Hi All,
I'm new to this forum but a Spybot user of many years. I've been having probs for about a week & scanned with Ad-Aware & AVG Anti-Spyware before Spybot picked up Virtumonde. From reading the posts it seems to be a very prevalent & nasty little bug! It's causing my pc great troubles - it's almost unusable at times with freezes, slowdowns, crashes & popups appearing/unknown programmes starting.
I've followed the instructions in "Before you Post" so here below are my HJT & Kaspersky logs. Yes, I know I'm badly infected - I read the logs myself & can understand a lot of it, I just don't know the solution! I hope you can help.

Thanks in Advance,

Glenrock

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 23, 2008 4:35:23 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/04/2008
Kaspersky Anti-Virus database records: 720942
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 85772
Number of viruses found: 10
Number of infected objects: 25
Number of suspicious objects: 0
Duration of the scan process: 08:12:46

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00419c89486b7c9d8a59873dbb87c6c8_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00ac38423b1d75ee9019840598e0a7fb_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00e96cbd7f4d931daf4618e085b4006b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\02b488318f12720576021e589006302d_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\02e1b9e7b22631409488aff06aa77526_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04a68604ac7be5e6be939ba57e91b0b6_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0668f1c67bb99db0398086c74ac7d7af_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07b42acf76f774e974f05bd6ff1eaafd_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e9e8770b3ca85d59b47d31131f1610_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08f2947e416f5bca5f5a711301483737_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\092f0f3eb33d4703f50ef8890d637394_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0bad9e505abd08378fe4190436bc4133_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0cebe6db08fc06ae000d12f72c2bc19d_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d790d76bc8bcc08e88bbf224390cb02_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f09aad038df69b78cf60e1518d47622_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\10c5fa201a6cf8f0c784584b35fb5528_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\125de213ed4a30341c04a6e3715732ce_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\141516d81cc85a6e745339b2b6960b2f_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1476887f693648c1b3262f959a688a0e_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15bbe6f922a838d47c36e1e77ad65b51_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\165c19fc7a06e5b14633541887c7f524_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a419349290ef37acc84bf44b996d7a1_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b69ad65bf71438441fab461042f204a_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\21a0f18de9b2f07874a9be082bdc1c53_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2aacd466c22c8a705e9e541ef65e7179_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3228b76fe87b620dac3714e6c21e1a05_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\32662cf42de2fc415fe7dc86ee83f2af_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\32914a91de25cccf3d2500a1453268bb_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3321ff2b85221eb3c841d80cd7513e5c_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35db513d59d6bfb9048daf0b12dc12a9_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c8e3bedffbf42772b654ecb7b0e2492_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40243cd511b1a5eca30204f68d0cea2a_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\43e824aff68d40d08e6b3dacd8c36ff0_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47bcae8d354b5c48b6f93653c5c1ec00_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a1ed74f0398cad242c9b2ccff6ccb5d_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5392b9b278e7a0146f234bb67851ab43_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\54b5d4089004614b4bc3e3b94772c87e_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\54dffa665132ee66acf02ea90fd5bfbe_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5687d013a32269887e7206bb5715ed27_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\59009c3799a92e83866e3923aceee197_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\594c12f86e7e9fd5d208ddcfab1a179b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b05b863dcf4c438d0bd9e5d55499d6e_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5d70dfa456c482128b8b30cb1fef6f8d_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5df2783154d9f95432b4f2fa9f201f59_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\654a3735cd4c3dc119356f49f0ad7472_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\68fb9f0e10bc4e2ce5a5cb8a7acbf22a_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d4ae076e136afc369d00fa0c5af8b4e_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f54486fad6897ddc29897e6c99e3b6b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7304a9796286008216f397cc2d7aea50_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\742bd9fec2b176f04a2c74bc0dbbcdef_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76ced23dc657345f6f409bfc9c144ec0_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77f30f69c4a9d8c4a5ef2ef6109422b0_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b5164534bbc449cfc345921eb0d4a71_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c4fd8de5d6c2c11dbc899dcdfb8c008_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cac843026c1140c36b4d79ea17281bd_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e3f5c1ad1bf22637919cf04584e8eb1_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ec023209dce00b8e4e93ac9572ce543_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ff6760423a649ab5e27a309749ef4c1_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\814de7e1dfee5587ef14738917061c88_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8169ea443cfbb5b89e7500051da94ccd_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\82a1a3530630b05cca1104707f9532a6_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\82abac820b76917dcd74a376cd570916_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\846d38fe10e79060a63082f8357272b3_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84d551c1fa797ce8087e7324c4ace1da_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\885652eedc9b5ef92a385fb5eb30624b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\89e36fc6e1f205a54dc828420b47c804_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b31f12cb83c15ee85fa70ac8c3ef38a_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8bd49ee0a5ba152f998f78bcbc58ffe1_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\91f57f4b958ad8c4a51885db5795710f_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94416750753b5ef32b2c7026afe09879_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\962df314163455d20dc1f6d16630ab43_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\966603e172aba9300a788ed6aaebe9e1_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9687820a27b17bd19896386e98235007_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9713164f470f2fac0f58301ceae07806_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\984b9d6123e70dcd892e69e82d1ce020_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e7611393c4f65e350bc877f59f0c229_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f419a24b657a29ddf265df10fdd3150_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a18474bae9aea0a512a8a5f3d659b248_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a27f102e543525dbe929abf24fe3bebc_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a3cedee4a21ea217aa71791f8fc97b84_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a806033b5b3b97ea0891c812bb77a20f_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8a8cfe83ae1c7c9dc649c378abdb8ff_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\afbb09cc1402eb432067cd910fffbece_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b278b6fbe29b4c0670e5660e3eb31270_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2a5102bf1b62bb5c204cf50857343be_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2bfa0eb1f12921b42b4a94bfc295260_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b32943c362cedc107abb4af82f6677bb_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3b8b769b2792be1ea845cef6bea8596_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b5c6ecc782386686a0e6098a6fbe7d13_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b6864116cbb1ff0b0b042d94c376fdeb_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b6f8998ab083787b8658002208e4ccd6_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba1b4d7622e1e22527a39db8f654a63f_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba270b2401880bfa3efcac9e2b802b36_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba5469818622f574b4e302aca47b1f77_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba63ac6dce3bc654892d64a916db58d2_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb158df7234f4492e6dca626f10af83b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb548a74191971141b8b56380ee7473b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcdf282447c7fc4cb9793097ca599f3b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c137428f26bc26597c3cbafb285df33d_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3c946b60abfbe6e3fb065b95dcebfaa_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4d8bcc8fbad0bbe09ccfe88afe64c01_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4e5ded4c4eabd8c8ef217227112161e_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6347205e225f9e2fe1c4a49f8d46e8f_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8de5653f566cd4b07edf5273a0c5e2f_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9c3fa4a301189dfdd3f5be028b74a83_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca83561a98828a151ab91c6325cbcdd0_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc9605729ec872ef01db8904f62aecac_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ceee93efd4b3f9ccc94d2a083c708c2e_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d071620ae25be7fdad1af891b25ab5c3_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d0b3b27843fa8f92ed82bbe0a694795b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d10eea2fdfe6486848193221071bd94d_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d17abad28a1785d2b252903a4262b8ba_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d26075b2df02994d23420e5a306cf19b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d268302cdd20808e4acae6afa3e65085_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d2a6fa5c2bf20abf4944755054cb3439_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d419a38e66ee592313545f403be420dc_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d750be7b92cf0e7057597e284bd6777a_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9290d31af9ed0799f6ce618ca50a86c_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\da538fc289ef95c3fa9ed0f53b744f71_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dad7c49c2987fa548ac485fa3c4523c3_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\db0abc1b5a1c6bb2d2515b1f633a58e6_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc10391ed11a1b655279cc48362afac0_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dfece428e63426464caee73846548c74_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e15a6b56143d7bd226f8cd81e3c6d375_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e188026330ca09df14b05596c0ee0e57_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e1c4d1690a2633f6ca6a083ea61bf1d1_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e1e055f18426e3c250214a4143c4a6a1_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e24ea85718890f989769d43c88981a60_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e27de11a267fe839549a406199c9f857_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4f80a37c2b49cd1b63395c15941d8d2_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea72d2fbbfdd8eeaab6816d461a3a0c6_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\edcdb85e76164ac54c17eedd52209901_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee3f7bf8ef6102245c80ab33a40a5bd0_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee72d58899a2c2aa50990ee8906945da_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eec730c2af313be8eb3f7f22c5cb0dab_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef0a5d2a8f75cbcf6b60fe899f2c190a_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2459da0cd136d758e98cd7bc7306537_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f4a3f11c6be7d558b3d9b21658b0d529_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f50df371d6fc8c7cf0650b7bc7ce7e84_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8a237eb32c1ad95704e6292afd92e47_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa682c7001ab2ab71b1426ac6e3e6bb9_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb6412b8eacf422d33aeabdb432352f7_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1212372c7d287dc7768f4e9f3afa11_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd3c743757a8ee6a15fd7ca92206cfe6_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe096ad2922ddadd028ad0c1d513862f_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe0eb24452dc1efa99b29daf628634bc_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe440ebda1c4c360a261f33addbf2b39_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff692765a8178eaf0e1c07c8fe5c7259_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar1.zip/MYBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWay.c skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar2.zip/MY2NS.EXE Infected: not-a-virus:AdWare.Win32.MyWay.b skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar3.zip/NPMYWAY.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip/iowvdgbm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmw skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip/jypghafy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmx skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip/pussbplu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.plw skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip/trnjifnx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.plw skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Ken\Application Data\Ideazon\ZEngine\data\mods\IDeazon.ldb Object is locked skipped
C:\Documents and Settings\Ken\Application Data\Ideazon\ZEngine\data\mods\IDeazon.zbd Object is locked skipped
C:\Documents and Settings\Ken\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Mozilla\Firefox\Profiles\ml3l79vd.default\Cache\72E1C256d01 Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\Documents and Settings\Ken\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\History\History.IE5\MSHist012008042320080424\index.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\TEMP\jamwfngh.dll Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\TEMP\JET7B27.tmp Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\TEMP\urcmvqmp.dll Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\TEMP\ylhppyfw.dll Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Temporary Internet Files\Content.IE5\L9YYXUCJ\c_uz[1] Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Ken\Local Settings\Temporary Internet Files\Content.IE5\L9YYXUCJ\promo2[1].swf Object is locked skipped
C:\Documents and Settings\Ken\My Documents\Temp\TempOld\divx501bundle.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Documents and Settings\Ken\My Documents\Temp\TempOld\divx501bundle.exe Vise: infected - 1 skipped
C:\Documents and Settings\Ken\ntuser.dat Object is locked skipped
C:\Documents and Settings\Ken\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4ECB1306-D3D6-4831-A410-B4646D4F2245}\RP83\A0046166.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{4ECB1306-D3D6-4831-A410-B4646D4F2245}\RP83\A0046184.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmw skipped
C:\System Volume Information\_restore{4ECB1306-D3D6-4831-A410-B4646D4F2245}\RP83\A0046185.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmx skipped
C:\System Volume Information\_restore{4ECB1306-D3D6-4831-A410-B4646D4F2245}\RP83\A0046186.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.plw skipped
C:\System Volume Information\_restore{4ECB1306-D3D6-4831-A410-B4646D4F2245}\RP83\A0046187.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.plw skipped
C:\System Volume Information\_restore{4ECB1306-D3D6-4831-A410-B4646D4F2245}\RP83\A0046303.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{4ECB1306-D3D6-4831-A410-B4646D4F2245}\RP86\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ddcATnLe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pij skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_3a8.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_770.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_80.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_ec.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

