Done that
Heres the text for the FixWareout...
Username "Owner" - 17/07/2008 15:01:39 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0B5D0846-148F-4BFD-BB40-B08FC4038CC6}
"nameserver"="85.255.116.167" <Value cleared.
Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C1C6605C0D0C-5F79-9F34-CAD1-E85295FC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}845A09D47413-9ACB-EB24-689C-B098A1D3{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}09236B0D8E20-A529-DA94-40E8-7BB20EBF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}44311D39345D-B50A-A3E4-CD30-9A2D33C5{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9F9FF39B8A94-58FA-6C24-FDDD-7A5A9454{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}B561FAA5C94E-8EB8-30C4-5EB6-E02F2814{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C4D3287591BA-D2F8-2FA4-4A20-843E8FEC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}A0B83EBCF4F4-CF7A-DE74-4848-D1D981AC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}72FA59B0471F-0928-7254-A1FF-D9C9285A{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}88F7E2D7892F-F91A-6B84-971B-F8844332{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}FA59D30CFDA5-02FB-0AE4-DEB1-D9ACACBA{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}07E1EC6A4932-36CB-0D64-9C5D-01B94E7E{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}F603654238DE-33EB-B294-D23E-AAF9141C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}EC9D0E9C90C6-327A-7174-A61E-D8C09430{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}9AC2A91FDAF5-8459-3AE4-86F7-0E415664{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}BAD8EA2D086A-5EB8-FAD4-55DD-D4653EC2{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}A0A4B1CA476C-DE98-B6B4-2495-2749FDE2{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}4BF3975E7F7D-116A-31C4-4720-13E6BCC4{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}D218E9A1F166-8A48-4964-0258-9BA17CC8{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}A126754C3196-0F9B-2454-73A4-F27D676D{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}F03D3D31A527-9A28-87D4-69E1-FAD6F167{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}523589B682FE-F0EA-1004-454D-4795EF2E{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}B1136575971C-28F9-43C4-3FE4-58DEA3EE{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}03BD3545D581-204B-1584-5AA7-5C6564A5{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}13F6B49782C5-C488-05E4-428F-A68F3B37{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}038852E44417-C63B-9174-2A9C-0530C912{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}B4AB1F7FFEA6-B2EA-22E4-59B3-A601187B{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}F4C8A6D6588A-8F18-4B84-4360-D1EC2076{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}2942C96E27C3-9D4A-CFA4-3FA1-61631833{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}52F4CE045D97-A108-5214-1A70-BE79D2AF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}BD83DE056D4C-EC09-71E4-DDCD-F0EB67F0{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}A94DCFA24BF2-DCEB-5F44-8C6E-732F5765{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}30F1B04EE79C-8CA8-CA34-15ED-AE367F2D{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}CE3E6B58F5E4-BAFA-3154-55C9-62E23803{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}C73480030659-FAAA-2984-C02D-63C7DC34{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}BDD2A330023C-0D5A-2314-0725-95FAE951{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}05C2F7BEFC03-84DB-8C44-73CF-B9E3CA38{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}28BB0068EE6E-A6FB-7CC4-A296-002065E2{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}2CC0206E7901-1D29-CF64-35C4-3DC2DF8D{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}82FDA0344788-C468-BD54-88FA-D585A396{" Deleted
....
~~~~~ Misc files.
