Thank you so much for any help!

Yeah, don't really know what happened here. One day I was surfing, the next I was terribly infected, right before I went on vacation! For some reason, google is blocked and any links it provides goes to some random pop up place and these forums and anything to do with spybot is blocked.

Luckily I got HJT to install.

log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:10 PM, on 1/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HPsetm] "C:\Documents and Settings\Sam\Application Data\Google\ijdkq13324484.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8704 bytes

Hi silversun

Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site 1 (http://hype.free.googlepages.com/gmer.zip)
alternate download site 2 (http://www.castlecops.com/downloads-file-546.html)

Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on "Settings", then check the first five settings:
*System Protection and Tracing
*Processes
*Save created processes to the log
*Drivers
*Save loaded drivers to the log
You will be prompted to restart your computer. Please do so.

Run Gmer again and click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan..

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2009-01-10 22:31:51
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.12 ----

SSDT spbs.sys ZwCreateKey
SSDT spbs.sys ZwEnumerateKey
SSDT spbs.sys ZwEnumerateValueKey
SSDT spbs.sys ZwOpenKey
SSDT spbs.sys ZwQueryKey
SSDT spbs.sys ZwQueryValueKey
SSDT spbs.sys ZwSetValueKey

Code E1B4EEE8 ZwFlushInstructionCache
Code AA1A1EAB pIofCallDriver

---- Kernel code sections - GMER 1.0.12 ----

PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP E1B4EEEC
.text USBPORT.SYS!DllUnload F657C8AC 5 Bytes JMP 86DB51D8

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\system32\wscntfy.exe[684] ntdll.dll!NtQuerySystemInformation 7C90D910 5 Bytes JMP 00D189A0 C:\Documents and Settings\Sam\Application Data\Google\spclrp.dll
.text C:\WINDOWS\explorer.exe[804] ntdll.dll!NtQuerySystemInformation 7C90D910 5 Bytes JMP 02A189A0 C:\Documents and Settings\Sam\Application Data\Google\spclrp.dll
.text C:\WINDOWS\explorer.exe[804] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B3000A
.text C:\WINDOWS\explorer.exe[804] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00B2000A
.text C:\WINDOWS\explorer.exe[804] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B4000A
.text C:\WINDOWS\system32\hkcmd.exe[2192] ntdll.dll!NtQuerySystemInformation 7C90D910 5 Bytes JMP 011F89A0 C:\Documents and Settings\Sam\Application Data\Google\spclrp.dll
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2208] ntdll.dll!NtQuerySystemInformation 7C90D910 5 Bytes JMP 00B189A0 C:\Documents and Settings\Sam\Application Data\Google\spclrp.dll
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2236] ntdll.dll!NtQuerySystemInformation 7C90D910 5 Bytes JMP 00EB89A0 C:\Documents and Settings\Sam\Application Data\Google\spclrp.dll
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2252] ntdll.dll!NtQuerySystemInformation 7C90D910 5 Bytes JMP 00AD89A0 C:\Documents and Settings\Sam\Application Data\Google\spclrp.dll
.text C:\Program Files\Elantech\ETDCTRL.EXE[2276] ntdll.dll!NtQuerySystemInformation 7C90D910 5 Bytes JMP 010389A0 C:\Documents and Settings\Sam\Application Data\Google\spclrp.dll
.text ...