--------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:40 PM, on 23/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Utilities\Diskeeper\DkService.exe
C:\NVIDIA\NVIDIA Corporation\nTune\nTuneService.exe
C:\Ideazon\ZEngine\Zboard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Utilities\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Utilities\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcuser.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zboard] C:\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Utilities\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\system32\lexpps.exe
O4 - HKLM\..\Run: [BMd70632d5] Rundll32.exe "C:\WINDOWS\system32\xuuvpeat.dll",s
O4 - HKLM\..\Run: [d4350149] rundll32.exe "C:\WINDOWS\system32\jbrlcvng.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA4644] command /c del "C:\WINDOWS\system32\pmnkJdaY.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC11] cmd /c del "C:\WINDOWS\system32\pmnkJdaY.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4765] command /c del "C:\WINDOWS\system32\pmnkJdaY.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9261] cmd /c del "C:\WINDOWS\system32\pmnkJdaY.dll_old"
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Utilities\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Reaper Gaming Mouse] C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\NVIDIA\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD2748] cmd /c del "C:\WINDOWS\system32\pmnkJdaY.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8726] command /c del "C:\WINDOWS\system32\pmnkJdaY.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6530] cmd /c del "C:\WINDOWS\system32\pmnkJdaY.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: LG SyncManager.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137489849000
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Utilities\Diskeeper\DkService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\NVIDIA\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 10715 bytes

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You are infected, I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
This can be a tough infection to remove so do not expect fast or easy. Follow the instructions in the posted order.

1) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ <<< delete the contents of the folder in red
http://ict.cas.psu.edu/training/howto/util/removespybot.htm#1

2) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)

3) AVG Anti-Spyware: Deactivate the Resident Shield

- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.
(leave it disabled until we are finished)

4) C:\Program Files\Utilities\HijackThis\HijackThis.exe <<< rename HJT.exe, call it Glenrock.exe that will work, after a restart we may see more of the infection.

