Malware which isnt detected for me

Now im only 15 so im kinda illiterate when it comes to computers.

I recently had spyware and thought id got rid of it. But now when i open Windows movie maker it crashes with the "has encountered a problem" window. So i tried to delete the file but when i delete it comes back straight away, i think its malware but Ad-Aware (the anti-spyware system i use) doesnt seem to pick this up. I cant post a log because it doesnt pick it up. Also when online and i go on google i can click a link to a website say: >>>w_w_w.aaa.com<<< (not actually one i chose)
and it will put me on a random website which i didnt click. Please help this is really annoying and as i use windows movie maker and the internet a lot this is a big inconvenience (sorry for spelling).

Thanks in advance. and as im only 15 please try and explain relatively simply.

Hello.
Read here and please post a Hijack This log.
http://www.geekpolice.net/malware-removal-support-hijackthis-logs-f11/read-this-before-posting-t3821.htm

ok here it is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:49, on 08/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\izzy\My Documents\Hijack(GP)This.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [procinfo] C:\WINDOWS\system32\adqzydcb.exe
O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKLM\..\Policies\Explorer\Run: [NRvRqj4ICG] C:\Documents and Settings\All Users\Application Data\vsdgrqdu\hsbwdwhe.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165148239015
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: msghlpapp - {3F17C9F7-AF42-CFA9-E65E-012D444D2324} - C:\Program Files\srhmoxc\msghlpapp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 9940 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
  O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
  O4 - HKLM\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
  O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
  O4 - HKCU\..\Run: [procinfo] C:\WINDOWS\system32\adqzydcb.exe
  O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
  O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\Video ActiveX Object\pmsngr.exe
  O4 - HKLM\..\Policies\Explorer\Run: [NRvRqj4ICG] C:\Documents and Settings\All Users\Application Data\vsdgrqdu\hsbwdwhe.exe
  O21 - SSODL: msghlpapp - {3F17C9F7-AF42-CFA9-E65E-012D444D2324} - C:\Program Files\srhmoxc\msghlpapp.dll
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\adqzydcb.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Documents and Settings\All Users\Application Data\vsdgrqdu\hsbwdwhe.exe
C:\Program Files\srhmoxc\msghlpapp.dll

Folders to delete:
C:\Program Files\Video ActiveX Object
C:\Documents and Settings\All Users\Application Data\vsdgrqdu
C:\Program Files\srhmoxc
C:\Program Files\Wanadoo

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

5. Please copy/paste the content of c:\avenger.txt into your reply.

here it is.


*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\brastk.exe" not found!
Deletion of file "C:\WINDOWS\system32\brastk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\svchost.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\svchost.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\adqzydcb.exe" not found!
Deletion of file "C:\WINDOWS\system32\adqzydcb.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\Program Files\Video ActiveX Object\pmsngr.exe"
Deletion of file "C:\Program Files\Video ActiveX Object\pmsngr.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\Documents and Settings\All Users\Application Data\vsdgrqdu\hsbwdwhe.exe" not found!
Deletion of file "C:\Documents and Settings\All Users\Application Data\vsdgrqdu\hsbwdwhe.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Program Files\srhmoxc\msghlpapp.dll" deleted successfully.

Error: folder "C:\Program Files\Video ActiveX Object" not found!
Deletion of folder "C:\Program Files\Video ActiveX Object" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\Documents and Settings\All Users\Application Data\vsdgrqdu" deleted successfully.
Folder "C:\Program Files\srhmoxc" deleted successfully.
Folder "C:\Program Files\Wanadoo" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.






OH AND CAN I SAY IF THERE ARE ANY PROBLEMS WITH THIS THEY MAY HAVE BEEN CAUSED BY MY COMPUTER BECAUSE AT THE START A WINDOWS PAGE OPENS BEFORE LOGIN AND IT SCANS MY C: FILE FOR CONSISTENCY OR SOMETHING AND THEN RESTARTS, DUNNO WHETHER THIS MIGHT HAVE EFFECTED IT.

