Hi

I am not familiar with this PC, its is my boyfriends (but he not around) but it is getting junk pop ups appearing on the desktop even if IE is not open. I have run spybot and adaware but they are not picking anything up. Hope this is all the info needed.

Could anyone help me with this. I followed the instructions and here is the main and extra texts:



Deckard's System Scanner v20071014.68
Run by Oskar on 2008-07-16 00:00:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-07-15 22:00:51 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Oskar.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01 AM, on 16/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\WINDOWS\system32\m7G6rhpM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Oskar\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Oskar.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FavoriteSync.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: GammaTray.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1194125889140
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6231 bytes
-- File Associations -----------------------------------------------------------
All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 MagicTune - c:\windows\system32\drivers\mtictwl.sys <Not Verified; Samsung Electronics, Inc.; MagicTunePremium>
S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 MagicTuneEngine - c:\program files\magictune premium\magictuneengine.exe

-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------
2008-07-15 23:00:10 350 --a------ C:\WINDOWS\Tasks\At48.job
2008-07-15 23:00:02 350 --a------ C:\WINDOWS\Tasks\At24.job
2008-07-15 22:00:10 350 --a------ C:\WINDOWS\Tasks\At47.job
2008-07-15 22:00:02 350 --a------ C:\WINDOWS\Tasks\At23.job
2008-07-15 21:00:10 350 --a------ C:\WINDOWS\Tasks\At46.job
2008-07-15 21:00:02 350 --a------ C:\WINDOWS\Tasks\At22.job
2008-07-15 20:00:10 350 --a------ C:\WINDOWS\Tasks\At45.job
2008-07-15 20:00:02 350 --a------ C:\WINDOWS\Tasks\At21.job
2008-07-15 19:00:10 350 --a------ C:\WINDOWS\Tasks\At44.job
2008-07-15 19:00:02 350 --a------ C:\WINDOWS\Tasks\At20.job
2008-07-15 18:00:10 350 --a------ C:\WINDOWS\Tasks\At43.job
2008-07-15 18:00:02 350 --a------ C:\WINDOWS\Tasks\At19.job
2008-07-15 17:00:10 350 --a------ C:\WINDOWS\Tasks\At42.job
2008-07-15 17:00:02 350 --a------ C:\WINDOWS\Tasks\At18.job
2008-07-15 05:00:10 350 --a------ C:\WINDOWS\Tasks\At30.job
2008-07-15 05:00:02 350 --a------ C:\WINDOWS\Tasks\At6.job
2008-07-15 04:00:10 350 --a------ C:\WINDOWS\Tasks\At29.job
2008-07-15 04:00:02 350 --a------ C:\WINDOWS\Tasks\At5.job
2008-07-15 03:00:10 350 --a------ C:\WINDOWS\Tasks\At28.job
2008-07-15 03:00:02 350 --a------ C:\WINDOWS\Tasks\At4.job
2008-07-15 02:00:10 350 --a------ C:\WINDOWS\Tasks\At27.job
2008-07-15 02:00:02 350 --a------ C:\WINDOWS\Tasks\At3.job
2008-07-15 01:00:10 350 --a------ C:\WINDOWS\Tasks\At26.job
2008-07-15 01:00:02 350 --a------ C:\WINDOWS\Tasks\At2.job
2008-07-15 00:32:10 350 --a------ C:\WINDOWS\Tasks\At25.job
2008-07-15 00:18:02 350 --a------ C:\WINDOWS\Tasks\At1.job
2008-07-14 16:00:10 350 --a------ C:\WINDOWS\Tasks\At41.job
2008-07-14 16:00:02 350 --a------ C:\WINDOWS\Tasks\At17.job
2008-07-14 15:01:12 350 --a------ C:\WINDOWS\Tasks\At16.job
2008-07-14 15:00:10 350 --a------ C:\WINDOWS\Tasks\At40.job
2008-07-14 14:00:10 350 --a------ C:\WINDOWS\Tasks\At39.job
2008-07-14 14:00:02 350 --a------ C:\WINDOWS\Tasks\At15.job
2008-07-14 13:00:10 350 --a------ C:\WINDOWS\Tasks\At38.job
2008-07-14 13:00:02 350 --a------ C:\WINDOWS\Tasks\At14.job
2008-07-14 12:00:10 350 --a------ C:\WINDOWS\Tasks\At37.job
2008-07-14 12:00:03 350 --a------ C:\WINDOWS\Tasks\At13.job
2008-07-14 11:00:10 350 --a------ C:\WINDOWS\Tasks\At36.job
2008-07-14 11:00:03 350 --a------ C:\WINDOWS\Tasks\At12.job
2008-07-14 10:00:10 350 --a------ C:\WINDOWS\Tasks\At35.job
2008-07-14 10:00:02 350 --a------ C:\WINDOWS\Tasks\At11.job
2008-07-14 09:00:10 350 --a------ C:\WINDOWS\Tasks\At34.job
2008-07-14 09:00:02 350 --a------ C:\WINDOWS\Tasks\At10.job
2008-07-14 08:00:10 350 --a------ C:\WINDOWS\Tasks\At33.job
2008-07-14 08:00:02 350 --a------ C:\WINDOWS\Tasks\At9.job
2008-07-14 07:00:10 350 --a------ C:\WINDOWS\Tasks\At32.job
2008-07-14 07:00:02 350 --a------ C:\WINDOWS\Tasks\At8.job
2008-07-14 06:00:10 350 --a------ C:\WINDOWS\Tasks\At31.job
2008-07-14 06:00:02 350 --a------ C:\WINDOWS\Tasks\At7.job
2008-07-12 13:17:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-06-16 and 2008-07-16 -----------------------------
2008-07-15 23:43:24 0 d-------- C:\Program Files\Trend Micro
2008-07-12 14:06:13 0 d-------- C:\Documents and Settings\Oskar\Application Data\AccurateRip
2008-07-12 14:06:09 0 d-------- C:\Program Files\Exact Audio Copy
2008-07-12 13:53:53 0 d-------- C:\Program Files\iPod
2008-07-12 13:53:51 0 d-------- C:\Program Files\iTunes
2008-07-12 13:53:04 0 d-------- C:\Program Files\QuickTime
2008-07-09 03:17:35 0 dr-h----- C:\Documents and Settings\Oskar\Recent
2008-07-08 11:13:48 20480 --a------ C:\WINDOWS\system32\i7C6ndlI.dll
2008-07-07 16:00:37 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-07-07 16:00:36 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-07-07 16:00:11 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-07-07 15:14:47 35842 --a------ C:\WINDOWS\system32\m7G6rhpM.exe
2008-07-07 13:27:40 158208 --a------ C:\WINDOWS\system32\lzrdkmjjlphrbpif.dll
2008-07-06 14:12:18 29760 --a------ C:\WINDOWS\system32\f8tmehJl.exe
2008-07-05 21:32:50 0 d-------- C:\Program Files\Lavasoft
2008-07-05 21:31:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 21:04:38 0 d-------- C:\Documents and Settings\Oskar\Application Data\Lavasoft
2008-07-05 14:37:00 0 d-------- C:\Documents and Settings\Oskar\Application Data\Ashampoo
2008-07-05 14:36:51 0 d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-07-05 14:36:48 0 d-------- C:\Program Files\Ashampoo
2008-06-25 21:24:40 0 d-------- C:\Program Files\Apple Software Update