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 86FD71F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 86FD71F8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [A9B185A8] avgtdix.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [A9B1943E] avgtdix.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C337BA8-FADC-42C1-849F-130F604359EA} IRP_MJ_CREATE 8625B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C337BA8-FADC-42C1-849F-130F604359EA} IRP_MJ_CLOSE 8625B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C337BA8-FADC-42C1-849F-130F604359EA} IRP_MJ_DEVICE_CONTROL 8625B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C337BA8-FADC-42C1-849F-130F604359EA} IRP_MJ_INTERNAL_DEVICE_CONTROL 8625B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C337BA8-FADC-42C1-849F-130F604359EA} IRP_MJ_CLEANUP 8625B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C337BA8-FADC-42C1-849F-130F604359EA} IRP_MJ_PNP 8625B500
Device \Driver\usbehci \Device\USBPDO-0 IRP_MJ_CREATE 86DBD500
Device \Driver\usbehci \Device\USBPDO-0 IRP_MJ_CLOSE 86DBD500
Device \Driver\usbehci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 86DBD500
Device \Driver\usbehci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DBD500
Device \Driver\usbehci \Device\USBPDO-0 IRP_MJ_POWER 86DBD500
Device \Driver\usbehci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 86DBD500
Device \Driver\usbehci \Device\USBPDO-0 IRP_MJ_PNP 86DBD500
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 86DB3500
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 86DB3500
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 86DB3500
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 86DB3500
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 86DB3500
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 86DB3500
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 86DB3500
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 86DB3500
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_CREATE [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_CREATE_NAMED_PIPE [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_CLOSE [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_READ [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_WRITE [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_QUERY_INFORMATION [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_SET_INFORMATION [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_QUERY_EA [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_SET_EA [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_FLUSH_BUFFERS [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_QUERY_VOLUME_INFORMATION [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_SET_VOLUME_INFORMATION [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_DIRECTORY_CONTROL [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_FILE_SYSTEM_CONTROL [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_DEVICE_CONTROL [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_INTERNAL_DEVICE_CONTROL [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_SHUTDOWN [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_LOCK_CONTROL [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_CLEANUP [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_CREATE_MAILSLOT [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_QUERY_SECURITY [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_SET_SECURITY [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_POWER [F738FE1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_SYSTEM_CONTROL [F73A4514] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_DEVICE_CHANGE [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_QUERY_QUOTA [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_SET_QUOTA [F73CBB1C] spbs.sys
Device \Driver\PCI_PNP6438 \Device\00000046 IRP_MJ_PNP [F73C8E8A] spbs.sys
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 86DB3500
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 86DB3500
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 86DB3500
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 86DB3500
Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_CREATE 86DB3500
Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_CLOSE 86DB3500
Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_POWER 86DB3500
Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_PNP 86DB3500
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [A9B185A8] avgtdix.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [A9B1943E] avgtdix.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 86F6A1F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86C601F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86C601F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86C601F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86C601F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86C601F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86C601F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86C601F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86C601F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86C601F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86C601F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86C601F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 86F6A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 86F6A1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8625B500
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8625B500
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8625B500
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8625B500
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8625B500
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8625B500
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8625B500
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8625B500
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8625B500
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8625B500
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8625B500
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 8625B500
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [A9B185A8] avgtdix.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [A9B1943E] avgtdix.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [A9B185A8] avgtdix.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [A9B1943E] avgtdix.sys
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 86DB3500
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 86DB3500
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 86DB3500
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 86DB3500
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 86DB3500
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 86DB3500
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 86DB3500
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 86DB3500
Device \Driver\NetBT \Device\NetBT_Tcpip_{D3F0D621-3319-437C-9C99-D6C9BE4C847A} IRP_MJ_CREATE 8625B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{D3F0D621-3319-437C-9C99-D6C9BE4C847A} IRP_MJ_CLOSE 8625B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{D3F0D621-3319-437C-9C99-D6C9BE4C847A} IRP_MJ_DEVICE_CONTROL 8625B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{D3F0D621-3319-437C-9C99-D6C9BE4C847A} IRP_MJ_INTERNAL_DEVICE_CONTROL 8625B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{D3F0D621-3319-437C-9C99-D6C9BE4C847A} IRP_MJ_CLEANUP 8625B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{D3F0D621-3319-437C-9C99-D6C9BE4C847A} IRP_MJ_PNP 8625B500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 8624E1F8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [A9B185A8] avgtdix.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [A9B1943E] avgtdix.sys
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 86DB3500
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 86DB3500
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 86DB3500
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 86DB3500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 8624E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 8624E1F8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE 86DB3500
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE 86DB3500
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER 86DB3500
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 86DB3500
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP 86DB3500
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CREATE 86DBD500
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CLOSE 86DBD500
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL 86DBD500
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DBD500
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_POWER 86DBD500
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL 86DBD500
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_PNP 86DBD500
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 86F6A1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 86F6A1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 86F6A1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 86F6A1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 86F6A1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 86F6A1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 86F6A1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 86F6A1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 86F6A1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 86F6A1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 86F6A1F8
Device \Driver\sptd \Device\410360188 IRP_MJ_CREATE [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_CREATE_NAMED_PIPE [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_CLOSE [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_READ [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_WRITE [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_QUERY_INFORMATION [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_SET_INFORMATION [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_QUERY_EA [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_SET_EA [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_FLUSH_BUFFERS [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_QUERY_VOLUME_INFORMATION [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_SET_VOLUME_INFORMATION [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_DIRECTORY_CONTROL [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_FILE_SYSTEM_CONTROL [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_DEVICE_CONTROL [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_SHUTDOWN [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_LOCK_CONTROL [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_CLEANUP [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_CREATE_MAILSLOT [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_QUERY_SECURITY [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_SET_SECURITY [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_POWER [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_SYSTEM_CONTROL [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_DEVICE_CHANGE [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_QUERY_QUOTA [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_SET_QUOTA [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 IRP_MJ_PNP [F7388000] spbs.sys
Device \Driver\sptd \Device\410360188 FastIoDeviceControl [F739294C] spbs.sys
Device \Driver\aix2k0g3 \Device\Scsi\aix2k0g31Port2Path0Target0Lun0 IRP_MJ_CREATE 86D111F8
Device \Driver\aix2k0g3 \Device\Scsi\aix2k0g31Port2Path0Target0Lun0 IRP_MJ_CLOSE 86D111F8
Device \Driver\aix2k0g3 \Device\Scsi\aix2k0g31Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 86D111F8
Device \Driver\aix2k0g3 \Device\Scsi\aix2k0g31Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D111F8
Device \Driver\aix2k0g3 \Device\Scsi\aix2k0g31Port2Path0Target0Lun0 IRP_MJ_POWER 86D111F8
Device \Driver\aix2k0g3 \Device\Scsi\aix2k0g31Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 86D111F8
Device \Driver\aix2k0g3 \Device\Scsi\aix2k0g31Port2Path0Target0Lun0 IRP_MJ_PNP 86D111F8
Device \Driver\aix2k0g3 \Device\Scsi\aix2k0g31 IRP_MJ_CREATE 86D111F8
Device \Driver\aix2k0g3 \Device\Scsi\aix2k0g31 IRP_MJ_CLOSE 86D111F8
Device \Driver\aix2k0g3 \Device\Scsi\aix2k0g31 IRP_MJ_DEVICE_CONTROL 86D111F8
Device \Driver\aix2k0g3 \Device\Scsi\aix2k0g31 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D111F8
Device \Driver\aix2k0g3 \Device\Scsi\aix2k0g31 IRP_MJ_POWER 86D111F8
Device \Driver\aix2k0g3 \Device\Scsi\aix2k0g31 IRP_MJ_SYSTEM_CONTROL 86D111F8
Device \Driver\aix2k0g3 \Device\Scsi\aix2k0g31 IRP_MJ_PNP 86D111F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 86CFD1F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 86CFD1F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 86CFD1F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 86CFD1F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 86CFD1F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 86CFD1F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 86CFD1F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 86CFD1F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 86CFD1F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 86CFD1F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 86CFD1F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 86CFD1F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 86CFD1F8