5) Remove any old copies of combofix before you proceed.

Thanks to sUBs and anyone else who helped with this fix.

It is important that it is saved directly to your Desktop

Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the combofix log and a new HJT log.

Tutorial if needed:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Thanks

Hi Again,
Firstly, thanks for the quick reply - it's much appreciated!
I followed your instructions to the letter, with the exception of the AVG anti-spyware as the free version has no resident scanner available in any case.

1.Deleted the contents of Spybot S&D\Recovery folder

2.Disabled Tea timer & rebooted

3.As noted

4.Renamed HijackThis.exe as Glenrock.exe (in app. folder)

5.Had no earlier copies of Combofix so downloaded via link to desktop & ran.

Had problems with Combofix initially - it would run for about 10 seconds then the pc would shut down as if the plug had been pulled & restart. Suffered through this 3 or 4 times before I had the bright idea of disconnecting from the net & shutting down the entire contents of my system tray (Firewall, AV, uninstall & other utilities, etc) after which it worked perfectly. The resulting log from both Combofix & a rerun of HJT are as follows:

--------------------------------------------------------------------------
_
ComboFix 08-04-22.5 - Ken 2008-04-24 17:29:22.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.436 [GMT 10:00]
Running from: C:\Documents and Settings\Ken\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MyWay
C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER.DAT
C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER2.DAT
C:\Program Files\MyWay\SrchAstt\Cache\00030224
C:\Program Files\MyWay\SrchAstt\Cache\files.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\ddcATnLe.dll
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\gnvclrbj.ini
C:\WINDOWS\system32\ilVEMUtv.ini
C:\WINDOWS\system32\ilVEMUtv.ini2
C:\WINDOWS\system32\iOXIRqru.ini
C:\WINDOWS\system32\iOXIRqru.ini2
C:\WINDOWS\system32\jbrlcvng.dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\urqRIXOi.dll
C:\WINDOWS\system32\xuuvpeat.dll
C:\WINDOWS\system32\YadJknmp.ini
C:\WINDOWS\system32\YadJknmp.ini2

.
((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-24 17:05 . 2008-04-24 17:05 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-22 22:26 . 2008-04-22 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-22 22:25 . 2008-04-22 22:25 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-22 20:32 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-04-22 20:32 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-04-22 20:32 . 2004-08-04 00:56 201,728 --a--c--- C:\WINDOWS\system32\dllcache\ati2dvag.dll
2008-04-22 20:32 . 2004-08-04 00:56 201,728 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-04-22 17:57 . 2008-04-22 17:57 <DIR> d-------- C:\VundoFix Backups
2008-04-22 17:05 . 2008-04-22 20:35 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-21 22:39 . 2008-04-21 22:41 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-21 21:08 . 2008-04-23 17:17 269 --a------ C:\WINDOWS\wininit.ini
2008-04-21 19:41 . 2008-04-21 19:41 56 --a------ C:\1.bat
2008-04-21 18:31 . 2008-03-01 23:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-21 18:31 . 2007-07-01 13:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-21 18:31 . 2007-07-01 13:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-21 18:31 . 2008-03-01 23:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-21 18:31 . 2008-03-01 23:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-21 18:31 . 2008-03-01 23:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-21 18:31 . 2008-03-01 23:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-21 18:31 . 2008-03-01 23:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-21 18:31 . 2008-02-22 20:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-21 11:42 . 2008-04-21 11:42 294 --ahs---- C:\WINDOWS\system32\mbgdvwoi.ini
2008-04-20 11:02 . 2008-04-20 11:02 294 --ahs---- C:\WINDOWS\system32\xnfijnrt.ini
2008-04-20 10:56 . 2008-04-24 17:27 109,669 --a------ C:\WINDOWS\BMd70632d5.xml
2008-04-12 23:10 . 2008-04-12 23:10 <DIR> d-------- C:\27e521d9a11e13aef0dcf4c4eb41ae97
2008-04-06 19:20 . 2008-04-24 17:44 1,024 --ah----- C:\Documents and Settings\Kyle\ntuser.dat.LOG
2008-04-06 19:20 . 2008-04-24 16:48 1,024 --ah----- C:\Documents and Settings\All Users\ntuser.dat.LOG
2008-04-06 19:20 . 2008-04-24 17:44 1,024 --ah----- C:\Documents and Settings\Alex\ntuser.dat.LOG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 07:32 --------- d-----w C:\Program Files\Utilities
2008-04-22 10:40 --------- d-----w C:\Documents and Settings\Ken\Application Data\Ventrilo
2008-04-22 10:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 12:02 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-20 12:02 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-20 03:42 --------- d-----w C:\Documents and Settings\Ken\Application Data\SlimBrowser
2008-04-19 02:10 --------- d-----w C:\Documents and Settings\Ken\Application Data\Ideazon
2008-04-19 02:00 --------- d-----w C:\Program Files\Creative
2008-04-09 01:15 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-04-06 08:29 --------- d-----w C:\Program Files\LimeWire
2008-04-05 23:51 --------- d-----w C:\Program Files\Avast4
2008-04-03 06:11 --------- d-----w C:\Program Files\OpenOffice.org1.1.4
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-03 19:54 --------- d-----w C:\Program Files\iPod
2008-03-03 19:32 --------- d-----w C:\Program Files\QuickTime
2008-03-02 06:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-02 06:32 --------- d-----w C:\Program Files\Lavasoft
2008-03-02 06:32 --------- d-----w C:\Documents and Settings\Ken\Application Data\Lavasoft
2008-03-02 06:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-01 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-01 11:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-01 10:39 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2006-10-21 08:14 31 ----a-w C:\Documents and Settings\Ken\getfile.dat
2006-08-21 07:52 14 ----a-w C:\Documents and Settings\Kyle\getfile.dat
2006-06-20 02:27 31 ----a-w C:\Documents and Settings\Alex\getfile.dat
2005-11-26 05:38 590 ----a-w C:\Program Files\Total Contact Management.LNK
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40235E44-FF37-47A6-804F-3B4CB7E5ED14}]
C:\WINDOWS\system32\vtUMEVli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A94E7A2-3CC0-44A7-8657-CCEB78943C96}]
C:\WINDOWS\system32\pmnkJdaY.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UIWatcher"="C:\Program Files\Utilities\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe" [2005-02-04 22:36 747520]
"Reaper Gaming Mouse"="C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe" [2006-09-27 09:44 1347584]
"NVIDIA nTune"="C:\NVIDIA\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 18:25 81920]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zboard"="C:\Ideazon\ZEngine\Zboard.exe" [2007-09-24 15:57 57344]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-20 00:43 57344]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-05-14 01:11 1397760]
"DiskeeperSystray"="C:\Program Files\Utilities\Diskeeper\DkIcon.exe" [2005-07-26 17:52 184408]
"Ashampoo FireWall PRO"="C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" [2006-12-21 02:10 3543552]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 00:41 8523776]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-05 12:07 180269]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 22:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
LG SyncManager.lnk - C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2004-11-01 09:33:00 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"vidc.ffds"= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BOINC Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BOINC Manager.lnk
backup=C:\WINDOWS\pss\BOINC Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-06 07:57 1103480 C:\Program Files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 02:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-04-26 13:22 589824 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-10-10 17:59 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-05 12:07 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"BDNewsAgent"="c:\program files\softwin\bitdefender8\bdnagent.exe"
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Games\\MOHAA\\MOHAA.exe"=
"C:\\Games\\Halo\\halo.exe"=
"C:\\Games\\Return to Castle Wolfenstein - Game of The Year Edition\\WolfMP.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Games\\Starship Troopers\\Starship Troopers\\STGame.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Games\\Operation Flashpoint\\OperationFlashpoint.exe"=
"C:\\Games\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\Audio Tools\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-08-27 18:18]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-30 04:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-30 04:35]
R3 Alpham1;Ideazon Merc USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 09:56]
R3 Alpham2;Ideazon Merc MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 11:49]
R3 DrvFltIp;DrvFltIp;C:\Documents and Settings\Ken\Local Settings\TEMP\DrvFltIp [2006-12-21 02:34]
S3 EL910;3Com 3CSOHO100B-TX PCI;C:\WINDOWS\system32\DRIVERS\EL910N51.sys [2002-05-29 16:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 12:42:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 17:46:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASFWHide]
"ImagePath"="\??\C:\Documents and Settings\Ken\Local Settings\TEMP\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DrvFltIp]
"ImagePath"="\??\C:\Documents and Settings\Ken\Local Settings\TEMP\DrvFltIp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Utilities\Diskeeper\DkService.exe
C:\NVIDIA\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-24 17:55:24 - machine was rebooted [Ken]
ComboFix-quarantined-files.txt 2008-04-24 07:55:17

