes

Hi lee3666, welcome to SAF,

this is a very nasty infection you have there, and, if we can deal with it on XP, I am not sure we'll have some success in Vista. It infects the wireless router itself.

Please rename C:\Program Files\Trend Micro\Hijackcheck\HijackThis.exe to anything.exe you feel comfortable with (not starting with the word "Hijack"), as new baddies are now able to detect and hide from hijackthis.exe. Check here if you are unsure on how to do it: http://www.suggestafix.com/index.php?showtopic=16053

As the main disinfector program doesn't run in Vista, please follow the instructions below:

Please run all fixtools as administrator.

- Download and run CrapCleaner from http://www.ccleaner.com/
Note: in CCleaner: go to <options/advanced> Uncheck "Only delete files in Windows Temp folders older than 48 hours").

- Download Malwarebytes Anti-Malware from http://www.majorgeeks.com/Malwarebyte'...ware_d5756.html to the desktop.

- Double-click on Download_mbam-setup.exe to install the application.
- When the installation begins, follow the prompts and do not make any changes to default settings.
- When installation has finished, make sure you leave both these checked:
- Update Malwarebytes Anti-Malware
- Launch Malwarebytes Anti-Malware
- Then click Finish.

- MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.

- On the Scanner tab:
- Make sure the "Perform Full Scan" option is selected.
- Then click on the Scan button.
- The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.

Disconnect (physically) from the Internet - remove the main cable.

- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

- Click OK to close the message box and continue with the removal process.
- Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

Start HijackThis and close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake (if they are still there):

O2 - BHO: (no name) - {086DADBB-6802-4D63-AA15-E0622FCEF116} - (no file)

O2 - BHO: (no name) - {1C1B8A44-61FE-411E-8F33-813A4E2E2984} - (no file)

O2 - BHO: (no name) - {30E4D173-F765-4801-B28D-B24DF2E3DAF9} - (no file)

O2 - BHO: (no name) - {45C5F9C7-DC42-4A8B-BA60-75F56BCC59C5} - (no file)

O2 - BHO: (no name) - {51C8A6AB-4133-49DB-9BDD-28E0B318381C} - (no file)

O2 - BHO: (no name) - {61A34FFE-C6CD-4A7A-83CD-F21075BCCD9A} - (no file)

O2 - BHO: (no name) - {6E02A0AB-CBDD-4B27-97E9-95B72A23D697} - (no file)

O2 - BHO: (no name) - {6F89E9FA-6CF5-4002-A166-0E4C7082317A} - (no file)

O2 - BHO: (no name) - {B37E29A4-D35F-4ED3-B68D-06A71F97BF66} - (no file)

O2 - BHO: (no name) - {C6BCA742-7C24-47AB-B727-9250329657F1} - (no file)

O2 - BHO: (no name) - {CC2152B1-061B-49EF-8E64-CC55D61F5D93} - (no file)

O2 - BHO: (no name) - {E9D01196-DB74-4497-BB8A-23E21E62BAFE} - (no file)

O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\FreshDownload\fdiebar.dll (file missing)

O4 - HKLM\..\Run: [e426ffab] rundll32.exe "C:\Users\lee\AppData\Local\Temp\trgckpcx.dll",b

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0209D71E-4D76-486E-97B8-4DD5D3D35FC7}: NameServer = 85.255.112.60;85.255.112.237

O17 - HKLM\System\CCS\Services\Tcpip\..\{6CD9DA14-2E77-454A-9CA4-5129358B54E9}: NameServer = 85.255.112.60;85.255.112.237

O17 - HKLM\System\CS1\Services\Tcpip\..\{0209D71E-4D76-486E-97B8-4DD5D3D35FC7}: NameServer = 85.255.112.60;85.255.112.237

O17 - HKLM\System\CS2\Services\Tcpip\..\{0209D71E-4D76-486E-97B8-4DD5D3D35FC7}: NameServer = 85.255.112.60;85.255.112.237

O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdjrx.exe (file missing)

Click on Fix Checked when finished and exit HijackThis.