Hmmm.

What problems remain?

dunno as of yet because the internet one is occasional ill try moviemaker.

Nope moviemaker still crashes on opening. Do i need to delete? or shouldnt it do this. I havent tried the internet one yet because as i explained above its occasional

internet random website doesnt SEEM to be a problem but ive only tried a few times.

Okay, lets have a look around.

• Download combofix from here, use the top links - combofix.exe
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ok so here it is : BUT PLEASE LOOK AT THE PICTURE BELOW IT THIS PROBLEM WAS ENCOUNTERED A FEW TIMES.

ComboFix 08-12-07.04 - izzy 2008-12-08 23:02:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.111 [GMT 0:00]
Running from: c:\documents and settings\izzy\My Documents\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\izzy\Favorites\Online Security Test.url
c:\program files\akl
c:\program files\akl\akl.dll
c:\program files\akl\akl.exe
c:\program files\akl\uninstall.exe
c:\program files\akl\unsetup.exe
c:\program files\Inet Delivery
c:\program files\Inet Delivery\inetdl.exe
c:\program files\Inet Delivery\intdel.exe
c:\windows\a.bat
c:\windows\base64.tmp
c:\windows\bdn.com
c:\windows\Downloaded Program Files\setup.inf
c:\windows\FVProtect.exe
c:\windows\iTunesMusic.exe
c:\windows\mslagent
c:\windows\mslagent\2_mslagent.dll
c:\windows\mslagent\mslagent.exe
c:\windows\mslagent\uninstall.exe
c:\windows\mssecu.exe
c:\windows\system32\akttzn.exe
c:\windows\system32\anticipator.dll
c:\windows\system32\awtoolb.dll
c:\windows\system32\bdn.com
c:\windows\system32\bsva-egihsg52.exe
c:\windows\system32\dpcproxy.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\emesx.dll
c:\windows\system32\h@tkeysh@@k.dll
c:\windows\system32\hoproxy.dll
c:\windows\system32\hxiwlgpm.dat
c:\windows\system32\hxiwlgpm.exe
c:\windows\system32\medup012.dll
c:\windows\system32\medup020.dll
c:\windows\system32\msgp.exe
c:\windows\system32\msnbho.dll
c:\windows\system32\mssecu.exe
c:\windows\system32\msvchost.exe
c:\windows\system32\mtr2.exe
c:\windows\system32\mwin32.exe
c:\windows\system32\netode.exe
c:\windows\system32\newsd32.exe
c:\windows\system32\packet.dll
c:\windows\system32\ps1.exe
c:\windows\system32\psof1.exe
c:\windows\system32\psoft1.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\regc64.dll
c:\windows\system32\regm64.dll
c:\windows\system32\Rundl1.exe
c:\windows\system32\smp
c:\windows\system32\smp\msrc.exe
c:\windows\system32\sncntr.exe
c:\windows\system32\ssurf022.dll
c:\windows\system32\ssvchost.com
c:\windows\system32\ssvchost.exe
c:\windows\system32\sysreq.exe
c:\windows\system32\taack.dat
c:\windows\system32\taack.exe
c:\windows\system32\temp#01.exe
c:\windows\system32\thun.dll
c:\windows\system32\thun32.dll
c:\windows\system32\VBIEWER.OCX
c:\windows\system32\vbsys2.dll
c:\windows\system32\vcatchpi.dll
c:\windows\system32\wini104552663.exe
c:\windows\system32\winlogonpc.exe
c:\windows\system32\winsystem.exe
c:\windows\system32\WINWGPX.EXE
c:\windows\system32\wpcap.dll
c:\windows\Sysvxd.exe
c:\windows\Temp\scsE.tmp
c:\windows\Temp\scsF.tmp
c:\windows\userconfig9x.dll
c:\windows\winsystem.exe
c:\windows\zip1.tmp
c:\windows\zip2.tmp
c:\windows\zip3.tmp
c:\windows\zipped.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.