Pre-Run: 45,791,637,504 bytes free
Post-Run: 45,971,238,912 bytes free

235 --- E O F --- 2008-04-22 06:52:07

--------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:01:46 PM, on 24/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Utilities\Diskeeper\DkService.exe
C:\NVIDIA\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Utilities\HijackThis\Glenrock.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcuser.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {40235E44-FF37-47A6-804F-3B4CB7E5ED14} - C:\WINDOWS\system32\vtUMEVli.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9A94E7A2-3CC0-44A7-8657-CCEB78943C96} - C:\WINDOWS\system32\pmnkJdaY.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zboard] C:\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Utilities\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Utilities\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
O4 - HKCU\..\Run: [Reaper Gaming Mouse] C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\NVIDIA\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: LG SyncManager.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137489849000
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Utilities\Diskeeper\DkService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\NVIDIA\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 9775 bytes
--------------------------------------------------------------------------
Again, thanks for your quick response & help so far - you blokes are truly life savers & not to be underrated!

Regards,

Glenrock

G'Day, thanks for returning your information, proceed carefully and in the numbered order like this:

1) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

(I requested this be deactivated and it is running in the latest HJT log?? )
2) AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.

3) Open notepad and copy/paste the text in the codebox below into it:


File::
C:\WINDOWS\system32\mbgdvwoi.ini
C:\WINDOWS\system32\xnfijnrt.ini

Folder::
C:\VundoFix Backups

Save this as CFScript

http://i24.photobucket.com/albums/c30/ken545/CFScript.gif

Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {40235E44-FF37-47A6-804F-3B4CB7E5ED14} - C:\WINDOWS\system32\vtUMEVli.dll (file missing)
O2 - BHO: (no name) - {9A94E7A2-3CC0-44A7-8657-CCEB78943C96} - C:\WINDOWS\system32\pmnkJdaY.dll (file missing)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

5) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart and post the combofix report and a new HJT log, let me know how the computer is running now.

Cheers

See this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.5.0_06\ <<< update your Java program!!!

Hi Again pskelley,

Wow, an even quicker response! Very impressive! What, are you sitting on your pc??
I have to start by saying I have no explanation as to why AVG Anti-Spyware's shield was running?! As before I started the programme to deactivate it only to be told in 3 different places that it was not available in my version & was not running?? In disgust I uninstalled the programme so that got rid of it in the end - I can always install it again later.
Otherwise, again instructions were followed to the letter:

1.ATF Cleaner downloaded.

2.AVG Anti-Spyware UNINSTALLED!

3.Text pasted, saved & moved to Combofix, run & re-booted. (Didn't need to, did it anyway).

4.Ran HJT & checked/fixed listed items.

5.Ran ATF Cleaner & rebooted.

Pc seems to be running better but still a little slow to start up. Browsers & other programmes, however, are noticeably faster to start, load & use & so far no annoying pop-ups, freezes, crashes & unwanted programme starts. An improvement was in fact evident after the first successful run of Combofix.
The Combofix & HJT logs you requested follow:

ComboFix 08-04-22.5 - Ken 2008-04-24 20:15:13.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.423 [GMT 10:00]
Running from: C:\Documents and Settings\Ken\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ken\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\mbgdvwoi.ini
C:\WINDOWS\system32\xnfijnrt.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\WINDOWS\system32\mbgdvwoi.ini
C:\WINDOWS\system32\xnfijnrt.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-24 17:05 . 2008-04-24 17:05 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-22 22:26 . 2008-04-22 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-22 22:25 . 2008-04-22 22:25 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-22 20:32 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-04-22 20:32 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-04-22 20:32 . 2004-08-04 00:56 201,728 --a--c--- C:\WINDOWS\system32\dllcache\ati2dvag.dll
2008-04-22 20:32 . 2004-08-04 00:56 201,728 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-04-22 17:05 . 2008-04-22 20:35 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-21 22:39 . 2008-04-21 22:41 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-21 21:08 . 2008-04-23 17:17 269 --a------ C:\WINDOWS\wininit.ini
2008-04-21 19:41 . 2008-04-21 19:41 56 --a------ C:\1.bat
2008-04-21 18:31 . 2008-03-01 23:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-21 18:31 . 2007-07-01 13:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-21 18:31 . 2007-07-01 13:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-21 18:31 . 2008-03-01 23:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-21 18:31 . 2008-03-01 23:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-21 18:31 . 2008-03-01 23:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-21 18:31 . 2008-03-01 23:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-21 18:31 . 2008-03-01 23:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-21 18:31 . 2008-02-22 20:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 10:56 . 2008-04-24 17:27 109,669 --a------ C:\WINDOWS\BMd70632d5.xml
2008-04-12 23:10 . 2008-04-12 23:10 <DIR> d-------- C:\27e521d9a11e13aef0dcf4c4eb41ae97
2008-04-06 19:20 . 2008-04-24 19:39 1,024 --ah----- C:\Documents and Settings\Kyle\ntuser.dat.LOG
2008-04-06 19:20 . 2008-04-24 16:48 1,024 --ah----- C:\Documents and Settings\All Users\ntuser.dat.LOG
2008-04-06 19:20 . 2008-04-24 19:39 1,024 --ah----- C:\Documents and Settings\Alex\ntuser.dat.LOG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 07:32 --------- d-----w C:\Program Files\Utilities
2008-04-22 10:40 --------- d-----w C:\Documents and Settings\Ken\Application Data\Ventrilo
2008-04-22 10:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 12:02 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-20 12:02 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-20 03:42 --------- d-----w C:\Documents and Settings\Ken\Application Data\SlimBrowser
2008-04-19 02:10 --------- d-----w C:\Documents and Settings\Ken\Application Data\Ideazon
2008-04-19 02:00 --------- d-----w C:\Program Files\Creative
2008-04-09 01:15 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-04-06 08:29 --------- d-----w C:\Program Files\LimeWire
2008-04-05 23:51 --------- d-----w C:\Program Files\Avast4
2008-04-03 06:11 --------- d-----w C:\Program Files\OpenOffice.org1.1.4
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-03 19:54 --------- d-----w C:\Program Files\iPod
2008-03-03 19:32 --------- d-----w C:\Program Files\QuickTime
2008-03-02 06:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-02 06:32 --------- d-----w C:\Program Files\Lavasoft
2008-03-02 06:32 --------- d-----w C:\Documents and Settings\Ken\Application Data\Lavasoft
2008-03-02 06:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-01 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-01 11:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-01 10:39 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2006-10-21 08:14 31 ----a-w C:\Documents and Settings\Ken\getfile.dat
2006-08-21 07:52 14 ----a-w C:\Documents and Settings\Kyle\getfile.dat
2006-06-20 02:27 31 ----a-w C:\Documents and Settings\Alex\getfile.dat
2005-11-26 05:38 590 ----a-w C:\Program Files\Total Contact Management.LNK
.

