PDA

View Full Version : Virtumonde help



Firebirdnz
2008-12-30, 23:38
Read another similar thread to see if there was something helpful to remove this trojan and i noticed it seemed very individual. I ran combofix and here is the logfile created:

P.S i will unistall Limewire and utorrent as suggested in the other thread too.

----------------------------------------------------------

ComboFix 08-12-29.02 - Hamish McGlinn 2008-12-31 10:26:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1552 [GMT 13:00]
Running from: c:\documents and settings\Hamish McGlinn\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\acclfvdd.dll
c:\windows\system32\arisoscm.dll
c:\windows\system32\ddcYqpmJ.dll
c:\windows\system32\dttgwyew.dll
c:\windows\system32\epjalr.dll
c:\windows\system32\fcccdDwu.dll
c:\windows\system32\foymbljn.ini
c:\windows\system32\jkkICrOg.dll
c:\windows\system32\JmpqYcdd.ini
c:\windows\system32\JmpqYcdd.ini2
c:\windows\system32\kmrzpc.dll
c:\windows\system32\mfucpoei.dll
c:\windows\system32\njlbmyof.dll
c:\windows\system32\pcvjvoho.dll
c:\windows\system32\szdugr.dll
c:\windows\system32\tbcbrj.dll
c:\windows\system32\zfhzyv.dll

