I have a Trojan that Windows Malicious Software Removal Tool has defined as "Win32/Gael.d". Does anybody have any clues about how to getr rid of it?
It has made my computer slower and I can't open some applictations. I saw on the internet that it infected the files inside 'C:/WINDOWS'.
Can anyone help?

I have discovered that it has infected .exe files. I am unable to run many of my programs from the .exe files and my stored setup .exe files are corrupted, with the error message: "The setup files are corrupted. Please obtain a new copy of the setup files". I have researched this online and it says that error message happens when the file isn't completely downloaded. I know this isn't right, as the same copy worked fine minutes earlier on my other machine.

I have tried many virus scanners to remove the infection, such as Spybot Search and Destroy, SUPERAntiSpyware & Ad-Aware. SUPERAntiSpyware found one or two infected files on two different occasions: one belonging to realplayer, but I can't remember which program the other belonged to. I did a scan with AVG 8.01 and it found around 2000 infected files. It called the infection Win32/Gaelicum.A. When I tried to open Task Manager, AVG popped up and said that taskmgr.exe was infected. So I moved the file to the vault, hoping to fix the problem. The same happened when I right-clicked the desktop and clicked Properties to try and change my wallpaper. Again, I moved rundll.exe (or something similar) to the vault. I now know from research online that this was a bad idea and wish to undo this. After the scan, AVG said that to complete the scan it must reboot the computer, with optioins "Yes" and "No". I clicked yes and the system restarted. When it booted up, I heard the bootup sound, and then the screen changed from the usual popup bootup window to "Logging You Off". This now happens whenever I try to bootup my computer, even when I start in safe mode. Please help!




I have logs for Hijack This and Comboflix, about a fortnight old:


Logfile of HijackThis v1.99.1
Scan saved at 8:53:14 AM, on 25/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [Hide Windows 2.0] C:\Program Files\Hide Windows\Hide Windows 2.0.exe
O4 - Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Startup: Favourites -- 4 and 5 Star Rated.lnk = C:\Documents and Settings\James\My Documents\My Music\My Playlists\My Favourites.wpl
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: Windows Media Player.lnk = C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Favourites -- 4 and 5 Star Rated.lnk = C:\Documents and Settings\James\My Documents\My Music\My Playlists\My Favourites.wpl
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Windows Media Player.lnk = C:\Program Files\Windows Media Player\wmplayer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192611096484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1192910693875
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.....;/en/crlocx.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe






ComboFix:






ComboFix 08-05-21.3 - James 2008-05-25 8:55:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.242 [GMT 10:00]
Running from: G:\virus stuff\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\James\Application Data\ezpinst.log
C:\Documents and Settings\James\Application Data\inst.exe
C:\WINDOWS\clofghls.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.