Reconnect the Internet cable.

Copy and paste the contents of the mbam report in your next reply along with a fresh HijackThis log and exit MBAM.

Chris

does anyone know the cause off the viruse or were it comes from

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:16:06, on 15/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\myfix\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086DADBB-6802-4D63-AA15-E0622FCEF116} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {30E4D173-F765-4801-B28D-B24DF2E3DAF9} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {45C5F9C7-DC42-4A8B-BA60-75F56BCC59C5} - (no file)
O2 - BHO: (no name) - {51C8A6AB-4133-49DB-9BDD-28E0B318381C} - (no file)
O2 - BHO: (no name) - {61A34FFE-C6CD-4A7A-83CD-F21075BCCD9A} - (no file)
O2 - BHO: (no name) - {6E02A0AB-CBDD-4B27-97E9-95B72A23D697} - (no file)
O2 - BHO: (no name) - {6F89E9FA-6CF5-4002-A166-0E4C7082317A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {B37E29A4-D35F-4ED3-B68D-06A71F97BF66} - (no file)
O2 - BHO: (no name) - {C6BCA742-7C24-47AB-B727-9250329657F1} - (no file)
O2 - BHO: (no name) - {CC2152B1-061B-49EF-8E64-CC55D61F5D93} - (no file)
O2 - BHO: (no name) - {E9D01196-DB74-4497-BB8A-23E21E62BAFE} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\FreshDownload\fdiebar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FreshDownload - {F752393A-9774-4EB0-A3B7-9A3F9C156814} - D:\FreshDownload\fd.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553534500} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

--
End of file - 8175 bytes





Malwarebytes' Anti-Malware 1.30
Database version: 1399
Windows 6.0.6001 Service Pack 1

15/11/2008 00:09:15
mbam-log-2008-11-15 (00-09-15).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 108788
Time elapsed: 1 hour(s), 14 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 47
Registry Values Infected: 1
Registry Data Items Infected: 10
Folders Infected: 14
Files Infected: 50

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1c1b8a44-61fe-411e-8f33-813a4e2e2984} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99ba268b-4021-4739-9945-3c774217fe75} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1c1b8a44-61fe-411e-8f33-813a4e2e2984} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webmediaplayer (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bitdownload (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Tribute Service (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3ba3028f-fd37-46bf-ad27-733734684f06} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0209d71e-4d76-486e-97b8-4dd5d3d35fc7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.60;85.255.112.237 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6cd9da14-2e77-454a-9ca4-5129358b54e9}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.60;85.255.112.237 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6cd9da14-2e77-454a-9ca4-5129358b54e9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.60;85.255.112.237 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0209d71e-4d76-486e-97b8-4dd5d3d35fc7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.60;85.255.112.237 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6cd9da14-2e77-454a-9ca4-5129358b54e9}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.60;85.255.112.237 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6cd9da14-2e77-454a-9ca4-5129358b54e9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.60;85.255.112.237 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0209d71e-4d76-486e-97b8-4dd5d3d35fc7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.60;85.255.112.237 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6cd9da14-2e77-454a-9ca4-5129358b54e9}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.60;85.255.112.237 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6cd9da14-2e77-454a-9ca4-5129358b54e9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.60;85.255.112.237 -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\WebMediaPlayer (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Lang (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\log (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Media (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\plug-ins (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\plug-ins\rip (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Skin (Trojan.Lop) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Users\lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\WebMediaPlayer\sqlite3.dll (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\uninst.exe (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\languages_v2.xml (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\webmedias (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\BitDownload.exe (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\BitDownload.ico (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\EndProg.exe (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\iphox_downloader_p.exe (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\player.dll (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\RegExt.exe (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\rtl70.bpl (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\set.ini (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\tcpip_patcher.sys (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Uninstall.exe (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Units.bpl (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\vcl70.bpl (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\vclshlctrls70.bpl (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\vclx70.bpl (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\VersionChecker.exe (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\WinSkinD7R.bpl (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Lang\English.lng (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Lang\Russian.lng (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\log\BitDownload.log (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Media\FileComplete.wav (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\plug-ins\CDBurningPlugin.bpl (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\plug-ins\CDRipper.bpl (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\plug-ins\ClosestSearch.bpl (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\plug-ins\Notification.bpl (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\plug-ins\PeerInfoSearch.bpl (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\plug-ins\Search.bpl (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\plug-ins\VirtualTracker.bpl (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\plug-ins\rip\akrip32.dll (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\plug-ins\rip\cdcache.dll (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\plug-ins\rip\lame_enc.dll (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\plug-ins\rip\Rip.dll (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\plug-ins\rip\vorb_enc.dll (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\plug-ins\rip\xtenc.dll (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Skin\Aqua.skn (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Skin\Default.skn (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Skin\Desert.skn (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Skin\Forest.skn (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Skin\Sea.skn (Trojan.Lop) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload Uninstall.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Users\lee\Desktop\BitDownload Downloads.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Users\lee\Desktop\BitDownload.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer (Rogue.WebMediaPlayer) -> Delete on reboot.

