<iframe> tag found, it may be dangerous

[micky77]

Download HijackThis, when you run the program, choose ' scan and save a log file '. Copy/paste the txt log that appears. You may need to split the log into several posts, if it is very large.

http://filehippo.com/download_hijackthis/

[1cards]

micky77, here is the logfile, page 1:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:33 PM, on 6/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Siber Systems\RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
\Pmc-server-2005\d\Avimark\avimark.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\MSAgent\agentsvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intuit\QuickBooks 2008\qbw32.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go dot microsoft dot com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iwon dot com/iwon-homepage/home.jhtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway dot com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5424
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go dot microsoft dot com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft dot com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway dot com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5424
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway dot com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5424
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\RoboForm\roboform.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [auditadmin] C:\windows\temp\auditadmin.cmd
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

[1cards]

page 2 of the logfile:

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PCMagSurfSpeed2] C:\Program Files\PC Magazine Utilities\SurfSpeed 2\SurfSpeed.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3637895357-2911223082-889988628-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3637895357-2911223082-889988628-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'QBDataServiceUser18')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail dot com/mail/w3/resources/VistaMSNPUplden-us.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://www.onlineregister dot com/gateway/serial/gwCID.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB18 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 16188 bytes

[1cards]

By the way here is my order for Avast Professional

****************************************************************************
share-it! Order number: #########
****************************************************************************
This e-mail was generated by a mail handling system. Please do not reply
to the address listed in the "From" field.
Please read the CUSTOMER SERVICE section for answers to your questions.
****************************************************************************

We recommend that you make a backup copy of this e-mail (e.g. print out a
hard copy).

Dear Customer,

Thank you for placing an order with share-it!. You have purchased a product
by ALWIL Software a.s..

****************************************************************************
Contents:

A. Brief information on product delivery
B. Details for product delivery for avast! 4 Professional Edition, 3
   years                                                             
C. Technical Support
D. Customer service

****************************************************************************
A. Brief information on product delivery

Use the license key to unlock the product (see below).

Please note that you will not receive a delivery by postal mail.

****************************************************************************
B. Details for product delivery for avast! 4 Professional Edition, 3
   years                                                             

The product is licensed to "NAME".

The license key is valid for 13 license(s).

The license key for "avast! 4 Professional Edition, 3 years" is listed
below. You will need this license key to complete the process and activate
the product. The license key and the text below originate from the software
publisher and may be written in another language.

Dear customer,

thank You very much for Your purchase. You were successfully registered for
using avast! 4 Professional Edition antivirus program on 13 PC(s). Your
license allows you to update/upgrade avast! 4 Professional for 3 (three)
years from the date of purchase. Your license key is

----cut here----
License Key here
----cut here----

Print this mail and save it for future usage, please.

Follow the instructions below for entering your new key into installed
Avast! program:
1) Start Avast! program and during memory scan press the "Registration"
button. There will be Registration dialog displayed. You can also find this
dialog in Simple or Enhanced user interfaces under About program avast! ->
Activation Key
2) Enter the key. (NOTE: if you are unsure when entering number 0 or letter
O, enter rather number 0 (zero)!) The best way to enter the license key is
Cut&Paste method - select entire key in this mail, press Ctrl-C, switch to
avast! registration dialog and press Ctrl-V. Then press OK button and your
avast! is registered.

It is recommended to update your virus database via the iAVS service. Just
click on the "flash" icon in Simple user interface or "flash" icon with
iAVS description in Enhanced user interface.

****************************************************************************
C. Technical Support

If you have any content-related or technical questions about the product,
please contact ALWIL Software a.s. directly.
 You can contact the publisher at the Website http://forum.avast dot com for
technical support.

****************************************************************************
D. Customer service

Questions about your order, payment, or delivery?

Answers to the most frequently asked questions / Contact:
http://ccc.shareit dot com/ccc/?languageid=1&pid=196317285

Your order data:
https://ccc.shareit dot com/ccc/my_account.html?languageid=1&pid=#########



General terms and conditions of business:
http://www.shareit dot com/termsconditions.html?p=1963172858890fd3f476c77

Sincerely,
Your share-it! team
_____________________________________________________________________

share-it! - a service of digital river - www.shareit dot com
Digital River GmbH
Vogelsanger Str. 78, D-50823 Cologne, Germany
CEO: John Strosahl
Corporate Headquarters: Cologne / HRB 56188 / Cologne Local Court
_____________________________________________________________________

[1cards]

And this is a copy of the charge going to my credit card for Avast.