((((((((((((((((((((((((((((( snapshot@2008-04-24_17.54.58.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-24 07:44:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-24 09:39:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-24 09:40:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_580.dat
+ 2008-04-24 09:39:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_a4.dat
+ 2008-04-24 09:41:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40235E44-FF37-47A6-804F-3B4CB7E5ED14}]
C:\WINDOWS\system32\vtUMEVli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A94E7A2-3CC0-44A7-8657-CCEB78943C96}]
C:\WINDOWS\system32\pmnkJdaY.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UIWatcher"="C:\Program Files\Utilities\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe" [2005-02-04 22:36 747520]
"Reaper Gaming Mouse"="C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe" [2006-09-27 09:44 1347584]
"NVIDIA nTune"="C:\NVIDIA\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 18:25 81920]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zboard"="C:\Ideazon\ZEngine\Zboard.exe" [2007-09-24 15:57 57344]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-20 00:43 57344]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-05-14 01:11 1397760]
"DiskeeperSystray"="C:\Program Files\Utilities\Diskeeper\DkIcon.exe" [2005-07-26 17:52 184408]
"Ashampoo FireWall PRO"="C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" [2006-12-21 02:10 3543552]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 00:41 8523776]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-05 12:07 180269]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 22:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
LG SyncManager.lnk - C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2004-11-01 09:33:00 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"vidc.ffds"= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BOINC Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BOINC Manager.lnk
backup=C:\WINDOWS\pss\BOINC Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-06 07:57 1103480 C:\Program Files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 02:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-04-26 13:22 589824 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-10-10 17:59 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-05 12:07 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"BDNewsAgent"="c:\program files\softwin\bitdefender8\bdnagent.exe"
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Games\\MOHAA\\MOHAA.exe"=
"C:\\Games\\Halo\\halo.exe"=
"C:\\Games\\Return to Castle Wolfenstein - Game of The Year Edition\\WolfMP.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Games\\Starship Troopers\\Starship Troopers\\STGame.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Games\\Operation Flashpoint\\OperationFlashpoint.exe"=
"C:\\Games\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\Audio Tools\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-08-27 18:18]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-30 04:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-30 04:35]
R3 Alpham1;Ideazon Merc USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 09:56]
R3 Alpham2;Ideazon Merc MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 11:49]
R3 DrvFltIp;DrvFltIp;C:\Documents and Settings\Ken\Local Settings\TEMP\DrvFltIp []
S3 EL910;3Com 3CSOHO100B-TX PCI;C:\WINDOWS\system32\DRIVERS\EL910N51.sys [2002-05-29 16:54]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 12:42:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 20:18:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ASFWHide]
"ImagePath"="\??\C:\Documents and Settings\Ken\Local Settings\TEMP\ASFWHide"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\DrvFltIp]
"ImagePath"="\??\C:\Documents and Settings\Ken\Local Settings\TEMP\DrvFltIp"
.
Completion time: 2008-04-24 20:20:43
ComboFix-quarantined-files.txt 2008-04-24 10:20:19

Pre-Run: 45,985,161,216 bytes free
Post-Run: 45,968,441,344 bytes free

202 --- E O F --- 2008-04-22 06:52:07

==========================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:13 PM, on 24/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Utilities\Diskeeper\DkService.exe
C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Utilities\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
C:\NVIDIA\NVIDIA Corporation\nTune\nTuneService.exe
C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Utilities\HijackThis\Glenrock.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcuser.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zboard] C:\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Utilities\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Utilities\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
O4 - HKCU\..\Run: [Reaper Gaming Mouse] C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\NVIDIA\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: LG SyncManager.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137489849000
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Utilities\Diskeeper\DkService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\NVIDIA\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 9945 bytes


As before, many thanks for the help so far, it's a huge weight off my mind!

Thanks mate,

Glenrock

G'Day, I live near Tampa on the west coast of Florida EST and I do most work a Safer Networking in the early AM. During the day I generally just respond as needed.

Pc seems to be running better but still a little slow to start up
I'll post information to help with this once we are sure the malware is gone. This is the next bridge we need to cross.

I am sure you saw this:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Review that information to understand Recovery Console. Installation is optional but if you do not have the CD's needed, as is explained, it can be installed before we remove combofix.
If you do not wish to install RC, let me know so I can continue with the cleanup.
If you install RC, post the C:\*CF-RC.txt*.

Since we do not need to scan with combofix, click NO

http://img.photobucket.com/albums/v666/sUBs/RC_whatnext.gif

http://img.photobucket.com/albums/v666/sUBs/RC_AllDone.gif

Cheers...Phil

Oops,

I have the WinXP cd, so I installed recovery console from that then discovered that the log you asked for is produced when you install by download from Microsoft then drag the file to Combofix. How do you generate the log file separately? If I click on Combofix it wants to do a complete scan, is the log from that helpful? If so, it's included below.