---- Modules - GMER 1.0.12 ----

Module \systemroot\system32\drivers\TDSSpaxt.sys (*** hidden *** ) AA1A0000

---- Threads - GMER 1.0.12 ----

Thread 4:388 AA1A2D66

---- Processes - GMER 1.0.12 ----

Process C:\Documents and Settings\Sam\Application Data\Google\ijdkq13324484.exe (*** hidden *** ) 2548

---- Services - GMER 1.0.12 ----

Service C:\WINDOWS\system32\drivers\TDSSpaxt.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@affid 61
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@subid v3001
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@control 0x09 0x19 0x1F 0x16 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@prov 10010
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@googleadserver pagead2.googlesyndication.com
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@flagged 1
Reg \Registry\MACHINE\SOFTWARE\TDSS
Reg \Registry\MACHINE\SOFTWARE\TDSS@build standart
Reg \Registry\MACHINE\SOFTWARE\TDSS@type clicker
Reg \Registry\MACHINE\SOFTWARE\TDSS@affid 61
Reg \Registry\MACHINE\SOFTWARE\TDSS@subid v3001
Reg \Registry\MACHINE\SOFTWARE\TDSS@cmddelay 86400
Reg \Registry\MACHINE\SOFTWARE\TDSS@serversdown 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSpaxt.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys@start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys@type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSpaxt.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys@group file system
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys@start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys@type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSpaxt.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys@group file system
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@start 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSpaxt.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@group file system

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Windows Live Mail\Gmail (fide 272\Inbox\00294823-00000001.eml:OEStandardProperty
ADS C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Windows Live Mail\Gmail (fide 272\Inbox\18BE6784-00000002.eml:OEStandardProperty
ADS C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Windows Live Mail\Gmail (fide 272\Inbox\2CD672AE-00000004.eml:OEStandardProperty
ADS C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Windows Live Mail\Gmail (fide 272\Inbox\4AE13D6C-00000003.eml:OEStandardProperty
ADS C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Windows Live Mail\Gmail (fide 272\Inbox\69525F90-00000005.eml:OEStandardProperty
File C:\Documents and Settings\Sam\Local Settings\Temp\TDSS242f.tmp
File C:\Documents and Settings\Sam\Local Settings\Temp\TDSS2539.tmp
File C:\Documents and Settings\Sam\Local Settings\Temp\TDSS33ee.tmp
File C:\Documents and Settings\Sam\Local Settings\Temp\TDSSc232.tmp
File C:\Documents and Settings\Sam\Local Settings\Temp\TDSSc241.tmp
File C:\WINDOWS\system32\drivers\TDSSpaxt.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\drivers\TDSSpqlt.sys
File C:\WINDOWS\system32\TDSScfmm.dll
File C:\WINDOWS\system32\TDSScfum.dll
File C:\WINDOWS\system32\TDSSfxmp.dll
File C:\WINDOWS\system32\TDSShrxx.dll
File C:\WINDOWS\system32\TDSSkkai.log
File C:\WINDOWS\system32\TDSSlxcp.dll
File C:\WINDOWS\system32\TDSSmtvd.dat
File C:\WINDOWS\system32\TDSSnrsr.dll
File C:\WINDOWS\system32\TDSSofxh.dll
File C:\WINDOWS\system32\TDSSoiqt.dll
File C:\WINDOWS\system32\TDSSosvd.dat
File C:\WINDOWS\system32\TDSSrhym.log
File C:\WINDOWS\system32\TDSSriqp.dll
File C:\WINDOWS\system32\TDSStkdv.log
File C:\WINDOWS\system32\TDSSvkql.dll
File C:\WINDOWS\Temp\TDSS4524.tmp
File C:\WINDOWS\Temp\TDSS4709.tmp

---- EOF - GMER 1.0.12 ----

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Thank you so much! It's already running better. For some reason, I'm getting a pop up that is a virus, saying that I should go download some super virus protection thing and pay for it. Anyway . . .