You renamed the folder, not the file itself: C:\Program Files\Trend Micro\myfix\HijackThis.exe ...some baddies may be hidden. The main infection seems to be gone though, this is good.
These entries are still showing:

O2 - BHO: (no name) - {086DADBB-6802-4D63-AA15-E0622FCEF116} - (no file)
O2 - BHO: (no name) - {30E4D173-F765-4801-B28D-B24DF2E3DAF9} - (no file)
O2 - BHO: (no name) - {45C5F9C7-DC42-4A8B-BA60-75F56BCC59C5} - (no file)
O2 - BHO: (no name) - {51C8A6AB-4133-49DB-9BDD-28E0B318381C} - (no file)
O2 - BHO: (no name) - {61A34FFE-C6CD-4A7A-83CD-F21075BCCD9A} - (no file)
O2 - BHO: (no name) - {6E02A0AB-CBDD-4B27-97E9-95B72A23D697} - (no file)
O2 - BHO: (no name) - {6F89E9FA-6CF5-4002-A166-0E4C7082317A} - (no file)
O2 - BHO: (no name) - {B37E29A4-D35F-4ED3-B68D-06A71F97BF66} - (no file)
O2 - BHO: (no name) - {C6BCA742-7C24-47AB-B727-9250329657F1} - (no file)
O2 - BHO: (no name) - {CC2152B1-061B-49EF-8E64-CC55D61F5D93} - (no file)
O2 - BHO: (no name) - {E9D01196-DB74-4497-BB8A-23E21E62BAFE} - (no file)

Click on Fix Checked when finished and exit HijackThis.

Download Combofix to your desktop by clicking here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double click combofix.exe and follow the prompts. Type 1 (Enter) to start the fix.
When finished, it will produce a log for you. Post that log in your next reply.

Note:
Close all windows and any program on your system tray. Do not mouseclick or type anything while combofix is running. That may cause it to stall.

Post back the combofix report along with a new HJT log.