2008-12-01 20:46 . 2008-12-01 20:46 d-------- c:\program files\WinPcap
2008-12-01 20:44 . 2008-12-08 21:29 d-------- c:\program files\Net Tools
2008-12-01 20:44 . 2001-04-05 16:43 1,009,336 --a------ c:\windows\system32\mschrt20.ocx
2008-11-15 21:16 . 2008-11-15 21:16 d-------- C:\5e1bfa40376a809675780ab9164558
2008-11-13 21:54 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 21:53 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-08 15:14 . 2000-01-14 17:42 45,568 --a------ c:\windows\UniFish3.exe
2008-11-08 15:14 . 2008-11-08 15:14 227 --a------ c:\windows\PowerReg.dat
2008-11-08 15:13 . 2008-11-08 15:13 d-------- c:\program files\Hasbro Interactive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 20:47 --------- d-----w c:\documents and settings\izzy\Application Data\LimeWire
2008-11-21 19:59 --------- d-----w c:\program files\Bots
2008-11-20 21:18 --------- d-----w c:\program files\Xfire
2008-11-09 20:23 --------- d-----w c:\documents and settings\izzy\Application Data\Hamachi
2008-11-08 15:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 15:29 --------- d-----w c:\program files\SmartDraw 2009
2008-11-04 22:05 --------- d-----w c:\documents and settings\izzy\Application Data\SoundSpectrum
2008-11-04 21:58 --------- d-----w c:\program files\SoundSpectrum
2008-11-04 19:45 --------- d-----w c:\program files\LimeWire
2008-11-04 19:43 --------- d-----w c:\documents and settings\izzy\Application Data\SuperNZB
2008-11-03 18:26 --------- d-----w c:\documents and settings\izzy\Application Data\SmartDraw
2008-10-28 23:58 --------- d-----w c:\program files\NCH Software
2008-10-26 22:49 --------- d-----w c:\program files\NCH Swift Sound
2008-10-26 22:49 --------- d-----w c:\documents and settings\izzy\Application Data\NCH Swift Sound
2008-10-26 22:49 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-10-26 17:23 --------- d-----w c:\documents and settings\izzy\Application Data\InstallShield
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 19:16 --------- d-----w c:\program files\AVS4YOU
2008-10-17 19:13 --------- d-----w c:\program files\Common Files\AVSMedia
2008-10-17 16:54 --------- d-----w c:\documents and settings\izzy\Application Data\Xfire
2008-10-15 18:20 --------- d-----w c:\program files\Lavasoft
2008-10-15 18:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-15 18:17 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-13 21:37 --------- d-----w c:\documents and settings\izzy\Application Data\AVS4YOU
2008-10-13 21:37 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2007-12-15 12:09 7,110,656 ----a-w c:\program files\IC_Patch_101_English.msi
2007-10-18 20:49 646,896 ----a-w c:\program files\Hyper Cam.exe
2006-10-18 22:12 278,528 ----a-w c:\program files\Common Files\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-28 1589248]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-21 1077330]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-02 1234712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"TPSMain"="TPSMain.exe" [2006-02-08 c:\windows\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]