The Combofix log . .

ComboFix 09-01-10.03 - Sam 2009-01-11 15:06:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.690 [GMT -8:00]
Running from: C:\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sam\Application Data\Google\spclrp.dll
c:\documents and settings\Sam\nah_log.dat
c:\documents and settings\Sam\nah_mskg.exe
c:\windows\system32\drivers\TDSSpaxt.sys
c:\windows\system32\Drivers\TDSSpqlt.sys
c:\windows\system32\TDSScfmm.dll
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSfxmp.dll
c:\windows\system32\TDSShrxx.dll
c:\windows\system32\TDSSkkai.log
c:\windows\system32\TDSSlxcp.dll
c:\windows\system32\TDSSmtvd.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSoiqt.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSStkdv.log
c:\windows\system32\TDSSvkql.dll

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\winlogon.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
.

2010-07-02 12:30 . 2008-06-13 03:05 272,128 --a------ c:\windows\system32\drivers\bthport.sys
2010-07-02 12:29 . 2008-12-18 03:52 <DIR> d--h----- c:\windows\$hf_mig$
2010-07-02 12:28 . 2010-07-02 12:29 <DIR> d-------- c:\windows\I386
2009-01-11 14:58 . 2009-01-11 01:29 2,915,194 -ra------ C:\Combo-Fix.exe
2009-01-10 22:05 . 2009-01-10 22:12 <DIR> d-------- C:\gmer
2009-01-05 14:39 . 2009-01-05 14:39 <DIR> d-------- c:\program files\Trend Micro
2008-12-13 16:59 . 2008-12-13 16:59 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2008-12-13 16:53 . 2008-12-13 16:53 <DIR> d-------- c:\documents and settings\Sam\Application Data\DAEMON Tools Pro
2008-12-13 16:53 . 2008-12-13 16:53 <DIR> d-------- c:\documents and settings\Sam\Application Data\DAEMON Tools
2008-12-13 16:52 . 2008-12-13 16:52 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-12-13 16:52 . 2008-12-13 16:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-13 16:49 . 2008-12-13 16:54 <DIR> d-------- c:\documents and settings\Sam\Application Data\DAEMON Tools Lite
2008-12-13 16:49 . 2008-12-13 16:49 717,296 --a------ c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 08:43 --------- d-----w c:\documents and settings\Sam\Application Data\OpenOffice.org2
2009-01-11 05:59 --------- d-----w c:\documents and settings\Sam\Application Data\skypePM
2009-01-11 05:59 --------- d-----w c:\documents and settings\Sam\Application Data\Skype
2009-01-10 09:26 --------- d-----w c:\documents and settings\Sam\Application Data\uTorrent
2008-12-29 09:32 1,760 ----a-w c:\documents and settings\Sam\Application Data\wklnhst.dat
2008-12-14 01:02 --------- d-----w c:\program files\Common Files\Adobe
2008-12-01 06:43 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-01 06:43 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-01 06:18 --------- d-----w c:\program files\Perfect Defender 2009
2008-12-01 05:43 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2008-12-01 05:36 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard
2008-12-01 05:35 --------- d-----w c:\program files\Common Files\iS3
2008-11-26 07:23 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-26 07:20 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-26 07:20 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-11-26 07:19 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-26 07:19 --------- d-----w c:\program files\AVG
2008-11-26 07:19 --------- d-----w c:\documents and settings\Sam\Application Data\AVGTOOLBAR
2008-11-26 07:02 --------- d-----w c:\documents and settings\Sam\Application Data\InstallShield
2008-11-26 07:02 --------- d-----w c:\documents and settings\Sam\Application Data\Final Draft
2008-11-26 07:02 --------- d-----w c:\documents and settings\Sam\Application Data\Apple Computer
2008-11-26 07:02 --------- d-----w c:\documents and settings\Sam\Application Data\acccore
2008-11-26 06:54 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-21 10:24 --------- d-----w c:\program files\iTunes
2008-11-21 10:24 --------- d-----w c:\program files\iPod
2008-11-21 10:24 --------- d-----w c:\program files\Common Files\Apple
2008-11-21 10:24 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 10:22 --------- d-----w c:\program files\QuickTime
2008-11-19 09:28 --------- d-----w c:\program files\coolpro2
2008-10-27 03:25 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-05-07 23:34 15,523,560 ----a-w c:\program files\U1 Setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-12 133104]
"HPsetm"="c:\documents and settings\Sam\Application Data\Google\ijdkq13324484.exe" [2008-11-25 102912]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-05-20 335872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-25 1234712]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-26 c:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe]

c:\documents and settings\Sam\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-14 596584]
SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-06-26 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Sam\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-25 97928]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-06-26 11264]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-05-21 25088]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-06-26 36864]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-06-26 625024]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-25 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-25 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-25 76040]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-09-12 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-11 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-01-11 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 12:41]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://eeepc.asus.com/global
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\gh273u37.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ihatemylife.us/jobs/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 15:11:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-01-11 15:15:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-11 23:15:49