Chris

ComboFix 08-11-13.02 - lee 2008-11-15 21:07:54.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.166 [GMT 0:00]
Running from: c:\users\lee\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\program files\Uninstall Fun Web Products.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Privacy Policy.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Terms and Conditions.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Uninstall.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.url
c:\windows\system32\AutoRun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 22:49 --------- d-----w c:\users\lee\AppData\Roaming\Malwarebytes
2008-11-14 22:49 --------- d-----w c:\programdata\Malwarebytes
2008-11-14 22:49 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-14 22:45 --------- d-----w c:\program files\CCleaner
2008-11-14 22:43 --------- d-----w c:\program files\Trend Micro
2008-11-10 18:53 --------- d-----w c:\users\lee\AppData\Roaming\BitTyrant
2008-11-10 17:56 --------- d-----w c:\users\lee\AppData\Roaming\Azureus
2008-11-09 21:09 --------- d-----w c:\users\lee\AppData\Roaming\ImgBurn
2008-11-07 17:51 --------- d-----w c:\users\lee\AppData\Roaming\BearShare
2008-11-07 17:47 --------- d-----w c:\users\lee\AppData\Roaming\LimeWire
2008-11-05 20:59 --------- d-----w c:\program files\Enigma Software Group
2008-11-02 17:00 262,144 ----a-w c:\program files\Uninstall Ask Toolbar.dll
2008-11-02 17:00 --------- d-----w c:\programdata\Azureus
2008-10-31 21:22 --------- d-----w c:\users\lee\AppData\Roaming\BitDownload
2008-10-22 16:28 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 16:28 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-20 21:35 --------- d-----w c:\program files\iNetBet Casino
2008-10-18 20:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-18 16:00 --------- d-----w c:\program files\Windows Mail
2008-10-04 16:29 --------- d-----w c:\programdata\Apple Computer
2008-09-27 19:06 --------- d-----w c:\programdata\Trymedia
2008-09-27 16:55 --------- d-----w c:\programdata\Microsoft Help
2008-09-27 16:50 --------- d-----w c:\program files\Microsoft Works
2008-09-27 16:33 --------- d-----w c:\users\lee\AppData\Roaming\.wyzo
2008-09-24 20:46 --------- d-----w c:\program files\Sun
2008-09-24 20:45 --------- d-----w c:\program files\Java
2006-10-08 17:37 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-12-09 815104]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-02 1234712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-01 185896]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-03 01:23 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 20:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-09 12:30 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Play AVStation TV Scheduler]
--a------ 2007-01-09 02:09 73728 c:\program files\SAMSUNG\Play AVStation\TvScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9B831534-C840-41C6-8654-7FF694F7EA48}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{7A0470DE-B903-4D09-ABFD-63E7081804C9}d:\\bitlord2\\bitlord.exe"= UDP:d:\bitlord2\bitlord.exe:
"UDP Query User{EFEEB7D5-6057-4A4F-BEBC-27598D9FC022}d:\\bitlord2\\bitlord.exe"= TCP:d:\bitlord2\bitlord.exe:
"TCP Query User{CD02E391-6470-41E4-B07D-5FFBAA55DEB1}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{893C8CBF-458A-4275-BC6C-C93AA9B7D58A}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{21CA64DA-1D50-4172-B791-52487C8D35E6}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{FF950E5A-89ED-46AB-8CDE-9DDC0F4794F9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A9017827-1664-4C14-8AB8-CD4EBA4B510E}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{4EDC22CB-16CF-4F80-AF98-7FFB7F52A3DE}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{508A95D9-7818-4CC1-B9BF-0CEA7847F88D}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{6C331E9D-A81C-4BB7-AC49-AFAB7619A158}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{D69649F6-FDF2-4A6C-BB78-2A412ECB6F8A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FB5F86EF-4B51-4A73-9E8A-BE35E4BEE581}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8BB1994A-2FBA-4C53-82A7-EDEB6C44142A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{42840536-0CB2-4B9C-BB93-55E640B62147}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{A2D84A47-8334-45ED-8B31-258B155D1CE0}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{57A248F4-BB80-45E0-A9C0-60828C5DB5EC}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{D0663884-C2D1-4AF9-8F50-E70C0B7902B6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{A57275D1-5313-42F1-BAB5-757CADCFACB7}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{24BB8430-0A70-4B5D-A2AA-C344DE627E5C}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{C63F830D-C65D-419B-A087-75A4DD3B2720}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{34A4B0DD-CE47-4C2C-9ABD-6EA0D472EE27}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{3A21A6A5-08E8-4B2A-BD6C-5B769736E5C2}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{73C8FE80-744D-418A-967D-842A09F50BE2}d:\\xbmc\\xbmc.exe"= UDP:d:\xbmc\xbmc.exe:XBMC