2008-05-22 20:04 . 2008-05-22 20:05 <DIR> d-------- C:\Program Files\DebugMode
2008-05-22 19:21 . 2008-05-22 19:21 <DIR> d-------- C:\Program Files\Free Audio Pack
2008-05-22 19:21 . 2003-08-07 15:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-05-11 21:09 . 2008-05-11 21:09 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-11 18:17 . 2008-05-11 21:07 234 --a------ C:\Documents and Settings\James\dl.exe
2008-04-30 19:52 . 2008-05-11 19:30 <DIR> d-------- C:\WINDOWS\speech
2008-04-30 19:52 . 2008-04-30 19:52 <DIR> d-------- C:\DVDVideoSoft
2008-04-30 19:48 . 2008-05-11 19:36 <DIR> d-------- C:\Program Files\Convert
2008-04-30 19:48 . 2008-04-30 19:48 <DIR> d-------- C:\Program Files\Blaiz Enterprises
2008-04-30 19:45 . 2008-04-30 19:51 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-04-30 17:22 . 2008-04-11 11:51 <DIR> d-------- C:\Documents and Settings\James\.gimp-2.4
2008-04-30 17:21 . 2008-04-30 19:48 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-04-27 17:19 . 2008-05-11 19:35 <DIR> d-------- C:\Program Files\ReadPlease 2003
2008-04-27 14:46 . 2005-02-24 14:10 2,084,864 --a------ C:\WINDOWS\system32\AudDesign.dll
2008-04-27 14:46 . 2005-03-11 19:37 1,986,560 --a------ C:\WINDOWS\system32\AudFile.dll
2008-04-27 14:46 . 2005-02-24 14:11 1,212,416 --a------ C:\WINDOWS\system32\AudioInfos.dll
2008-04-27 14:46 . 2005-02-24 14:11 479,232 --a------ C:\WINDOWS\system32\AudioVisu.dll
2008-04-27 14:46 . 2005-02-24 17:21 458,752 --a------ C:\WINDOWS\system32\AudPlayer.dll
2008-04-27 14:46 . 2005-03-10 18:00 454,656 --a------ C:\WINDOWS\system32\AudioRecord.dll
2008-04-27 14:46 . 2005-02-24 14:10 417,792 --a------ C:\WINDOWS\system32\AudDisplay.dll
2008-04-27 14:46 . 2005-02-24 13:51 348,160 --a------ C:\WINDOWS\system32\WMAFile.dll
2008-04-27 14:46 . 2005-01-10 12:54 116,296 --a------ C:\WINDOWS\system32\NCTWMAProfiles.prx
2008-04-27 11:26 . 2008-04-27 18:01 263,168 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-04-27 11:26 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-04-26 16:12 . 2008-04-30 19:51 <DIR> d-------- C:\Documents and Settings\James\Application Data\Nvu
2008-04-25 13:18 . 2008-04-30 19:48 <DIR> d-------- C:\Program Files\Hide Windows
2008-04-25 13:16 . 2008-05-11 19:36 <DIR> d-------- C:\Program Files\Nvu
2008-04-25 13:10 . 2008-05-11 19:36 <DIR> d-------- C:\Program Files\7-Zip
2008-04-25 13:07 . 2008-05-25 07:25 <DIR> d-------- C:\Program Files\Taskbar Shuffle

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-24 09:03 --------- d-----w C:\Documents and Settings\James\Application Data\Any Video Converter
2008-05-11 09:35 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-11 09:35 --------- d-----w C:\Program Files\VIDEOzilla
2008-05-11 09:35 --------- d-----w C:\Program Files\VectorWorks 12.5.1
2008-05-11 09:35 --------- d-----w C:\Program Files\Turret Wars
2008-05-11 09:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-11 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 09:54 196,608 ----a-w C:\WINDOWS\system32\TubeFinder.exe
2008-04-30 10:36 --------- d-----w C:\Program Files\Macromedia
2008-04-30 10:35 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-04-27 08:00 94,208 -c--a-w C:\WINDOWS\system32\igfxext.exe
2008-04-27 07:59 9,728 -c--a-w C:\WINDOWS\system32\cisvc.exe
2008-04-27 07:58 772,096 -c--a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
2008-04-27 07:58 747,520 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2008-04-27 07:58 741,376 -c--a-w C:\WINDOWS\iun6002.exe
2008-04-27 07:58 72,704 ----a-w C:\WINDOWS\notepad.exe
2008-04-27 07:58 38,912 -c--a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\notiflag.exe
2008-04-27 07:58 310,272 ----a-w C:\WINDOWS\IsUninst.exe
2008-04-27 07:58 22,528 -c--a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\hscupd.exe
2008-04-27 07:58 162,304 -c--a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
2008-04-27 07:58 154,624 -c--a-w C:\WINDOWS\PCHEALTH\UploadLB\Binaries\uploadm.exe
2008-04-27 07:58 150,016 -c--a-w C:\WINDOWS\regedit.exe
2008-04-27 07:58 103,424 -c--a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpHost.exe
2008-04-27 07:57 9,728 ----a-w C:\WINDOWS\delttsul.exe
2008-04-27 07:57 380,928 -c--a-w C:\WINDOWS\Help\Tours\mmTour\tour.exe
2008-04-27 07:57 14,336 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:47 --------- d-----w C:\Program Files\Infogrames
2008-04-13 01:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 00:57 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-04-13 00:47 --------- d-----w C:\Documents and Settings\James\Application Data\AVS4YOU
2008-04-13 00:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-04-13 00:32 --------- d-----w C:\Program Files\Ashampoo
2008-04-13 00:32 --------- d-----w C:\Documents and Settings\James\Application Data\Ashampoo
2008-04-11 05:26 --------- d-----w C:\Program Files\Google
2008-03-30 08:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-30 03:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
2008-03-30 03:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 02:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
2008-03-30 02:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-25 09:28 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-25 09:28 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-20 23:40 47,360 -c--a-w C:\Documents and Settings\James\Application Data\pcouffin.sys
2007-05-19 07:26 16 -csha-w C:\WINDOWS\emjlhgdm.dat
.