Thanks,

Glenrock

ComboFix 08-04-22.5 - Ken 2008-04-24 21:48:37.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.349 [GMT 10:00]
Running from: C:\Documents and Settings\Ken\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-24 17:05 . 2008-04-24 17:05 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-22 22:26 . 2008-04-22 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-22 22:25 . 2008-04-22 22:25 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-22 20:32 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-04-22 20:32 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-04-22 20:32 . 2004-08-04 00:56 201,728 --a--c--- C:\WINDOWS\system32\dllcache\ati2dvag.dll
2008-04-22 20:32 . 2004-08-04 00:56 201,728 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-04-22 17:05 . 2008-04-22 20:35 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-21 22:39 . 2008-04-21 22:41 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-21 21:08 . 2008-04-23 17:17 269 --a------ C:\WINDOWS\wininit.ini
2008-04-21 19:41 . 2008-04-21 19:41 56 --a------ C:\1.bat
2008-04-21 18:31 . 2008-03-01 23:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-21 18:31 . 2007-07-01 13:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-21 18:31 . 2007-07-01 13:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-21 18:31 . 2008-03-01 23:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-21 18:31 . 2008-03-01 23:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-21 18:31 . 2008-03-01 23:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-21 18:31 . 2008-03-01 23:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-21 18:31 . 2008-03-01 23:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-21 18:31 . 2008-02-22 20:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 10:56 . 2008-04-24 17:27 109,669 --a------ C:\WINDOWS\BMd70632d5.xml
2008-04-12 23:10 . 2008-04-12 23:10 <DIR> d-------- C:\27e521d9a11e13aef0dcf4c4eb41ae97
2008-04-06 19:20 . 2008-04-24 20:39 1,024 --ah----- C:\Documents and Settings\Kyle\ntuser.dat.LOG
2008-04-06 19:20 . 2008-04-24 16:48 1,024 --ah----- C:\Documents and Settings\All Users\ntuser.dat.LOG
2008-04-06 19:20 . 2008-04-24 20:39 1,024 --ah----- C:\Documents and Settings\Alex\ntuser.dat.LOG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 07:32 --------- d-----w C:\Program Files\Utilities
2008-04-22 10:40 --------- d-----w C:\Documents and Settings\Ken\Application Data\Ventrilo
2008-04-22 10:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 12:02 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-20 12:02 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-20 03:42 --------- d-----w C:\Documents and Settings\Ken\Application Data\SlimBrowser
2008-04-19 02:10 --------- d-----w C:\Documents and Settings\Ken\Application Data\Ideazon
2008-04-19 02:00 --------- d-----w C:\Program Files\Creative
2008-04-09 01:15 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-04-06 08:29 --------- d-----w C:\Program Files\LimeWire
2008-04-05 23:51 --------- d-----w C:\Program Files\Avast4
2008-04-03 06:11 --------- d-----w C:\Program Files\OpenOffice.org1.1.4
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-03 19:54 --------- d-----w C:\Program Files\iPod
2008-03-03 19:32 --------- d-----w C:\Program Files\QuickTime
2008-03-02 06:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-02 06:32 --------- d-----w C:\Program Files\Lavasoft
2008-03-02 06:32 --------- d-----w C:\Documents and Settings\Ken\Application Data\Lavasoft
2008-03-02 06:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-01 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-01 11:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-01 10:39 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2006-10-21 08:14 31 ----a-w C:\Documents and Settings\Ken\getfile.dat
2006-08-21 07:52 14 ----a-w C:\Documents and Settings\Kyle\getfile.dat
2006-06-20 02:27 31 ----a-w C:\Documents and Settings\Alex\getfile.dat
2005-11-26 05:38 590 ----a-w C:\Program Files\Total Contact Management.LNK
.

((((((((((((((((((((((((((((( snapshot@2008-04-24_17.54.58.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-24 07:44:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-24 10:39:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2001-11-05 20:06:28 15,399 ----a-w C:\WINDOWS\setupupd\dudrvs\1301196\NetMotCM.sys
+ 2001-07-14 07:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
+ 2008-04-24 10:40:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6b4.dat
+ 2008-04-24 10:40:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_a0.dat
+ 2008-04-24 10:41:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UIWatcher"="C:\Program Files\Utilities\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe" [2005-02-04 22:36 747520]
"Reaper Gaming Mouse"="C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe" [2006-09-27 09:44 1347584]
"NVIDIA nTune"="C:\NVIDIA\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 18:25 81920]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zboard"="C:\Ideazon\ZEngine\Zboard.exe" [2007-09-24 15:57 57344]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-20 00:43 57344]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-05-14 01:11 1397760]
"DiskeeperSystray"="C:\Program Files\Utilities\Diskeeper\DkIcon.exe" [2005-07-26 17:52 184408]
"Ashampoo FireWall PRO"="C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" [2006-12-21 02:10 3543552]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 00:41 8523776]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-05 12:07 180269]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 22:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
LG SyncManager.lnk - C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2004-11-01 09:33:00 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"vidc.ffds"= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BOINC Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BOINC Manager.lnk
backup=C:\WINDOWS\pss\BOINC Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-06 07:57 1103480 C:\Program Files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 02:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-04-26 13:22 589824 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-10-10 17:59 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-05 12:07 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"BDNewsAgent"="c:\program files\softwin\bitdefender8\bdnagent.exe"
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Games\\MOHAA\\MOHAA.exe"=
"C:\\Games\\Halo\\halo.exe"=
"C:\\Games\\Return to Castle Wolfenstein - Game of The Year Edition\\WolfMP.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Games\\Starship Troopers\\Starship Troopers\\STGame.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Games\\Operation Flashpoint\\OperationFlashpoint.exe"=
"C:\\Games\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\Audio Tools\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-08-27 18:18]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-30 04:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-30 04:35]
R3 Alpham1;Ideazon Merc USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 09:56]
R3 Alpham2;Ideazon Merc MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 11:49]
R3 DrvFltIp;DrvFltIp;C:\Documents and Settings\Ken\Local Settings\TEMP\DrvFltIp []
S3 EL910;3Com 3CSOHO100B-TX PCI;C:\WINDOWS\system32\DRIVERS\EL910N51.sys [2002-05-29 16:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 12:42:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 21:51:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ASFWHide]
"ImagePath"="\??\C:\Documents and Settings\Ken\Local Settings\TEMP\ASFWHide"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\DrvFltIp]
"ImagePath"="\??\C:\Documents and Settings\Ken\Local Settings\TEMP\DrvFltIp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll
.
Completion time: 2008-04-24 21:54:41
ComboFix-quarantined-files.txt 2008-04-24 11:54:02
ComboFix2.txt 2008-04-24 10:20:44

Pre-Run: 46,019,805,184 bytes free
Post-Run: 46,003,126,272 bytes free

196 --- E O F --- 2008-04-22 06:52:07

Thanks for the information, if you do not need combofix to install RC, delete (remove) combofix and the C:\Qoobox\Quanantine\ folder and run a new Kaspersky Online Scan as a final check using these settings.