"UDP Query User{A4F6B13B-2666-466D-8E3E-7E3CFFC9CCA0}d:\\xbmc\\xbmc.exe"= TCP:d:\xbmc\xbmc.exe:XBMC
"TCP Query User{E6E8B2F8-DD6C-4241-8184-119743B21862}d:\\wyzo\\wyzo.exe"= UDP:d:\wyzo\wyzo.exe:Wyzo
"UDP Query User{BC1CE556-BB7A-4983-B9AD-8EEA5C026623}d:\\wyzo\\wyzo.exe"= TCP:d:\wyzo\wyzo.exe:Wyzo
"{8A10A55E-F3A1-4EFD-A734-C90AE0FE96BA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4FDA54C2-C2B4-4EE8-AF99-DE6B370B35E5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{DF4EDC59-D864-4360-ACC1-FC17DB0CB07E}d:\\wyzo\\wyzo.exe"= UDP:d:\wyzo\wyzo.exe:Wyzo
"UDP Query User{23EF0549-58F4-47BB-92D1-8E4BAD89F50C}d:\\wyzo\\wyzo.exe"= TCP:d:\wyzo\wyzo.exe:Wyzo
"TCP Query User{A430EEC7-2037-4BD1-9344-BA9684EDFC0E}c:\\users\\lee\\appdata\\local\\temp\\rar$ex00.800\\qwix.exe"= UDP:c:\users\lee\appdata\local\temp\rar$ex00.800\qwix.exe:qwix.exe
"UDP Query User{2986931A-2BF4-41E2-9BB1-AAEE305630D2}c:\\users\\lee\\appdata\\local\\temp\\rar$ex00.800\\qwix.exe"= TCP:c:\users\lee\appdata\local\temp\rar$ex00.800\qwix.exe:qwix.exe
"TCP Query User{B6B11B8C-130B-485B-886C-618E3BD97706}c:\\program files\\bitdownload\\bitdownload.exe"= UDP:c:\program files\bitdownload\bitdownload.exe:BitDownload
"UDP Query User{52C1E7E6-C983-4425-9174-E98A0F83AF13}c:\\program files\\bitdownload\\bitdownload.exe"= TCP:c:\program files\bitdownload\bitdownload.exe:BitDownload
"TCP Query User{768E1105-5A30-477D-8276-DAD15760B9FB}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{E21F3008-7947-47CF-8164-D3286BCC684B}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{EDB67E8C-28E9-46BB-8045-F0661F373F15}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{5266C032-CB52-4CC0-94D4-BA60D6A035B4}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{81DF7EC3-CBBD-4069-9523-93EC5E15D5C5}"= UDP:4662:bitlord 2
"{41E716B4-9C9B-410D-83F2-F03FDBBF3B6E}"= TCP:6000:bitlord 2 udp
"{BF909EAE-3E79-45F5-B005-49F87537A1BB}"= UDP:d:\bitlord2\BitLord.exe:Bitlord2
"{5BB9CC3A-544D-401B-8B8D-9989A45FB4F0}"= TCP:d:\bitlord2\BitLord.exe:Bitlord2
"{BC98E038-6AA3-4936-AA61-A203184343EC}"= UDP:4663:bitlord
"TCP Query User{3F276E95-7156-42BC-8BBC-231925F78C0F}c:\\program files\\bitdownload\\bitdownload.exe"= UDP:c:\program files\bitdownload\bitdownload.exe:BitDownload
"UDP Query User{106DBA5B-5C8A-4D23-BD49-3B237B71EE69}c:\\program files\\bitdownload\\bitdownload.exe"= TCP:c:\program files\bitdownload\bitdownload.exe:BitDownload
"TCP Query User{F5D147B1-C99D-4A5A-A784-01BB5E7B9750}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{422FAC53-58F5-4D52-8C7F-DFBB5684DAEB}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D1EDB04D-5021-4E5F-A8F2-C304EA2B8D70}c:\\program files\\transcode360\\transcode360tray.exe"= UDP:c:\program files\transcode360\transcode360tray.exe:
"UDP Query User{C05779CD-F45E-4F8F-B80A-3337C109BFE4}c:\\program files\\transcode360\\transcode360tray.exe"= TCP:c:\program files\transcode360\transcode360tray.exe:
"TCP Query User{8C8B84EE-1691-40D9-AE55-8104F4D7A213}d:\\vuze\\azureus.exe"= UDP:d:\vuze\azureus.exe:Azureus
"UDP Query User{791B323B-CDA8-4A1F-A209-A3C93640F479}d:\\vuze\\azureus.exe"= TCP:d:\vuze\azureus.exe:Azureus
"{C247E768-B3DB-42B8-9546-B66B32B01326}"= UDP:59611:vuze
"TCP Query User{61CFC791-1F4E-496A-B334-4DA2481F1615}d:\\vuze\\azureus.exe"= UDP:d:\vuze\azureus.exe:Azureus
"UDP Query User{D6FF76E1-5D46-4EDA-9BC5-D4E2C5F16B28}d:\\vuze\\azureus.exe"= TCP:d:\vuze\azureus.exe:Azureus
"TCP Query User{7C955320-751F-4FD2-9D94-CD74F5F30EB9}d:\\bittyrant\\azureus.exe"= UDP:d:\bittyrant\azureus.exe:Azureus
"UDP Query User{510D90DF-6DC6-4470-A0B9-AF39CB28B5ED}d:\\bittyrant\\azureus.exe"= TCP:d:\bittyrant\azureus.exe:Azureus
"TCP Query User{C8369C26-39F6-4C8F-830A-33453C644B4B}d:\\bittyrant\\azureus.exe"= UDP:d:\bittyrant\azureus.exe:Azureus
"UDP Query User{1619CDBC-DAA1-415D-A574-4369173B462B}d:\\bittyrant\\azureus.exe"= TCP:d:\bittyrant\azureus.exe:Azureus