Pre-Run: 8,598,085,632 bytes free
Post-Run: 8,614,494,208 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

226 --- E O F --- 2008-12-18 11:52:18

And a new hijackthis . . .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:00 PM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Documents and Settings\Sam\Application Data\Google\ijdkq13324484.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HPsetm] "C:\Documents and Settings\Sam\Application Data\Google\ijdkq13324484.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8927 bytes

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Adabas D 13.01.00
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Stock Photos 1.0
AIM 6
Apple Mobile Device Support
Apple Software Update
Asus ACPI Driver
ASUSUpdate for Eee PC
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Audioscrobbler for foobar2000 (remove only)
AVG Free 8.0
Azurewave Wireless LAN
Bonjour
Compatibility Pack for the 2007 Office system
Cool Edit Pro 2.1
Eee Instant Key
ETDWare PS/2-x86 7.0.2.5 WHQL
Final Draft 7
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Last.fm 1.5.2.38918
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.5)
Netflix Movie Viewer
OpenOffice.org 2.4
QuickTime
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB960714)
Skype™ 3.6
Spybot - Search & Destroy
StarOffice 8 ASUS Edition
Super Hybrid Engine
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Viewpoint Media Player
VLC media player 0.9.2
WIDCOMM Bluetooth Software
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Writer
WinRAR archiver

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent

I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new HJT scan when finished and post the log back here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:30 PM, on 1/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HPsetm] "C:\Documents and Settings\Sam\Application Data\Google\ijdkq13324484.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9015 bytes

Open notepad and copy/paste the text in the codebox below into it:


Folder::
c:\documents and settings\Sam\Application Data\uTorrent
c:\Program Files\uTorrent