-- Find3M Report ---------------------------------------------------------------
2008-07-14 15:37:31 0 d-------- C:\Documents and Settings\Oskar\Application Data\uTorrent
2008-07-14 15:19:35 0 d-------- C:\Documents and Settings\Oskar\Application Data\foobar2000
2008-07-14 14:31:52 0 d-------- C:\Program Files\SpeedFan
2008-07-13 19:58:12 0 d-------- C:\Program Files\Eraser
2008-07-13 19:27:00 0 d-------- C:\Program Files\uTorrent
2008-07-11 22:58:13 0 d-------- C:\Program Files\Java
2008-07-05 21:31:52 0 d-------- C:\Program Files\Common Files
2008-07-02 11:07:45 0 d-------- C:\Program Files\XBMC
2008-06-25 20:37:08 0 d-------- C:\Program Files\Common Files\Nero
2008-06-23 06:03:02 0 d-------- C:\Program Files\FavoriteSync
2008-06-21 00:50:49 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-05-31 22:02:19 0 d-------- C:\Documents and Settings\Oskar\Application Data\XBMC
2008-05-19 06:08:07 0 d-------- C:\Documents and Settings\Oskar\Application Data\Sun

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [25/09/2006 10:12 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [10/07/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/07/2008 10:51 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 02:00 PM]
"Eraser"="C:\Program Files\Eraser\eraser.exe" [16/03/2008 03:29 AM]
C:\Documents and Settings\Oskar\Start Menu\Programs\Startup\
FavoriteSync.lnk.disabled [20/03/2008 2:54:43 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 10:05:26 PM]
Adobe Reader Speed Launch.lnk.disabled [16/03/2008 11:18:28 PM]
GammaTray.lnk.disabled [28/02/2008 3:21:17 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{650CA63D-4A01-4BF8-A608-9B1EBB36292E}"= C:\WINDOWS\system32\i7C6ndlI.dll [15/07/2008 05:00 PM 20480]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
AutoRun\command- D:\detector.exe


