Here are the results you asked for. Thanx Neal.

Ron - 06-11-29 13:38:14.57 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Program Files\Combofix"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{3C63B3BC-089C-3081-0714-06032806003d}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\Common Files\MCROSO~1.NET


((((((((((((((((((((((((((((((( Files Created from 2006-10-29 to 2006-11-29 ))))))))))))))))))))))))))))))))))


2006-11-29 13:25 <DIR> d-------- C:\Program Files\Combofix
2006-11-28 09:38 3,004 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-28 09:27 <DIR> d-------- C:\VundoFix Backups
2006-11-27 09:58 <DIR> dr-h----- C:\Documents and Settings\Ron\Recent
2006-11-27 09:43 <DIR> d-------- C:\Program Files\CCleaner
2006-11-26 14:11 <DIR> d-------- C:\Program Files\SilentRunner
2006-11-24 14:43 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-24 14:04 <DIR> d-------- C:\Program Files\Grisoft
2006-11-23 13:28 <DIR> d-------- C:\Documents and Settings\Ron\Application Data\Lavasoft
2006-11-23 13:11 <DIR> d-------- C:\Program Files\AdAwareSE
2006-11-23 12:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-23 12:11 <DIR> d-------- C:\Program Files\Spybot
2006-11-16 09:55 31,248 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-11-16 09:55 197,648 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-11-16 09:55 1,051,456 --a------ C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-11-16 07:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 02:02 <DIR> d-------- C:\Documents and Settings\Ron\Application Data\Goodsol
2006-11-03 01:58 530,934 ---hs---- C:\WINDOWS\system32\qrqss.bak1
2006-11-03 01:58 110,612 --a------ C:\WINDOWS\system32\tytgrhpj.exe
2006-11-03 01:47 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-03 01:47 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-03 01:44 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-03 01:43 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-03 01:42 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-03 00:09 110,612 --a------ C:\WINDOWS\system32\acvqsreg.exe
2006-11-02 21:54 110,612 --a------ C:\WINDOWS\system32\bkuiuaqm.exe
2006-11-02 16:30 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-02 16:06 110,612 --a------ C:\WINDOWS\system32\fstgqlxw.exe
2006-11-02 14:55 <DIR> d-------- C:\Program Files\Hijackthis
2006-11-02 08:18 110,612 --a------ C:\WINDOWS\system32\jpwwbdjd.exe
2006-11-01 17:24 110,612 --a------ C:\WINDOWS\system32\rvsxvwym.exe
2006-11-01 17:14 110,612 --a------ C:\WINDOWS\system32\rkewjxeq.exe
2006-11-01 01:29 110,612 --a------ C:\WINDOWS\system32\hfffmevx.exe
2006-11-01 00:57 110,612 --a------ C:\WINDOWS\system32\pvqlhbrx.exe
2006-11-01 00:37 110,612 --a------ C:\WINDOWS\system32\kblrhrbc.exe
2006-11-01 00:21 110,612 --a------ C:\WINDOWS\system32\qrvoydnd.exe
2006-10-31 23:54 110,612 --a------ C:\WINDOWS\system32\sxbbwqkf.exe
2006-10-31 22:51 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-10-31 21:43 <DIR> d--h----- C:\WINDOWS\PIF
2006-10-31 16:47 110,612 --a------ C:\WINDOWS\system32\kjmvfqmo.exe
2006-10-31 16:45 110,612 --a------ C:\WINDOWS\system32\afgqotio.exe
2006-10-31 16:28 110,612 --a------ C:\WINDOWS\system32\iebcrqex.exe
2006-10-31 16:12 110,612 --a------ C:\WINDOWS\system32\uvjgxsgh.exe
2006-10-31 15:54 110,612 --a------ C:\WINDOWS\system32\dkjulumy.exe
2006-10-31 15:52 110,612 --a------ C:\WINDOWS\system32\qorpsfda.exe
2006-10-31 15:31 110,612 --a------ C:\WINDOWS\system32\iykwhbkc.exe
2006-10-31 15:19 110,612 --a------ C:\WINDOWS\system32\vmrfirtr.exe
2006-10-31 14:39 <DIR> d-------- C:\Documents and Settings\Ron\.housecall6.6
2006-10-31 13:38 110,612 --a------ C:\WINDOWS\system32\obwcwpxn.exe
2006-10-31 12:50 110,612 --a------ C:\WINDOWS\system32\gttcadbf.exe
2006-10-31 12:27 37,721 --a------ C:\WINDOWS\system32\jkkjg.dll
2006-10-31 12:24 370,601 --a------ C:\WINDOWS\system32\awtst.dll
2006-10-31 12:22 <DIR> d-------- C:\Program Files\NetAccelerator
2006-10-31 11:33 90,112 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2006-10-31 11:33 682,624 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2006-10-31 11:33 201,728 --a------ C:\WINDOWS\system32\drivers\HSFHWCD2.sys
2006-10-31 11:33 11,043 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-10-31 11:33 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys
2006-10-31 11:07 72,761 --a------ C:\WINDOWS\system32\pmnnm.dll
2006-10-31 11:06 2 --a------ C:\WINDOWS\system32\wnsintsu.exe
2006-10-31 07:48 <DIR> d-------- C:\Program Files\Nero