****************************************************************************
share-it! Order number: #########
****************************************************************************
This e-mail was generated by a mail handling system. Please do not reply
to the address listed in the "From" field.
Please read the CUSTOMER SERVICE section for answers to your questions.
****************************************************************************

Dear Customer,

This e-mail is not a new bill; it is meant to help you to identify the
charge that will appear on your credit card statement shortly.

On 31-MAR-2008 you purchased the following product by ALWIL Software a.s.
from share-it! and paid by credit card:
avast! 4 Professional Edition, 3 years

The order stored in our system under order no. ######### was paid with your
American Express card. The total amount of the order is USD   444.16.

Please note that "DRI*www.avast.com", rather than the name of the
publisher, ALWIL Software a.s., will appear on your card statement.

****************************************************************************
CUSTOMER SERVICE

Questions about your order, payment, or delivery?

Answers to the most frequently asked questions / Contact:
http://ccc.shareit dot com/ccc/?languageid=1&pid=196317285

Your order data:
https://ccc.shareit dot com/ccc/my_account.html?languageid=1&pid=196317285

****************************************************************************



General terms and conditions of business:
http://www.shareit dot com/termsconditions.html?p=1963172858890fd3f476c77

Sincerely,
Your share-it! team
_____________________________________________________________________

share-it! - a service of digital river - www.shareit dotcom
Digital River GmbH
Vogelsanger Str. 78, D-50823 Cologne, Germany
CEO: John Strosahl
Corporate Headquarters: Cologne / HRB 56188 / Cologne Local Court
_____________________________________________________________________

[micky77]

Ok, I'm VERY sorry, for the misunderstanding. You had a lot of cracks on board.That you cannot deny.
However, your log, there are some unusual entries, does Pmc-server-2005\d\Avimark\avimark.exe mean  anything to you ?
Also O4 - HKLM\..\Run: [auditadmin] C:\windows\temp\auditadmin.cmd, I do not think this is bad. Can you find auditadmin.cmd, at all, if so, send it and avimark.exe to virustotal, and post the results.

http://www.virustotal.com/

Once again, i apologise, for accusing you of any wrong doing.

[1cards]

Apology ACCEPTED. And thanks for helping me work through this!

avimark.exe is our practice management software for a veterinary clinic. It is the main program our whole staff uses everyday.

I am not sure about auditadmin. I cannot find it. Avimark does audit all changes to peoples' accounts and medical records

That list of cracks, I still do not understand. Most of the software listed in the log is not on this computer. Much of it was for free programs and for Avast. I still think that those files may have been from from the spam bot. But all staff in the clinic has access to this computer, so anything is possible.

[YoKenny]

I see C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe which is a vulnerable level of Sun Java.

Go to Add/Remove Programs and un-install all Sun Java installs.

Download and install the latest Sun Java Runtime Environment:
http://filehippo.com/download_java_runtime

Run Secunia Online Software Inspector to see what other applications have vulnerabilities:
http://secunia.com/vulnerability_scanning/online

[micky77]

Well MBAM, seems to have removed the main culprit sndmixer32.exe .
What I would do  is run HijackThis again.This time,choose scan only. Put ticks next to the following entries

R3 - URLSearchHook: (no name) - - (no file)

O4 - HKLM\..\Run: [auditadmin] C:\windows\temp\auditadmin.cmd

Close all other programs, and choose fix selected

Also, run MBAM again,(quick scan) to make sure the scan are coming clean

Also download SuperAntispyware, install,update,and run a quick scan, and post any findings.

It's up to you if you want to go the extra mile, but I recommend, from a clean pc, download Avira rescue program. Double click on the file,insert blank cd,and the program will be burnt to disc.Insert the cd into the pc that was infected, and reboot

Follow the instructions in the link,especially choosing 'English'

http://forum.avira.com/wbb/index.php?page=Thread&postID=730130#post730130

This program works without booting windows, and is very good at finding nasties.If it finds anything,it will rename the extension eg  bad.exe to bad.xxx. Please report any findings before renaming.

If Avast has stopped alerting you,you may not want to run the disc. Once again sorry for the misunderstanding  

Regarding those cracks, these are programs that unlock paid programs for free. They are notorious
for containing the very worst of viruses, when executed.So if someone is using your pc to download these, I would be quite concerned.