-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8809 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-07-16 00:02:29 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1022.73 MiB / 569.38 MiB
Pagefile Memory (total/avail): 2461.27 MiB / 1216.6 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.34 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 11.72 GiB total, 4.55 GiB free.
D: is CDROM (CDFS)
E: is Fixed (NTFS) - 137.33 GiB total, 90.09 GiB free.
F: is Fixed (NTFS) - 300.29 GiB total, 105.64 GiB free.
G: is Fixed (NTFS) - 245.02 GiB total, 42.24 GiB free.
H: is Fixed (NTFS) - 153.32 GiB total, 7.74 GiB free.
I: is Removable (FAT)
\\.\PHYSICALDRIVE1 - SAMSUNG HD753LJ - 698.64 GiB - 1 partition
\PARTITION0 - Logical Disk Manager - 698.64 GiB - F: - G: - H:
\\.\PHYSICALDRIVE0 - ST3160023AS - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 11.72 GiB - C:
\PARTITION1 - Installable File System - 137.33 GiB - E:
\\.\PHYSICALDRIVE2 - Corsair Flash Voyager USB Device - 1929.68 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 1935.98 MiB - I:

-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\MagicTune Premium\\MagicTune.exe"="C:\\Program Files\\MagicTune Premium\\MagicTune.exe:*:Enabled:MagicTune"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\ \system32\\sessmgr.exe:*isabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Oskar\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PELLEKULA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Oskar
LOGONSERVER=\\PELLEKULA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Oskar\LOCALS~1\Temp
TMP=C:\DOCUME~1\Oskar\LOCALS~1\Temp
USERDOMAIN=PELLEKULA
USERNAME=Oskar
USERPROFILE=C:\Documents and Settings\Oskar
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------
Oskar (admin)

-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Hjälp för avinstallation av program --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{2F143483-68D6-4234-9346-724056818193}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallI NFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Eraser 5.3 --> C:\WINDOWS\system32\stuninstall.exe C:\Program Files\Eraser\uninstall.dat
Exact Audio Copy 0.99pb3 --> C:\Program Files\Exact Audio Copy\uninst.exe
FavoriteSync --> "C:\Program Files\FavoriteSync\Uninstall.exe" "C:\Program Files\FavoriteSync\install.log"
ffdshow (remove only) --> "C:\Program Files\ffdshow\uninstall.exe"
foobar2000 v0.9.5 --> "C:\Program Files\foobar2000\uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
MagicTune Premium --> C:\Program Files\InstallShield Installation Information\{D6044256-A309-43B5-9833-D3FAFE2AD24D}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XBMC for Windows --> C:\Program Files\XBMC\uninstall.exe

-- Application Event Log -------------------------------------------------------
Event Record #/Type335 / Error
Event Submitted/Written: 07/15/2008 07:59:58 PM
Event ID/Source: 1000 / .NET Runtime 2.0 Error Reporting
Event Description:
Faulting application cli.exe, version 1.11.0.0, stamp 42fceded, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x00124000.
Event Record #/Type325 / Error
Event Submitted/Written: 07/13/2008 06:15:44 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]
Event Record #/Type309 / Error
Event Submitted/Written: 07/10/2008 09:06:19 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.2180, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [rundll32.exe!ws!]
Event Record #/Type300 / Warning
Event Submitted/Written: 07/10/2008 11:14:19 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type265 / Warning
Event Submitted/Written: 07/07/2008 03:33:38 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------
Event Record #/Type3242 / Warning
Event Submitted/Written: 07/15/2008 06:31:46 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\TJETATJAFSE on the network \Device\NetBT_Tcpip_{063871EF-940E-47F1-93AE-D66D76B108E8}.
The data is the error code.
Event Record #/Type3218 / Error
Event Submitted/Written: 07/14/2008 03:12:16 PM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort0, did not respond within the timeout period.
Event Record #/Type3217 / Error
Event Submitted/Written: 07/14/2008 02:56:33 PM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort0, did not respond within the timeout period.
Event Record #/Type3207 / Warning
Event Submitted/Written: 07/14/2008 00:39:45 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type3206 / Warning
Event Submitted/Written: 07/14/2008 10:50:27 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

-- End of Deckard's System Scanner: finished at 2008-07-16 00:02:29 ------------

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.