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-03 97928]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-08-13 13312]
S3 NETw2v32;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{018d3f2f-2b4d-11dd-9727-806e6f6e6963}]
\shell\AutoRun\command - F:\Autorun.exe /run
\shell\Shell00\Command - F:\Autorun.exe /run
\shell\Shell01\Command - F:\Autorun.exe /action
\shell\Shell02\Command - F:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a047aa26-705c-11dd-ae28-0013775ebe25}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b161eb04-7130-11dd-9a89-0013775ebe25}]
\shell\AutoRun\command - F:\AutoRun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {06F42C96-A96C-F579-B0FA-F44BBA118C51} /qb
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-BitComet - c:\program files\BitLord\BitLord.exe
MSConfigStartUp-cmds - c:\users\lee\AppData\Local\Temp\opnkjiIY.dll
MSConfigStartUp-e426ffab - c:\users\lee\AppData\Local\Temp\trgckpcx.dll
MSConfigStartUp-Transcode360 - c:\program files\Transcode360\Transcode360Tray.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = www.google.co.uk/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 -: {F752393A-9774-4EB0-A3B7-9A3F9C156814} - d:\freshdownload\fd.exe
O9 -: {F752393A-9774-4EB0-A3B7-9A3F9C156814} - d:\freshdownload\fd.exe -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 21:12:29
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-15 21:15:21
ComboFix-quarantined-files.txt 2008-11-15 21:15:17

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 14,235,959,296 bytes free

208 --- E O F --- 2008-10-30 19:42:57





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:50, on 15/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\myfix\myfix.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FreshDownload - {F752393A-9774-4EB0-A3B7-9A3F9C156814} - D:\FreshDownload\fd.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553534500} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

--
End of file - 6858 bytes

Well, your log is now clean.

How is your system running ?

Chris

its alot better thanks for your help

You are welcome. Glad we could help.

Chris