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-



Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

ComboFix 09-01-13.04 - Sam 2009-01-14 18:28:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.546 [GMT -8:00]
Running from: C:\Combo-Fix.exe
Command switches used :: C:\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sam\Application Data\Google\spclrp.dll
c:\documents and settings\Sam\Application Data\uTorrent
c:\documents and settings\Sam\Application Data\uTorrent\1965 - Highway 61 Revisited.torrent
c:\documents and settings\Sam\Application Data\uTorrent\1966 - Blonde On Blonde.torrent
c:\documents and settings\Sam\Application Data\uTorrent\1975 - Blood On The Tracks.torrent
c:\documents and settings\Sam\Application Data\uTorrent\A Colbert Christmas - The Greatest Gift of All! - v0 vbr.torrent
c:\documents and settings\Sam\Application Data\uTorrent\A Hundred Things Keep Me Up At Night.torrent
c:\documents and settings\Sam\Application Data\uTorrent\a.c. newman - 2009 - get guilty.torrent
c:\documents and settings\Sam\Application Data\uTorrent\All We Could Do Was Sing (V0).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Alone II_ The Home Recordings of Rivers Cuomo.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Andrew Bird-Noble Beast.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Animal Collective - Campfire Songs.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Animal Collective - Danse Manatee.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Animal Collective - Merriweather Post Pavilon (V0).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Animal Collective - Spirit They're Gone, Spirit They've Vanished.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Anna Ternheim - 2008 - Anna Sings Sinatra (Leaving On A Mayday Bonus Disc)_.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Anna Ternheim - 2008 - Leaving On A Mayday.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Antarctica_Takes_It-The_Penguin_League-(CDR)-2006.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Arcade Fire - Neon Bible (V0).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Are We Not Horses.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Art Brut - 2005 - Bang Bang Rock & Roll - V0.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Ballast[2008]DvDrip-aXXo.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Band of Horses - Everything All the Time.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Beach House - Devotion [2008].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Beach House.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Belle & Sebastian - The Boy With The Arab Strap (1998).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Belle and Sebastian - Tigermilk.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Bloc Party - A Weekend In The City Instrumentals.torrent
c:\documents and settings\Sam\Application Data\uTorrent\bloc_party-silent_alarm-[2005].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Brand New - Your Favorite Weapon [V0].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Cat Spectacular FLAC.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Cut_Copy-In_Ghost_Colours-2008.torrent
c:\documents and settings\Sam\Application Data\uTorrent\dht.dat
c:\documents and settings\Sam\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Sam\Application Data\uTorrent\Do You Believe in Gosh.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Dog House Music.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Drum's Not Dead.torrent
c:\documents and settings\Sam\Application Data\uTorrent\empire! empire! (i was a lonely estate) - when the sea became a giant (2007).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Exposion (V0).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Fall_Out_Boy-Folie_A_Deux-2008-FALLOUTBOY.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Fleet Foxes (2008) [V0].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Fleet Foxes.torrent
c:\documents and settings\Sam\Application Data\uTorrent\For Emma, Forever Ago.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Frightened Rabbit - Liver! Lung! FR!.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Fringe.S01E01.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Gang Gang Dance Saint Dymphna 2008.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Ghostface Killah - Fishscale (2006) [MP3 V0(VBR)].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Gimme Fiction.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Glasvegas.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Grouper - Dragging a Dead Deer Up a Hill V0.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Here Comes The Indian.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Here We Go Magic.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Heroes.S03E01.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Heroes.S03E02.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Hold On Now Youngster.torrent
c:\documents and settings\Sam\Application Data\uTorrent\hold s v0.torrent
c:\documents and settings\Sam\Application Data\uTorrent\HSBoys&Girls.torrent
c:\documents and settings\Sam\Application Data\uTorrent\If You're Feeling Sinister.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Illinois (2005).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Jens Lekman - Night Falls Over Kortedala (V0 MP3).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Joanna Newsom - Ys.torrent
c:\documents and settings\Sam\Application Data\uTorrent\John Frusciante - Shadows collide with people.torrent
c:\documents and settings\Sam\Application Data\uTorrent\John Frusciante - Smile From The Streets You Hold.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Kanye_West-Robocop_(Promo_CDS)-2008-.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Laura Marling - [2008] - Cross Your Fingers [single].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Laura Marling Alas I Cannot Swin V0.torrent
c:\documents and settings\Sam\Application Data\uTorrent\LCD Soundsystem - 4533.torrent
c:\documents and settings\Sam\Application Data\uTorrent\LCD Soundsystem - LCD Soundsystem (V0).torrent
c:\documents and settings\Sam\Application Data\uTorrent\LCD Soundsystem - Sound Of Silver (2007) [V0].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Liars - Liars (V0).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Lisa Hannigan - Sea Sew (2008).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Los_Campesinos-We_Are_Beautiful_We_Are_Doomed-(Promo)-2008-DV8.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Ludacris - Theater of the Mind [V0].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Man Man - Little Torments.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Man Man - Rabbit Habits [2008].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Man Man - Six Demon Bag [2006].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Man Man - The Man in a Blue Turban with a Face [V0] (2004).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Marching_Band-Spark_Large-2008-RTB.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Margot & the Nuclear So and So's~Not Animal (V0)-2008-iNK.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Margot and the Nuclear So & So's - Animal! [V0].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Marnie Stern - This Is It And I Am It And You Are It And So Is That And He Is It And She Is It And It Is It And That Is That [KRS].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Math and Physics Club - Math and Physics Club.torrent
c:\documents and settings\Sam\Application Data\uTorrent\mewithoutYou- Brother, Sister [V0].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Miwa Gemini - This Is How I Found You (2008).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Mother Mother - O My Heart V2.torrent
c:\documents and settings\Sam\Application Data\uTorrent\MPP.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Muppet Show Album 1 (1977).torrent
c:\documents and settings\Sam\Application Data\uTorrent\No Age- Nouns 320.torrent
c:\documents and settings\Sam\Application Data\uTorrent\No Age.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Noah And The Whale - Peaceful, The World Lays Me Down - 2008 V0.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Notorious B.I.G (Acapella).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Of Montreal - Hissing Fauna, Are You the Destroyer (V0).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Of Montreal - Skeletal Lamping.torrent
c:\documents and settings\Sam\Application Data\uTorrent\One Piece 1 - 300.torrent
c:\documents and settings\Sam\Application Data\uTorrent\One Piece.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Panda Bear - [2007] Person Pitch.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Portishead - Third (2008) [MP3-V0].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Post-War.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Raconteurs - Consolers Of The Lonely (V0).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Relient K - mmhmm.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Relient_K-AP_Acoustic_Session-(EP)-2007-MP3_INT.torrent
c:\documents and settings\Sam\Application Data\uTorrent\resume.dat
c:\documents and settings\Sam\Application Data\uTorrent\resume.dat.1.bad
c:\documents and settings\Sam\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Sam\Application Data\uTorrent\rivers_cuomo-acoustic_session-2004-fnx.torrent
c:\documents and settings\Sam\Application Data\uTorrent\rss.dat
c:\documents and settings\Sam\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Sam\Application Data\uTorrent\Seasick Steve - 2008 - I Started Out With Nothing And I Still Got Most Of It Left (Die Cut Limited Edition).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Separation Sunday [V0].torrent
c:\documents and settings\Sam\Application Data\uTorrent\settings.dat
c:\documents and settings\Sam\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Sam\Application Data\uTorrent\She & Him - Volume One V0.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Silent Shout.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Silver Jews - Lookout Mountain, Lookout Sea [V0].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Six Feet Under Season3 (XviD asd) EnglishV+NapisyPL - www.tvshows.yoyo.pl.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Snoop_Dogg_Presents_Christmas_In_Tha_Dogg_House-2008.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Space Ghost's Surf & Turf.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Space Ghost- Musical Bar-B-Que.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Space Ghost - The Brak Album.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Steel Train (2007) Trampoline.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Sticking Fingers into Sockets [EP].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Studio-Yearbook 1.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Sufjan Stevens.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Sunset Rubdown - 2006 - Shut Up, I Am Dreaming.torrent
c:\documents and settings\Sam\Application Data\uTorrent\T.V. on the Radio - Dear Science (V0).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Tennesee Pusher.torrent
c:\documents and settings\Sam\Application Data\uTorrent\That's Stupid (The Mixtape) [2008].torrent
c:\documents and settings\Sam\Application Data\uTorrent\The City On Christmas.torrent
c:\documents and settings\Sam\Application Data\uTorrent\The Dodos - Beware of the Maniacs.torrent
c:\documents and settings\Sam\Application Data\uTorrent\The Dodos - Visiter.torrent
c:\documents and settings\Sam\Application Data\uTorrent\The Field - From Here We Go Sublime.torrent
c:\documents and settings\Sam\Application Data\uTorrent\The Flaming Lips - Silent Night 7_ (V0).torrent
c:\documents and settings\Sam\Application Data\uTorrent\The Flaming Lips - Yoshimi Battles The Pink Robots [Instrumental].torrent
c:\documents and settings\Sam\Application Data\uTorrent\The Flaming Lips - Yoshimi Battles The Pink Robots.torrent
c:\documents and settings\Sam\Application Data\uTorrent\The Grates - Teeth Won, Hearts Lost (2008) (V0).torrent
c:\documents and settings\Sam\Application Data\uTorrent\The Kids Don't Stand A Chance EP.torrent
c:\documents and settings\Sam\Application Data\uTorrent\The Places You Have Come To Fear The Most.torrent
c:\documents and settings\Sam\Application Data\uTorrent\The Very Best.torrent
c:\documents and settings\Sam\Application Data\uTorrent\The Weepies [2008] Hideaway.torrent
c:\documents and settings\Sam\Application Data\uTorrent\The White Stripes - Elephant.torrent
c:\documents and settings\Sam\Application Data\uTorrent\The.Foot.Fist.Way.LIMITED.DVDRip.XviD-SAPHiRE.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Twin Cinema.torrent
c:\documents and settings\Sam\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Sam\Application Data\uTorrent\Various Artists - 2001 - Colonel Jeffrey Pumpernickel - A Concept Album [V0].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Verbs (V0).torrent
c:\documents and settings\Sam\Application Data\uTorrent\Vivian Girls — Vivian Girls [2008-V0].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Water curses2.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Weezer - [1994] Blue Album.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Weezer - [1996] Pinkerton.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Weezer - Christmas with Weezer 2008.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Who Killed Amanda Palmer v0 MP3.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Why - Alopecia (2008) [V0].torrent
c:\documents and settings\Sam\Application Data\uTorrent\Wolf Parade~At Mount Zoomer-2008 (V0)-iNK.torrent
c:\documents and settings\Sam\Application Data\uTorrent\Yellow House (2006).torrent