You will have some infected items because we need to clean the System Restore files, you can edit out this stuff if you wish before you post.
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00ac38423b1d75ee9019840598e0a7fb_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

Then post it here.

Cheers mate,

The steps have been followed & the scanner is running now. From last experience it took 8 hours or so to complete, so since it is 10.45pm here in Oz I'll let it run over night while I get some well earned rest! Many thanks for your help tonight, I'll post the results of the scan as soon as I can tomorrow. The pc is already running far better - I've been browsing & tinkering in between posts & been amazed at the improvements after each step!

G'night,

Ken (Glenrock)

Is this: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00419c89486b7c9d8a59873dbb87c6c8_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
accociated with this: http://research.microsoft.com/crypto/

I am trying to think of a reason why KOS scans around the same number of files for me in 60 to 75 minutes?

Seems a badly fragmented hard drive might also cause this, how's your maintenance.

You may want to run a free diagnostic here:
http://www.pcpitstop.com/pcpitstop/

Cheers

I think probably because my hard drive was so infected.

This time the scan took only 1hr 44 mins to complete & came up with 1 infection. I have a disk defragmenter that kicks in when the pc is idle, so unless the malware was mucking things around it should be pretty good (I can be quite anal about that at times). I'll run that diagnostic anyway just out of curiosity.

In the meantime, here's the KAV report you requested:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 25, 2008 8:34:16 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/04/2008
Kaspersky Anti-Virus database records: 647489
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 73594
Number of viruses found: 1
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 01:44:11

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00419c89486b7c9d8a59873dbb87c6c8_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00ac38423b1d75ee9019840598e0a7fb_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00e96cbd7f4d931daf4618e085b4006b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\02b488318f12720576021e589006302d_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\02e1b9e7b22631409488aff06aa77526_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04a68604ac7be5e6be939ba57e91b0b6_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0668f1c67bb99db0398086c74ac7d7af_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07b42acf76f774e974f05bd6ff1eaafd_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e9e8770b3ca85d59b47d31131f1610_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08f2947e416f5bca5f5a711301483737_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\092f0f3eb33d4703f50ef8890d637394_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0bad9e505abd08378fe4190436bc4133_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0cebe6db08fc06ae000d12f72c2bc19d_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d790d76bc8bcc08e88bbf224390cb02_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f09aad038df69b78cf60e1518d47622_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\10c5fa201a6cf8f0c784584b35fb5528_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\125de213ed4a30341c04a6e3715732ce_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\141516d81cc85a6e745339b2b6960b2f_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1476887f693648c1b3262f959a688a0e_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15bbe6f922a838d47c36e1e77ad65b51_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\165c19fc7a06e5b14633541887c7f524_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a419349290ef37acc84bf44b996d7a1_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b69ad65bf71438441fab461042f204a_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\21a0f18de9b2f07874a9be082bdc1c53_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2aacd466c22c8a705e9e541ef65e7179_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3228b76fe87b620dac3714e6c21e1a05_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\32662cf42de2fc415fe7dc86ee83f2af_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\32914a91de25cccf3d2500a1453268bb_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3321ff2b85221eb3c841d80cd7513e5c_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35db513d59d6bfb9048daf0b12dc12a9_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c8e3bedffbf42772b654ecb7b0e2492_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40243cd511b1a5eca30204f68d0cea2a_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\43e824aff68d40d08e6b3dacd8c36ff0_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47bcae8d354b5c48b6f93653c5c1ec00_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a1ed74f0398cad242c9b2ccff6ccb5d_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5392b9b278e7a0146f234bb67851ab43_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\54b5d4089004614b4bc3e3b94772c87e_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\54dffa665132ee66acf02ea90fd5bfbe_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5687d013a32269887e7206bb5715ed27_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\59009c3799a92e83866e3923aceee197_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\594c12f86e7e9fd5d208ddcfab1a179b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b05b863dcf4c438d0bd9e5d55499d6e_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5d70dfa456c482128b8b30cb1fef6f8d_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5df2783154d9f95432b4f2fa9f201f59_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\654a3735cd4c3dc119356f49f0ad7472_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\68fb9f0e10bc4e2ce5a5cb8a7acbf22a_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d4ae076e136afc369d00fa0c5af8b4e_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f54486fad6897ddc29897e6c99e3b6b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7304a9796286008216f397cc2d7aea50_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\742bd9fec2b176f04a2c74bc0dbbcdef_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76ced23dc657345f6f409bfc9c144ec0_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77f30f69c4a9d8c4a5ef2ef6109422b0_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b5164534bbc449cfc345921eb0d4a71_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c4fd8de5d6c2c11dbc899dcdfb8c008_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cac843026c1140c36b4d79ea17281bd_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e3f5c1ad1bf22637919cf04584e8eb1_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ec023209dce00b8e4e93ac9572ce543_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ff6760423a649ab5e27a309749ef4c1_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\814de7e1dfee5587ef14738917061c88_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8169ea443cfbb5b89e7500051da94ccd_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\82a1a3530630b05cca1104707f9532a6_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\82abac820b76917dcd74a376cd570916_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\846d38fe10e79060a63082f8357272b3_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84d551c1fa797ce8087e7324c4ace1da_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\885652eedc9b5ef92a385fb5eb30624b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\89e36fc6e1f205a54dc828420b47c804_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b31f12cb83c15ee85fa70ac8c3ef38a_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8bd49ee0a5ba152f998f78bcbc58ffe1_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\91f57f4b958ad8c4a51885db5795710f_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94416750753b5ef32b2c7026afe09879_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\962df314163455d20dc1f6d16630ab43_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\966603e172aba9300a788ed6aaebe9e1_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9687820a27b17bd19896386e98235007_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9713164f470f2fac0f58301ceae07806_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\984b9d6123e70dcd892e69e82d1ce020_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e7611393c4f65e350bc877f59f0c229_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f419a24b657a29ddf265df10fdd3150_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a18474bae9aea0a512a8a5f3d659b248_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a27f102e543525dbe929abf24fe3bebc_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a3cedee4a21ea217aa71791f8fc97b84_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a806033b5b3b97ea0891c812bb77a20f_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8a8cfe83ae1c7c9dc649c378abdb8ff_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\afbb09cc1402eb432067cd910fffbece_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b278b6fbe29b4c0670e5660e3eb31270_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2a5102bf1b62bb5c204cf50857343be_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2bfa0eb1f12921b42b4a94bfc295260_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b32943c362cedc107abb4af82f6677bb_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3b8b769b2792be1ea845cef6bea8596_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b5c6ecc782386686a0e6098a6fbe7d13_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b6864116cbb1ff0b0b042d94c376fdeb_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b6f8998ab083787b8658002208e4ccd6_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba1b4d7622e1e22527a39db8f654a63f_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba270b2401880bfa3efcac9e2b802b36_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba5469818622f574b4e302aca47b1f77_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba63ac6dce3bc654892d64a916db58d2_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb158df7234f4492e6dca626f10af83b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb548a74191971141b8b56380ee7473b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcdf282447c7fc4cb9793097ca599f3b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c137428f26bc26597c3cbafb285df33d_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3c946b60abfbe6e3fb065b95dcebfaa_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4d8bcc8fbad0bbe09ccfe88afe64c01_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4e5ded4c4eabd8c8ef217227112161e_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6347205e225f9e2fe1c4a49f8d46e8f_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8de5653f566cd4b07edf5273a0c5e2f_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9c3fa4a301189dfdd3f5be028b74a83_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca83561a98828a151ab91c6325cbcdd0_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc9605729ec872ef01db8904f62aecac_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ceee93efd4b3f9ccc94d2a083c708c2e_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d071620ae25be7fdad1af891b25ab5c3_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d0b3b27843fa8f92ed82bbe0a694795b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d10eea2fdfe6486848193221071bd94d_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d17abad28a1785d2b252903a4262b8ba_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d26075b2df02994d23420e5a306cf19b_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d268302cdd20808e4acae6afa3e65085_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d2a6fa5c2bf20abf4944755054cb3439_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d419a38e66ee592313545f403be420dc_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d750be7b92cf0e7057597e284bd6777a_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9290d31af9ed0799f6ce618ca50a86c_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\da538fc289ef95c3fa9ed0f53b744f71_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dad7c49c2987fa548ac485fa3c4523c3_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\db0abc1b5a1c6bb2d2515b1f633a58e6_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc10391ed11a1b655279cc48362afac0_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dfece428e63426464caee73846548c74_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e15a6b56143d7bd226f8cd81e3c6d375_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e188026330ca09df14b05596c0ee0e57_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e1c4d1690a2633f6ca6a083ea61bf1d1_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e1e055f18426e3c250214a4143c4a6a1_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e24ea85718890f989769d43c88981a60_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e27de11a267fe839549a406199c9f857_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4f80a37c2b49cd1b63395c15941d8d2_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea72d2fbbfdd8eeaab6816d461a3a0c6_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\edcdb85e76164ac54c17eedd52209901_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee3f7bf8ef6102245c80ab33a40a5bd0_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee72d58899a2c2aa50990ee8906945da_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eec730c2af313be8eb3f7f22c5cb0dab_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef0a5d2a8f75cbcf6b60fe899f2c190a_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2459da0cd136d758e98cd7bc7306537_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f4a3f11c6be7d558b3d9b21658b0d529_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f50df371d6fc8c7cf0650b7bc7ce7e84_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8a237eb32c1ad95704e6292afd92e47_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa682c7001ab2ab71b1426ac6e3e6bb9_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb6412b8eacf422d33aeabdb432352f7_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1212372c7d287dc7768f4e9f3afa11_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd3c743757a8ee6a15fd7ca92206cfe6_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe096ad2922ddadd028ad0c1d513862f_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe0eb24452dc1efa99b29daf628634bc_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe440ebda1c4c360a261f33addbf2b39_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff692765a8178eaf0e1c07c8fe5c7259_85301b6d-c32f-4677-a954-5c9d10714cad Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Ken\Application Data\Ideazon\ZEngine\data\mods\IDeazon.ldb Object is locked skipped
C:\Documents and Settings\Ken\Application Data\Ideazon\ZEngine\data\mods\IDeazon.zbd Object is locked skipped
C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\ml3l79vd.default\cert8.db Object is locked skipped
C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\ml3l79vd.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\ml3l79vd.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\ml3l79vd.default\history.dat Object is locked skipped
C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\ml3l79vd.default\key3.db Object is locked skipped
C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\ml3l79vd.default\parent.lock Object is locked skipped
C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\ml3l79vd.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\ml3l79vd.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Ken\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Mozilla\Firefox\Profiles\ml3l79vd.default\Cache\72E1C256d01 Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Mozilla\Firefox\Profiles\ml3l79vd.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Mozilla\Firefox\Profiles\ml3l79vd.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Mozilla\Firefox\Profiles\ml3l79vd.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Mozilla\Firefox\Profiles\ml3l79vd.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\History\History.IE5\MSHist012008042420080425\index.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\TEMP\JET8400.tmp Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ken\ntuser.dat Object is locked skipped
C:\Documents and Settings\Ken\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4ECB1306-D3D6-4831-A410-B4646D4F2245}\RP83\A0046166.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{4ECB1306-D3D6-4831-A410-B4646D4F2245}\RP83\A0046303.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{4ECB1306-D3D6-4831-A410-B4646D4F2245}\RP89\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0ECB5768-4C8D-4A05-8DAE-E230B59B4E58}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_484.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_4c4.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_9c.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

