Had a machine hit my bench late this afternoon.. (hit hard and bounced into my seat )

Fired up had a look at the running processes.. found a **** load that looked out of place, some familure.. CWS, new.net

spotted one new name Snapper.exe

so restarted in safemode and did a quick HJT scan.. as it neared completion it crashed.. windows detected a problem and poped the We will close it window over top of the scan log..

restarted and tried again. same story..

spotted some thing that was definatly out of place..

I think it was in the System.ini
shell=explorer.exe; mcafee32.exe and
userint=userint.exe;userint32.exe

it was a bit hard to catch as the warning box landed right over the area I was reading.. and I couldnt do a bloody thing with HJT ..

So restarted with BartPE. and tried HJT.. the scan would run and close before you could read anything from the log..

Did a Adaware scan under BartPE..
last count had 600 items when I came back it was at the start?
did another scan.. stoped it at 450 or so items
had dyFuCa, Ist, CWS, new dot net.... forgotten the rest ..

at this point My office closed for the day.. .. quickly saved the log from adaware to the HDD.. but didnt save to my Jump-drive.

.........

I was not suprised when HJT failed in safe mode.. but I am puzzeled with it crashing under BartPE.. Has anyone seen this Issue before..
my version of HJT is 1.99.1

the machine is a 12mth old Compaq, WinXP Home..
the owners son has managed to infect the system badley enough require MOBO reset and Clean install (partition, format then recovery CD's..
The customers AV is Norton 2005.. (I point this out due to the mention of Mcafee in the system INI)

My first action will be to scavange out as many of the suspect files as possable under bart before I start any other cleanups.. (the adaware scann was set to move to recycle Bin)
then rename the mcafee32.exe file and edit the system.ini certainly checking the other entry mentioned above..

so why the failure of HJT during the scan under Bart? thoughts?

normaly Smartkiller dosent worry hjt in a BartPE scan.. while it is in my mind .. I have discounted it as most likley