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-30 14:06 . 2008-12-30 14:06 151 --a------ c:\windows\wininit.ini
2008-12-30 13:43 . 2008-12-30 13:43 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-30 13:43 . 2008-12-30 13:43 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-30 13:43 . 2008-12-30 13:43 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-30 13:43 . 2008-12-30 13:43 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-27 15:31 . 2008-12-27 15:31 <DIR> d-------- c:\documents and settings\Hamish McGlinn\Application Data\Lavasoft
2008-12-27 15:27 . 2008-12-27 15:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
2008-12-27 15:06 . 2008-12-28 10:33 2,710 --a------ c:\windows\system32\TDSSdxgp.dll
2008-12-27 15:03 . 2008-12-30 20:05 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-27 13:55 . 2008-12-27 13:55 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-27 13:52 . 2008-12-27 13:52 22,328 --a------ c:\documents and settings\Hamish McGlinn\Application Data\PnkBstrK.sys
2008-12-27 13:51 . 2008-12-27 13:51 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2008-12-26 13:35 . 2008-12-26 13:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Codemasters
2008-12-26 13:25 . 2008-12-26 13:25 <DIR> d--h----- c:\windows\msdownld.tmp
2008-12-26 13:25 . 2008-12-26 13:25 <DIR> d-------- c:\windows\Logs
2008-12-26 13:25 . 2008-04-28 16:53 805,400 -ra------ c:\windows\system32\tmpD.tmp
2008-12-26 13:25 . 2008-04-28 16:53 805,400 -ra------ c:\windows\system32\tmpC.tmp
2008-12-24 14:51 . 2008-12-24 14:51 23 --a------ c:\windows\MixBKS.INI
2008-12-23 10:44 . 2008-12-23 10:44 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-22 21:00 . 2008-12-22 21:00 <DIR> d-------- c:\program files\OpenAL
2008-12-22 21:00 . 2008-04-28 16:53 805,400 -ra------ c:\windows\system32\tmpF.tmp
2008-12-22 21:00 . 2008-04-28 16:53 805,400 -ra------ c:\windows\system32\tmpE.tmp
2008-12-22 21:00 . 2008-12-26 13:25 444,952 --a------ c:\windows\system32\wrap_oal.dll
2008-12-21 10:20 . 2008-12-21 10:20 <DIR> d-------- C:\Fraps
2008-12-21 10:19 . 2008-12-22 10:56 <DIR> d-------- c:\program files\Teamspeak2_RC2
2008-12-21 10:19 . 2008-12-21 10:19 34,064 --a------ c:\windows\system32\lhacm.acm
2008-12-21 09:53 . 2008-12-31 10:03 <DIR> d-------- c:\documents and settings\Hamish McGlinn\Application Data\skypePM
2008-12-21 09:53 . 2008-12-21 09:53 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-21 09:50 . 2008-12-21 09:50 <DIR> d-------- c:\program files\Skype
2008-12-21 09:50 . 2008-12-21 09:50 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-21 09:50 . 2008-12-31 10:04 <DIR> d-------- c:\documents and settings\Hamish McGlinn\Application Data\Skype
2008-12-21 09:49 . 2008-12-21 09:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-12-21 09:06 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-21 09:06 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-21 09:06 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-20 21:11 . 2008-12-28 15:18 <DIR> d-------- c:\documents and settings\Hamish McGlinn\Incomplete
2008-12-20 20:49 . 2008-12-20 20:49 <DIR> d-------- c:\program files\Lavasoft
2008-12-20 20:47 . 2008-12-30 14:10 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-20 20:47 . 2008-12-30 14:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-20 14:43 . 2008-12-27 13:51 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2008-12-20 14:43 . 2008-12-27 13:52 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-12-20 14:42 . 2008-12-20 14:42 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-20 14:42 . 2008-12-20 14:42 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-12-20 14:33 . 2008-12-20 14:33 8 --a------ c:\windows\system32\nvModes.dat
2008-12-20 14:32 . 2008-12-20 14:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-20 14:27 . 2008-12-20 14:32 <DIR> d-------- c:\documents and settings\Hamish McGlinn\Contacts
2008-12-20 14:25 . 2008-12-20 14:26 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-20 14:24 . 2008-12-20 14:26 <DIR> d-------- c:\program files\Windows Live
2008-12-20 14:24 . 2008-12-20 14:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-20 14:12 . 2008-12-20 14:12 <DIR> d-------- c:\program files\America's Army Server Manager
2008-12-20 11:47 . 2008-12-20 11:48 <DIR> d-------- c:\program files\RivaTuner v2.21
2008-12-20 11:43 . 2008-12-22 19:30 <DIR> d-------- c:\documents and settings\Hamish McGlinn\Application Data\Creative
2008-12-20 11:37 . 2008-12-20 11:37 <DIR> d-------- c:\program files\NVIDIA nTune Performance Application
2008-12-20 11:37 . 2008-12-20 11:37 <DIR> d-------- c:\program files\NVIDIA Corporation
2008-12-20 11:34 . 2008-12-20 11:34 <DIR> d-------- c:\windows\system32\AGEIA
2008-12-20 11:34 . 2008-12-20 11:42 <DIR> d-------- c:\windows\NV33084052.TMP
2008-12-20 11:34 . 2008-12-20 11:34 <DIR> d-------- c:\program files\AGEIA Technologies
2008-12-20 11:34 . 2008-11-13 16:20 203,540 --a------ c:\windows\system32\nvapps.nvb
2008-12-20 11:33 . 2008-12-20 11:33 <DIR> d-------- C:\NVIDIA
2008-12-20 10:25 . 2008-12-20 10:25 <DIR> d-------- c:\program files\iTunes
2008-12-20 10:25 . 2008-12-20 10:25 <DIR> d-------- c:\program files\iPod
2008-12-20 10:25 . 2008-12-20 12:38 <DIR> d-------- c:\documents and settings\Hamish McGlinn\Application Data\Apple Computer
2008-12-20 10:25 . 2008-12-20 10:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-20 10:25 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-20 10:25 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-20 10:24 . 2008-12-20 10:24 <DIR> d-------- c:\program files\QuickTime
2008-12-20 10:24 . 2008-12-20 10:24 <DIR> d-------- c:\program files\Bonjour
2008-12-20 10:24 . 2008-12-20 10:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-20 10:23 . 2008-12-20 10:23 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-20 10:23 . 2008-12-20 10:23 <DIR> d-------- c:\program files\Apple Software Update
2008-12-20 10:23 . 2008-12-20 10:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-20 10:21 . 2008-12-20 10:21 <DIR> d-------- c:\program files\VideoLAN
2008-12-20 10:21 . 2008-12-20 10:22 <DIR> d-------- c:\documents and settings\Hamish McGlinn\Application Data\vlc
2008-12-20 10:17 . 2008-12-28 15:18 <DIR> d-------- c:\documents and settings\Hamish McGlinn\Shared
2008-12-20 10:13 . 2008-12-20 14:11 <DIR> d-------- C:\Hamish
