Hi.

I turned off my firewall for 2 hours today and when I put it back I noticed I was leaking bandwidth on my upload streaming.So I scanned and found I had a backdoor.vanbot,but then removed it after a while (Or at least it seemed so) Ad-aware doesn't find anything now except after each restart there is a few new registery key entries that keep coming back,so evidently there is still something somewhere.Cureit doesn't find anything either and looking at my processors nothing seems dodgy.But I am still using 5-10 kb/s uploading when doing nothing.So something is obviously still there.. Having a 3 gig internet cap,this is quite bad.Here is my hijackthis log,PLEASE any help will be greatly appreciated.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\hjg\PASTARTER.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bryn\Desktop\VundoFix.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\hjg\PASTARTER.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: 3 Piggs Poker - {4835CF45-71B5-4c6c-BBE0-350DCD75D237} - C:\Microgaming\Poker\3piggspokerMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{181BB478-F8D8-4848-9527-00C5348EF528}: NameServer = 196.43.50.190 196.43.53.190
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

You have no resident antivirus software? Do the following:

If you think your computer has been compromised by malware then please follow these instructions for proper cleanup.

1. Disable System Restore then reboot your pc, this will delete all old restore points.

2. Download and run CrapCleaner (http://www.ccleaner.com/), this will clean out all of your temporary and junk files.

3. Do a free online virus scan from BitDefender (http://www.bitdefender.com/scan8/ie.html) and remove all that it finds.

4. Download, update and do a full system scan with SpyBot Search & Destroy 1.5.1 (http://www.safer-networking.org/en/download/index.html) and remove all that it finds.

5. Download, update and do a full system scan with Ad-Aware 2007 (http://www.majorgeeks.com/Ad-Aware_2007_d506.html) and remove all that it finds.

6. Download, update and do a full system scan with SUPERAntiSpyware (http://www.superantispyware.com/) and remove all that it finds.

7. Download, update and do a full system scan with AVG Anti-Spyware (http://www.ewido.net/en/download) and remove all that it finds.

8. Download and run AutoRuns (http://www.microsoft.com/technet/sysinternals/utilities/Autoruns.mspx) and see if there is anything suspicious. You have to know what you are looking for but it is an invaluable tool, it is kind of like HijackThis on steriods.

9. Download, update and do a full system scan with Windows Defender (http://www.microsoft.com/downloads/details.aspx?familyid=435BFCE7-DA2B-4A6A-AFA4-F7F14E605A0D&displaylang=en) and remove all that it finds.

10. Download the free 15-day trial of CounterSpy (http://www.majorgeeks.com/CounterSpy_d4520.html) and do a full system scan, you can remove this after you use it if you like.

11. Download and do a scan with HijackThis 2.0.0 (http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download) and post the results here in the forums so I can assist you.

12. Download and update SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) to help stay malware free.

13. Use ZonedOut (http://www.funkytoad.com/content/view/15/33/) to help prevent future infections.

14. If you are not already using Kaspersky Anti-Virus, BitDefender Anti-Virus or NOD32 Anti-Virus then uninstall your current anti-virus program (Norton, McAfee, TrendMicro etc.) and install then update and scan with the free 30 day trial of Kaspersky Anti-Virus 7 (http://usa.kaspersky.com/downloads/KAV-product-update.php) or if you prefer to stick with a free antivirus program I would recommend AntiVir Personal Edition (http://majorgeeks.com/download955.html).

15. Do ALL of the latest Windows Updates to ensure your OS is patched properly.

:) :cool:

Seems to be working fine again now :) Thanks for your help!