------- Sigcheck -------

2008-04-27 17:55 2060544 86f88c7e4f9baeaeee6f6ce0c0ca962d C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2008-04-27 17:56 2063104 21ed0d422ad9c6e476afec47dd9e8b87 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2008-04-27 17:56 1873408 3d8cb7ea3ee8c1f33f9d858256f75246 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2008-04-27 17:56 2018816 f610be5d7da1ce9dfda6b9a708c700ab C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2008-04-27 17:57 2018816 e49eeb20d18d7ed4402eaac167b82c58 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-27 17:57 2061312 aa4dea75ac68120641664c6205bfd561 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2008-04-27 17:59 2060544 f8408d01888b6b670983a2a0059a4ae2 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-27 18:01 2019328 07364e9c91bd375af1486d8b53baff54 C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-27 18:00 2061312 aa4dea75ac68120641664c6205bfd561 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2008-04-27 17:47 1961984]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-05-25 07:28 167936]
"Taskbar Shuffle"="C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe" [2008-05-25 07:29 822272]
"Hide Windows 2.0"="C:\Program Files\Hide Windows\Hide Windows 2.0.exe" [2008-05-25 07:28 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 10:24 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 10:11 114688]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-03-11 10:45 774144]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2008-04-27 18:01 155648]
"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [2008-04-27 17:53 30720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-25 19:28 185896]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.e xe" [2002-03-19 17:30 45632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-25 07:29 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2008-04-27 17:50 33280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-27 18:01 57856 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 37888]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 733184]
Favourites -- 4 and 5 Star Rated.lnk - C:\Documents and Settings\James\My Documents\My Music\My Playlists\My Favourites.wpl [2007-11-01 18:55:18 118907]
Photo Express Calendar Checker SE.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2007-11-08 16:40:11 58880]
Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe [2005-01-28 13:44:28 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 ScFBPNT2;CanoScan FBP2 Port Driver;C:\WINDOWS\system32\drivers\ScFBPNT2.SYS [1999-05-21 01:00]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c086a790-ecdd-11dc-9eb9-000cf17faae0}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d6571ac8-6cf4-11dc-90a9-000cf17faae0}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-24 21:45:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 08:59:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


************************************************** ************************
.
Completion time: 2008-05-25 9:02:33
ComboFix-quarantined-files.txt 2008-05-24 23:01:31

Pre-Run: 6,692,642,816 bytes free
Post-Run: 6,734,999,552 bytes free

166 --- E O F --- 2008-04-27 06:29:54

I have moved your Topic that includes a HijackThis log here to the Misplaced HJT Logs forum. You posted your log in a forum not intended for HijackThis logs analysis and probably missed the directions we provide to those who require assistance. We can only allow topics with such logs in the HijackThis Logs and Malware Removal forum. This restriction is to ensure you get the best help available, from those who specialize in malware anlaysis and removal. It also should prevent you from receiving ineffective or even potentially dangerous advice, whether well meaning or not.

Prior to posting a HJT log, we ask that you please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system.

Please complete all the steps in the Guide. If you have performed some of them already, then just continue with the next. There are instructions for downloading and running Deckard's System Scanner (DSS) which will create a hijackthis log for you, or automatically download and install the most current version of HijackThis if it's not already installed on your computer.

Please note that it is important that Deckard's System Scanner be run and a log created while in normal mode. If you run it and create your log while in safe mode, you will be asked to redo it again properly. When you have completed those steps, start a new topic in the HijackThis Logs and Malware Removal forum as directed in the Guide to post a new log.

Please DO NOT post any more logs to this topic, or post a log again in the wrong forum.

The Misplaced HJT Logs forum is strictly a holding area where the BC Staff can assist you with preparations for and to properly post your log. If you have a question or encounter a problem in the Prep Guide, please do post back to this topic; that is what it is here for.

When your new HJT log is posted in the proper forum, please reply to this topic with a link to your new topic. Once that is done, a Member of the HJT Team will analyze your log and assist you with step by step instructions to clean your computer or otherwise advise what needs to be done.

Thanks for your cooperation and good luck.
The BC Staff