2008-12-20 10:09 . 2008-12-20 10:12 <DIR> d-------- c:\documents and settings\Hamish McGlinn\Application Data\Ventrilo
2008-12-20 10:09 . 2008-12-20 10:09 <DIR> d-------- c:\documents and settings\Hamish McGlinn\Application Data\teamspeak2
2008-12-20 09:54 . 2000-05-22 21:58 647,872 --a------ c:\windows\system32\Mscomct2.ocx
2008-12-20 09:54 . 1999-10-11 14:00 41,984 --------- c:\windows\Ctregrun.exe
2008-12-20 09:46 . 2008-12-20 09:46 183 --a------ c:\windows\setuplog
2008-12-20 09:45 . 1999-12-13 14:01 44,032 --a------ c:\windows\system32\CTSVCCDA.EXE
2008-12-20 09:45 . 1999-11-18 14:00 25,088 --a------ c:\windows\system32\CTSVCCTL.EXE
2008-12-20 09:40 . 2004-08-05 01:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-20 09:39 . 2008-12-20 09:39 <DIR> d-------- c:\windows\system32\Data
2008-12-20 09:39 . 2000-05-11 01:00 90,112 --------- c:\windows\Updreg.EXE
2008-12-20 09:39 . 2005-06-15 16:07 11,264 --a------ c:\windows\INRES.DLL
2008-12-20 09:39 . 2005-07-07 22:26 5,627 -ra------ c:\windows\system32\Ludap17.ini
2008-12-20 09:39 . 2008-12-20 11:43 584 --a------ c:\windows\system32\settingsbkup.sfm
2008-12-20 09:39 . 2008-12-20 11:43 584 --a------ c:\windows\system32\settings.sfm
2008-12-20 09:39 . 2005-03-08 19:14 39 -ra------ c:\windows\system32\ctzapxx.ini
2008-12-20 09:38 . 2000-12-13 23:21 7,572,224 --a------ c:\windows\system32\CT8MGM.SF2
2008-12-20 09:38 . 2000-12-05 14:11 4,174,814 --a------ c:\windows\system32\CT4MGM.SF2
2008-12-20 09:35 . 2008-12-20 09:53 <DIR> d-------- c:\program files\Creative
2008-12-20 09:29 . 2008-12-28 16:12 <DIR> d-------- c:\documents and settings\Hamish McGlinn\Application Data\LimeWire
2008-12-20 09:26 . 2008-12-20 09:26 <DIR> d-------- c:\program files\Java
2008-12-20 09:26 . 2008-12-20 09:26 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-20 09:26 . 2008-12-20 09:26 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-20 09:25 . 2008-12-20 09:25 <DIR> d-------- c:\program files\Ventrilo
2008-12-20 09:25 . 2008-12-20 09:25 <DIR> d-------- c:\program files\LimeWire
2008-12-20 09:25 . 2008-12-20 11:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-20 09:25 . 2008-12-20 09:25 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-20 09:24 . 2008-12-20 09:24 <DIR> d-------- c:\program files\uTorrent
2008-12-20 09:24 . 2008-12-20 09:24 <DIR> d-------- c:\documents and settings\Hamish McGlinn\Application Data\uTorrent
2008-12-20 09:09 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-12-20 09:07 . 2008-12-31 10:04 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-20 09:07 . 2008-12-20 09:07 <DIR> d-------- c:\program files\AVG
2008-12-20 09:07 . 2008-12-27 16:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-20 09:07 . 2008-12-20 09:07 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-20 09:07 . 2008-12-20 09:07 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-20 09:01 . 2008-12-20 09:01 2,422 --a------ c:\windows\system32\wpa.bak
2008-12-20 08:48 . 2008-12-20 08:48 0 --a------ c:\windows\nsreg.dat
2008-12-20 08:46 . 2008-12-20 08:46 <DIR> d---s---- c:\documents and settings\Hamish McGlinn\UserData
2008-12-20 08:44 . 2008-12-21 09:14 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-12-20 08:44 . 2008-06-14 02:10 272,128 --a------ c:\windows\system32\drivers\bthport.sys
2008-12-20 08:44 . 2008-06-14 02:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-20 08:42 . 2008-08-14 23:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-20 08:42 . 2008-08-14 22:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-20 08:42 . 2008-08-14 22:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-20 08:42 . 2008-08-14 22:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-20 08:42 . 2008-10-25 00:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 00:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 22:37 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-19 02:24 --------- d-----w c:\program files\D-Link
2008-12-19 02:03 --------- d-----w c:\program files\Gigabyte
2008-12-19 02:03 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-12-19 02:01 15,600 ----a-w c:\windows\gdrv.sys
2008-12-19 01:57 315,392 ----a-w c:\windows\HideWin.exe
2008-12-19 01:57 --------- d-----w c:\program files\Realtek
2008-12-19 01:56 --------- d-----w c:\program files\AMD
2008-12-19 01:56 --------- d-----w c:\documents and settings\Hamish McGlinn\Application Data\InstallShield
2008-12-19 01:46 --------- d-----w c:\program files\microsoft frontpage
2008-11-12 01:54 6,188,320 ----a-w c:\windows\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m‘|\ü" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-20 1261336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 c:\windows\RTHDCPL.exe]
"P17Helper"="P17.dll" [2005-05-04 c:\windows\system32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe [2008-12-19 12693504]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Hamish\\Games\\AA\\System\\ArmyOps.exe"=
"c:\\Hamish\\Games\\Left 4 Dead\\Left 4 Dead\\left4dead.exe"=
"c:\\Hamish\\Games\\Grid\\GRID.exe"=
"c:\\Hamish\\Games\\FC2\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Hamish\\Games\\FC2\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Hamish\\Games\\FC2\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-20 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-20 231704]
R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2008-12-19 54432]
S1 8c5f18d;8c5f18d;c:\windows\system32\drivers\8c5f18d.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-30 c:\windows\Tasks\sgqugglt.job
- c:\windows\system32\rundll32.exe [2004-08-05 01:00]
.
- - - - ORPHANS REMOVED - - - -

BHO-{57CF7740-5F08-4231-A624-8D4F853A7787} - c:\windows\system32\ddcYqpmJ.dll
BHO-{e840863d-b767-4701-93d3-8a894a795cd0} - c:\windows\system32\zfhzyv.dll


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Hamish McGlinn\Application Data\Mozilla\Firefox\Profiles\jauo5ifp.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 10:30:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-12-31 10:31:38 - machine was rebooted [Hamish McGlinn]
ComboFix-quarantined-files.txt 2008-12-30 21:31:35

Pre-Run: 134,459,949,056 bytes free
Post-Run: 134,610,165,760 bytes free

273 --- E O F --- 2008-12-21 11:32:08

Thanks heaps for your help.

----------------------------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Do NOT run 'FIXES' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806 )