C:\WINDOWS\SYSTEM32\{03490C8D-E16A-4717-A723-6C09C9E0D9CE}.exe Deleted
C:\WINDOWS\SYSTEM32\{159EAF59-5270-4132-A5D0-C320033A2DDB}.exe Deleted
C:\WINDOWS\SYSTEM32\{219C0350-C9A2-4719-B36C-71444E258830}.exe Deleted
C:\WINDOWS\SYSTEM32\{2334488F-B179-48B6-A19F-F2987D2E7F88}.exe Deleted
C:\WINDOWS\SYSTEM32\{2CE3564D-DD55-4DAF-8BE5-A680D2AE8DAB}.exe Deleted
C:\WINDOWS\SYSTEM32\{2E560200-692A-4CC7-BF6A-E6EE8600BB82}.exe Deleted
C:\WINDOWS\SYSTEM32\{30832E26-9C55-4513-AFAB-4E5F85B6E3EC}.exe Deleted
C:\WINDOWS\SYSTEM32\{3D1A890B-C986-42BE-BCA9-31474D90A548}.exe Deleted
C:\WINDOWS\SYSTEM32\{4182F20E-6BE5-4C03-8BE8-E49C5AAF165B}.exe Deleted
C:\WINDOWS\SYSTEM32\{4549A5A7-DDDF-42C6-AF85-49A8B93FF9F9}.exe Deleted
C:\WINDOWS\SYSTEM32\{4CCB6E31-0274-4C13-A611-D7F7E5793FB4}.exe Deleted
C:\WINDOWS\SYSTEM32\{5675F237-E6C8-44F5-BECD-2FB42AFCD49A}.exe Deleted
C:\WINDOWS\SYSTEM32\{5A4656C5-7AA5-4851-B402-185D5453DB30}.exe Deleted
C:\WINDOWS\SYSTEM32\{5C33D2A9-03DC-4E3A-A05B-D54393D11344}.exe Deleted
C:\WINDOWS\SYSTEM32\{6702CE1D-0634-48B4-81F8-A8856D6A8C4F}.exe Deleted
C:\WINDOWS\SYSTEM32\{693A585D-AF88-45DB-864C-8874430ADF28}.exe Deleted
C:\WINDOWS\SYSTEM32\{A5829C9D-FF1A-4527-8290-F1740B95AF27}.exe Deleted
C:\WINDOWS\SYSTEM32\{CA189D1D-8484-47ED-A7FC-4F4FCBE38B0A}.exe Deleted
C:\WINDOWS\SYSTEM32\{CEF8E348-02A4-4AF2-8F2D-AB1957823D4C}.exe Deleted
C:\WINDOWS\SYSTEM32\{CF59258E-1DAC-43F9-97F5-C0D0C5066C1C}.exe Deleted
C:\WINDOWS\SYSTEM32\{D676D72F-4A37-4542-B9F0-6913C457621A}.exe Deleted
C:\WINDOWS\SYSTEM32\{E2FE5974-D454-4001-AE0F-EF286B985325}.exe Deleted
C:\WINDOWS\SYSTEM32\{E7E49B10-D5C9-46D0-BC63-2394A6CE1E70}.exe Deleted
C:\WINDOWS\SYSTEM32\{FA2D97EB-07A1-4125-801A-79D540EC4F25}.exe Deleted
C:\WINDOWS\SYSTEM32\{FBE02BB7-8E04-49AD-925A-02E8D0B63290}.exe Deleted
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"dyfmvipo.exe"="C:\\Documents and Settings\\All Users\\Application Data\\dyfmvipo.exe"
"USB Storage Toolbox"="C:\\Program Files\\USB Disk Win98 Driver\\Res.EXE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Microsoft Works Update Detection"="\"C:\\Program Files\\Microsoft Works\\WkDetect.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Heres the HijackThis log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:16:41, on 17/07/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\notepad.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\All Users\Application Data\dyfmvipo.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [dyfmvipo.exe] C:\Documents and Settings\All Users\Application Data\dyfmvipo.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Microsoft Support] sys32ms.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Microsoft Support] sys32ms.exe (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O16 - DPF: Yahoo! Pool 2 -
http://origin.games.yahoo.net/games/cli ... poti_x.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b31267.cabO16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} -
http://208.98.1.71/talk.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{0B5D0846-148F-4BFD-BB40-B08FC4038CC6}: NameServer = 85.255.116.167 85.255.112.168
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B5D0846-148F-4BFD-BB40-B08FC4038CC6}: NameServer = 85.255.116.167 85.255.112.168
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Handling the DHCP requests (DHCP Client) - Unknown owner - C:\WINDOWS\system32\service.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
--
End of file - 5539 bytes