.
((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
.

2010-07-02 12:30 . 2008-06-13 03:05 272,128 --a------ c:\windows\system32\drivers\bthport.sys
2010-07-02 12:29 . 2009-01-14 03:25 <DIR> d--h----- c:\windows\$hf_mig$
2010-07-02 12:28 . 2010-07-02 12:29 <DIR> d-------- c:\windows\I386
2009-01-11 17:20 . 2009-01-11 17:20 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-11 17:20 . 2009-01-11 17:20 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-01-11 17:17 . 2009-01-11 17:17 <DIR> d-------- c:\program files\Netflix
2009-01-11 14:58 . 2009-01-14 18:26 3,039,899 -ra------ C:\Combo-Fix.exe
2009-01-10 22:05 . 2009-01-10 22:12 <DIR> d-------- C:\gmer
2009-01-05 14:39 . 2009-01-05 14:39 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 22:44 --------- d-----w c:\documents and settings\Sam\Application Data\OpenOffice.org2
2009-01-12 02:30 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-12 02:28 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-12 01:01 --------- d-----w c:\documents and settings\Sam\Application Data\Skype
2009-01-11 05:59 --------- d-----w c:\documents and settings\Sam\Application Data\skypePM
2008-12-29 09:32 1,760 ----a-w c:\documents and settings\Sam\Application Data\wklnhst.dat
2008-12-14 01:02 --------- d-----w c:\program files\Common Files\Adobe
2008-12-14 00:59 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2008-12-14 00:54 --------- d-----w c:\documents and settings\Sam\Application Data\DAEMON Tools Lite
2008-12-14 00:53 --------- d-----w c:\documents and settings\Sam\Application Data\DAEMON Tools Pro
2008-12-14 00:53 --------- d-----w c:\documents and settings\Sam\Application Data\DAEMON Tools
2008-12-14 00:52 --------- d-----w c:\program files\DAEMON Tools Lite
2008-12-14 00:52 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-14 00:49 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-01 05:43 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2008-12-01 05:36 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard
2008-12-01 05:35 --------- d-----w c:\program files\Common Files\iS3
2008-11-26 07:23 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-26 07:20 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-26 07:20 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-11-26 07:19 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-26 07:19 --------- d-----w c:\program files\AVG
2008-11-26 07:19 --------- d-----w c:\documents and settings\Sam\Application Data\AVGTOOLBAR
2008-11-26 07:02 --------- d-----w c:\documents and settings\Sam\Application Data\InstallShield
2008-11-26 07:02 --------- d-----w c:\documents and settings\Sam\Application Data\Final Draft
2008-11-26 07:02 --------- d-----w c:\documents and settings\Sam\Application Data\Apple Computer
2008-11-26 07:02 --------- d-----w c:\documents and settings\Sam\Application Data\acccore
2008-11-26 06:54 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-21 10:24 --------- d-----w c:\program files\iTunes
2008-11-21 10:24 --------- d-----w c:\program files\iPod
2008-11-21 10:24 --------- d-----w c:\program files\Common Files\Apple
2008-11-21 10:24 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 10:22 --------- d-----w c:\program files\QuickTime
2008-11-19 09:28 --------- d-----w c:\program files\coolpro2
2008-10-27 03:25 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-05-07 23:34 15,523,560 ----a-w c:\program files\U1 Setup.exe
.