c:\documents and settings\izzy\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2007-11-15 2836304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\izzym\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Bots\\bots.dat"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\izzym\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Net Tools\\nettools5.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-24 97928]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-24 231704]
R3 BoiHwsetup;Access 32bits INT15 routine;c:\windows\system32\drivers\BoiHwSetup.sys [2005-06-11 5504]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2006-02-15 225792]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;c:\windows\system32\drivers\qkbfiltr.sys [2006-01-12 31872]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;c:\windows\system32\drivers\qmofiltr.sys [2005-05-05 7936]
S0 uqiotr;uqiotr;c:\windows\system32\drivers\ylcv.sys []
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\Bots\GameGuard\dump_wmimmc.sys []
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\izzy\LOCALS~1\Temp\ewdmaudn.sys []
S3 FAELZSRVC;FAELZSRVC;\??\c:\documents and settings\izzy\My Documents\Extracted_Files\faelz.sys []
S3 FAELZZZ;FAELZZZ;\??\c:\documents and settings\izzy\My Documents\Extracted_Files\Sei_R.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\documents and settings\izzy\My Documents\Extracted_Files\IlvMoney1196.sys []
S3 projectx1;projectx1;\??\c:\docume~1\izzy\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\FelipeZe.sys []
S3 SoRa01;SoRa01;\??\c:\program files\BotsHacks\BotsHack-[www.jadook.com]\SoRa.sys []
S3 TSHAK3T1;TSHAK3T1;\??\c:\program files\Bots hack\Hack Bots!!\RE 3.2\spuce.sys []
S3 XDva007;XDva007;\??\c:\windows\system32\XDva007.sys []
S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-12-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
FireFox -: Profile - c:\documents and settings\izzy\Application Data\Mozilla\Firefox\Profiles\f8dhovby.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 23:17:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="\??\c:\program files\BotsHacks\BotsHack-
[www.jadook.com]\SoRa.sys"


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SoRa01]
"ImagePath"="\??\c:\program files\BotsHacks\BotsHack-
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\TPSBattM.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-08 23:27:03 - machine was rebooted [izzy]
ComboFix-quarantined-files.txt 2008-12-08 23:26:52

Pre-Run: 16,737,378,304 bytes free
Post-Run: 19,241,037,824 bytes free

272 --- E O F --- 2008-10-24 17:04:25

Ignore the error, that file is part of combofix.
CF has done what I wanted it to, I don't think it will alert you again.

What problems remain?

its the same as before really the internet problem seems to have gone but Windows movie maker still crashes, is there a chance the file is corrupt now? should i try deleting it again and seeing if it returns?

No.
Do this.
Press Start > Run
type this in:
sfc /scannow <== note the space after the c and before /

Allow it to do a scan and if it asks for your XP CD, put it in. (If you have it)

its late here now ill try this tomorrow, ill report back, thanks for your help so far its seems to have done most of the job! again thanks a lot and ill tell you tomorrow whether this worked

hmm it didnt ask 4 XP disk and Moviemaker still wont work, could it be that when i had the malware/spyware they have damaged or deleted a system file if this is possible? important for running moviemaker.

It's possible, but sfc replaces damaged files it finds.

Download a fresh copy from here:
http://www.download.com/Windows-Movie-Maker-Windows-XP-/3000-13631_4-10165075.html

what should i do with the broken one? i dont think i can delete as it might come back but i can try

Keep the old one, but download this new copy to your desktop and run it from there.

i cant do it whenever it installs it says it has but the only mviemaker is the one in the moviemaker file Which... still doesnt work. it encounters error. anymore advice?

Delete the current file and delete this folder:
C:\Program Files\Movie Maker

Try installing it now.

I cant delete the folder this comes up:


This comes up even though no programs associated with it are open. I cannot delete it separatly either because the moviemaker program file keeps coming back after deleting.

Last edited by Malwarefooldammit on 9th December 2008, 7:15 pm; edited 1 time in total

Hello.
If we can't get this working, would you be willing to switch to a different program like movie maker and see if you can use that?

switch to movie maker? im confused im already using moviemaker? Id be willing to but its kinda annoying having this folder with a program in which when deleted comes back. But id try something else i guess. Any other advice atm tho? or any other programs i could use?

Is this the end of the thread? nothing else i can do? no other programs?

http://www.google.co.uk/search?hl=en&q=windows+movie+maker+alternative&btnG=Google+Search&meta=

Take your pick.

So shall i just leave WMM alone in the file? will it cause any problems? and is there no way to get rid of it?

There is a way, but I would rather leave it alone and not cause anymore damage.

k fair enough,so it wont cause any damage?

No.

ok well thanks, have a good christmas, hope to not see you so soon

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.