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2006-11-29 13:39 -------- d-------- C:\Program Files\Common Files
2006-11-29 13:31 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-21 09:23 -------- d-------- C:\Program Files\BBasics1
2006-11-16 07:08 -------- d-------- C:\Program Files\Trend Micro
2006-11-14 09:51 -------- d-------- C:\Program Files\Apple Software Update
2006-11-03 02:19 -------- d-------- C:\Program Files\Bonjour
2006-11-03 02:13 -------- d-------- C:\Program Files\Internet Explorer
2006-11-01 09:28 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-31 15:48 -------- d-------- C:\Program Files\Java
2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-26 11:36 -------- d-------- C:\Program Files\OfficeUpdate11
2006-10-23 20:40 -------- d-------- C:\Program Files\Autodesk
2006-10-23 20:28 -------- d-------- C:\Documents and Settings\Ron\Application Data\SolidDynamics
2006-10-23 20:06 -------- d-------- C:\Program Files\Common Files\Autodesk
2006-10-23 19:58 -------- d-------- C:\Program Files\Microsoft Office
2006-10-23 19:58 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-10-23 19:58 -------- d-------- C:\Program Files\Common Files\Autodesk Shared
2006-10-23 19:58 -------- d-------- C:\Program Files\AnswerWorks 4.0
2006-10-23 14:42 -------- d-------- C:\Program Files\Apple Quicktime
2006-10-18 14:59 -------- d-------- C:\Program Files\WinRAR
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-16 17:54 -------- d-------- C:\Program Files\Google Talk
2006-10-16 17:54 -------- d-------- C:\Program Files\Google
2006-10-13 23:05 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 23:05 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 23:05 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 20:53 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-12 08:02 -------- d-------- C:\Program Files\Common Files\Kodak
2006-10-12 03:05 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2006-10-12 03:05 553984 --a------ C:\WINDOWS\system32\p2psvc.dll
2006-10-12 03:05 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2006-10-12 03:05 153088 --a------ C:\WINDOWS\system32\p2p.dll
2006-10-12 03:05 115712 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2006-10-12 03:05 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2006-10-11 12:52 -------- d-------- C:\Documents and Settings\Ron\Application Data\Sun
2006-10-09 23:44 -------- d---s---- C:\Documents and Settings\Ron\Application Data\Microsoft
2006-10-09 11:20 -------- d-------- C:\Program Files\Limewire
2006-10-03 15:55 -------- d-------- C:\Program Files\Avery
2006-10-03 15:52 -------- d-------- C:\Program Files\Common Files\Avery
2006-09-30 11:15 -------- d-------- C:\Documents and Settings\Ron\Application Data\Help
2006-09-30 11:11 -------- d-------- C:\Program Files\LightScribe
2006-09-30 11:11 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-09-30 01:50 -------- d-------- C:\Program Files\Common Files\LightScribe
2006-09-30 00:43 -------- d-------- C:\Program Files\Drivers
2006-09-18 11:33 2249 --a------ C:\Documents and Settings\Ron\Application Data\AdobeDLM.log
2006-09-18 11:33 0 --a------ C:\Documents and Settings\Ron\Application Data\dm.ini
2006-09-13 15:31 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 06:27 62 --ahs---- C:\Documents and Settings\Ron\Application Data\desktop.ini
2006-09-11 21:13 0 -rahs---- C:\MSDOS.SYS
2006-09-11 21:13 0 -rahs---- C:\IO.SYS
2006-09-11 21:13 0 --a------ C:\CONFIG.SYS
2006-09-11 21:13 0 --a------ C:\AUTOEXEC.BAT
2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"OE"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\TMAS_OE\\TMAS_OEMon.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"RTHDCPL"="RTHDCPL.EXE"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINT LGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT \\TINTSETP.EXE /IMEName"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG .EXE\" /Spoil /RemAdvDef /Migration32"
"EPSON Stylus Photo R310 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W3 2X86\\3\\E_S4I3F2.EXE /P30 \"EPSON Stylus Photo R310 Series\" /O6 \"USB001\" /M \"Stylus Photo R310\""
"DT Task"="C:\\Program Files\\Portrait Displays\\forteManager\\DTHtml.exe -startup_folder"
"QuickTime Task"="\"C:\\Program Files\\Apple Quicktime\\qttask.exe\" -atboottime"
"pccguide.exe"="C:\\PROGRA~1\\TRENDM~1\\INTERN~2\\ pccguide.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000006