=====================================================================================

Cheers,

Glenrock

Ken, I am not receiving any notifications and have to check my subscriptions? Hope you see this.

1) Clean your Firefox cache, be sure to delete the item in red.
C:\Documents and Settings\Ken\Local Settings\Application Data\Mozilla\Firefox\Profiles\ml3l79vd.default\Cache\72E1C256d01 ------> Trojan-Downloader.Win32.FraudLoad.op

2) Empty the Recycle Bin on the Desktop

3) Follow these instructions to clean infected System Resotre files.

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

4) Safe surfing Mate

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

Hey Phil,

I did see your last post, followed the instructions on it & am pleased to be able to say that so far it is working great - it's almost a new pc! Sorry for the delay getting back but I've been testing it throughout the day here to see if any problems cropped up but so far nothing. I've checked out some of the links you provided re security & malware prevention and found it goes into a little more detail than what I'm already aware of so I'll probably look into it further - I'm already planning to switch Firewalls to Comodo as I discovered through this site that the one I paid good money for (Ashampoo Firewall Pro) is apparently 1 of the worst to have! :banghead:

I have to say you blokes are bloody fantastic! I'm not exactly a pc noob (I'm mainly a hardware nut though) but this was over my head & you were able to help me so quickly & easily it blew me away! Anyone following this thread 'cos you have a problem, GET THESE PEOPLE TO HELP!! Where do I donate?? After being helped out so quickly, cheerfully & easily by someone I don't know on the other side of the world with no expectation of payment,(?) I can't let such a good deed go unpunished! :)

Thanks for all your help, & keep up the good work. I'll keep checking this thread for the next day or so in case there's any more steps you think I should take, otherwise, I hope I won't need to come back but if I do I'll sure as hell know where to turn next time!

Cheers,

Ken (Glenrock - G'day from Down Under!)

G'Day Mate, thanks a lot for the feedback. The donation link is the last link in the closing information I provided. You will find those experts are often saying the same thing, read it all, they are some of the most knowledgeable in malware removal/security. Safe surfing and you be careful, it's a cyber-jungle out there.
Example: http://en.wikipedia.org/wiki/Russian_Business_Network
http://rbnexploit.blogspot.com/