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EX E"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EX E"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


~ ~ ~ ~ ~ ~ ~ ~ Hijackthis entries set to ignore ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WIND
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WIND
O4 - HKLM\..\Run: [PHIME2002A] C:\WIND
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WIND
O4 - HKLM\..\Run: [EPS
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-11-29 13:40:00.43
C:\ComboFix.txt ... 06-11-29 13:40

Well I'm beginning to smell a rootkit infection and if that is so then it is very very bad news.


Let's run the vundofix again:
[*]Double-click VundoFix.exe to run it.[*]Click the Scan for Vundo button.[*]Once it's done scanning, click the Remove Vundo button.[*]You will receive a prompt asking if you want to remove the files, click YES[*]Once you click yes, your desktop will go blank as it starts removing Vundo.[*]When completed, it will prompt that it will reboot your computer, click OK.[*]Please post the contents of C:\vundofix.txt and a new HiJackThis log.[/list]
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

How long have you had IE7? Was it downloaded while in beta stage?


Let's try firefox browser and see if you get crashes like you do with IE7. It is easily uninstalled thru add/remove programs. If no crashes occur then we need to look at IE7 as the culprit and a possible uninstall and re-install.

I ran VundoFix, but it didnt find anything. IE 7 has been on this computer about a month, but I use Firefox almost exclusively, to the point where FF is the default browser. My wife is the same, and she now tells me she often has problems following a crash, where FF will come up with the page stating that Firefox has been updated (which it doesnt seem to have been, as Help -> About will show the same version as previously). After this, she normally has to find her Bookmarks again.

Logfile of HijackThis v1.99.1
Scan saved at 2:54:48 PM, on 29/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobD ispatch.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\Hijack that.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Apple Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europ...vex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1158042549062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162439764859
O17 - HKLM\System\CCS\Services\Tcpip\..\{10D3004C-C244-4ABE-BC62-25B141215C4A}: NameServer = 192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{55541309-B1C4-44FC-8792-E2A93F3E4AE8}: NameServer = 139.134.5.51 139.134.2.190
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobD ispatch.exe
O23 - Service: Autodesk EDM Server - - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$AUTODESKVAULT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT (file missing)
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: SQLAgent$AUTODESKVAULT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT (file missing)
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

Have any of your crashes happened with IE7 or just firefox

No, we started using Firefox because IE 7 kept going to "odd" websites, seemingly of its own volition.

BTW, I downloaded the Firefox SiteAdvisor extension, as noted in your sig. Sweet.

Why don't you try useing IE 7 again and see what happens and if all is ok with that might consider uninstalling firefox and re-installing firefox with the setup file that you probably still have or firefox 2. If IE7 redirects you to "odd" sites let me know what sites they are.

Thanks.

No probs, giving IE 7 a try for a few days. 1 question, you mentioned cleaning the system restore, How do I do this? Thanks mate.

Lets not do that yet in case more malware is present but only as a last step. If IE turns out to be stable then firefox could be the culprit now and we can do a system restore before you install firefox again.

Sorry to say Neal not much better success with IE than I had with FF. Plus, Spybot keeps finding Virtumonde.
Ran the following with the results as shown-

Spybot - see log
Ad-Aware - nothing found
PC-cillin - nothing found
VundoFix - see log
AVG (safe mode) - see log
Smitfraud (safe mode) - see log
CCleaner
HijackThis - see log
also attached Uninstall List

SPYBOT

--- Search result list ---
VirtuMonde: User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-507921405-1336601894-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{F18F04B0-9CF1-4B93-B004-77A288BEE28B}

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-11-23 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-01 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-12-01 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2006-12-01 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-12-01 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-12-01 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-12-01 Includes\PUPSC.sbi (*)
2006-12-01 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-12-01 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-12-01 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-01 Includes\Trojans.sbi (*)
2006-12-01 Includes\TrojansC.sbi (*)


ADAWARE

ArchiveData(auto-quarantine- 2006-12-04 13-01-46.bckp)
Referencefile : SE1R135 27.11.2006
================================================== ====
TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=IECache Entry : Cookie:ron@realmedia.com/
obj[1]=IECache Entry : C:\Documents and Settings\Carol\Cookies\carol@tribalfusion[1].txt

VUNDOFIX

VundoFix V6.2.13
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 1:02:59 PM 4/12/2006
Listing files found while scanning....
No infected files were found.

Beginning removal...

AVG

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:14:35 PM 4/12/2006
+ Scan result:

:mozilla.10:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\7nq00ysq.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\7nq00ysq.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.12:C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\7nq00ysq.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\WINDOWS\system32\wnsintsu.exe -> Trojan.Small : Cleaned.

::Report end

SMITFRAUD

SmitFraudFix v2.127
Scan done at 23:16:46.28, Mon 04/12/2006
Run from C:\Documents and Settings\Ron\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 11:27:09 PM, on 4/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobD ispatch.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\SiteAdvisor\4608\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\Program Files\Hijackthis\Hijack that.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir..._PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Apple Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europ...vex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1158042549062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162439764859
O17 - HKLM\System\CCS\Services\Tcpip\..\{10D3004C-C244-4ABE-BC62-25B141215C4A}: NameServer = 192.168.1.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobD ispatch.exe
O23 - Service: Autodesk EDM Server - - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$AUTODESKVAULT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT (file missing)
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: SQLAgent$AUTODESKVAULT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT (file missing)
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

UNINSTALL LIST

Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.8
Adobe Reader Chinese Simplified Fonts
Apple Software Update
Autodesk Data Management Server 5
Autodesk DWF Viewer
Autodesk Inventor Professional 11
Autodesk Mechanical Desktop 2007
Autodesk Vault 5
Autodesk Vault 5 for Microsoft Office
Avery Wizard 2.5
AVG Anti-Spyware 7.5
AWP Network Config 10.11
Bonjour
CCleaner (remove only)
CCScore
Cerbere 1.3.4
Data Access Objects (DAO) 3.5
DivX Codec
D-Link DU-562M External Modem
Dune 2000
Enhanced Multimedia Keyboard Solution
EPSON CardMonitor
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON Print CD
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
ESPR310 Reference Guide
ESPR310 Software Guide
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
forteManager
Google Earth
Google Talk (remove only)
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
HLPPDOCK
Homeworld2
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Imperialism
J2SE Runtime Environment 5.0 Update 9
kgcbase
Kodak EasyShare software
LightScribe Applications
LimeWire 4.12.6
Macromedia Flash Player 8
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Professional Edition 2003
Microsoft SQL Server Desktop Engine (AUTODESKVAULT)
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft WSE 2.0 SP3 Runtime
Mozilla Firefox (1.5)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MYOB BusinessBasics v1
Notifier
NVIDIA Drivers
OfotoXMI
OneSteel Section Catalogue
OTtBP
PDFCreator
PIF DESIGNER2.1
QuickTime
Realtek High Definition Audio Driver
ScanToWeb
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SFR
SHASTA
SKIN0001
SKINXSDK
Spybot - Search & Destroy 1.4
staticcr
SureThing CD Labeler 4 SE
Trend Micro PC-cillin Internet Security 2007
Trend Micro PC-cillin Internet Security 2007
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VPRINTOL
Westwood Shared Internet Components
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WIRELESS