------- Sigcheck -------

2008-11-25 22:54 295424 63999d0abd8dabfd76a9c07f6e104868 c:\windows\system32\termsrv.dll
2008-04-14 04:00 295424 ff3477c03be7201c294c35f684b3479f c:\windows\system32\dllcache\termsrv.dll
.
((((((((((((((((((((((((((((( snapshot@2009-01-11_15.13.46.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-05 04:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
- 2000-08-31 16:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 16:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2008-09-08 10:41:42 333,824 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 10:57:09 333,952 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2006-09-29 02:55:50 77,568 ------w c:\windows\system32\drivers\WudfPf.sys
+ 2006-09-29 03:00:34 82,944 ------w c:\windows\system32\drivers\WudfRd.sys
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
+ 2009-01-12 01:14:43 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
- 2009-01-11 23:08:42 53,684 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-14 21:57:16 53,684 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-11 23:08:42 381,794 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-14 21:57:16 381,794 ----a-w c:\windows\system32\perfh009.dat
- 2005-02-25 03:35:05 22,752 ----a-w c:\windows\system32\spupdsvc.exe
+ 2006-09-16 09:05:22 23,856 ----a-w c:\windows\system32\spupdsvc.exe
+ 2006-09-29 04:13:26 95,344 ------w c:\windows\system32\WUDFCoinstaller.dll
+ 2006-09-29 02:56:38 146,432 ------w c:\windows\system32\WudfHost.exe
+ 2006-09-29 02:56:16 165,376 ------w c:\windows\system32\WudfPlatform.dll
+ 2006-09-29 02:56:14 55,808 ------w c:\windows\system32\WudfSvc.dll
+ 2006-09-29 02:56:38 316,416 ------w c:\windows\system32\WUDFx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-12 133104]
"HPsetm"="c:\documents and settings\Sam\Application Data\Google\ijdkq13324484.exe" [2008-11-25 102912]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-05-20 335872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-11 1261336]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-26 c:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe]

c:\documents and settings\Sam\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-14 596584]
SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-06-26 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Sam\\Desktop\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-25 97928]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-06-26 11264]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-05-21 25088]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-06-26 36864]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-06-26 625024]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-25 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-25 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-25 76040]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-09-12 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2241859383-359463628-3350175285-1006.job
- c:\documents and settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 12:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eeepc.asus.com/global
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\gh273u37.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ihatemylife.us/jobs/
FF - plugin: c:\documents and settings\Sam\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 18:33:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2009-01-14 18:36:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-15 02:36:13
ComboFix2.txt 2009-01-11 23:16:03

Pre-Run: 8,022,114,304 bytes free
Post-Run: 8,045,408,256 bytes free

374 --- E O F --- 2009-01-14 11:25:53

Please post also a fresh HijackThis log :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:18:00 PM, on 1/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HPsetm] "C:\Documents and Settings\Sam\Application Data\Google\ijdkq13324484.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9018 bytes

I'd like you to check a file for malware.

Go to VirusTotal (http://www.virustotal.com) or Jotti's (http://virusscan.jotti.org/)


c:\windows\system32\termsrv.dll

Copy/Paste the first file on the list into the white Upload a file box.
Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
After a while, a window will open, with details of what the scans found.
Save the complete results in a Notepad/Word document on your desktop.
Post back results here, please.

File termsrv.dll received on 01.18.2009 00:51:40 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)


File termsrv.dll received on 01.18.2009 00:51:40 (CET)
Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.17 -
AhnLab-V3 2009.1.15.0 2009.01.17 -
AntiVir 7.9.0.57 2009.01.17 -
Authentium 5.1.0.4 2009.01.17 -
Avast 4.8.1281.0 2009.01.16 -
AVG 8.0.0.229 2009.01.17 -
BitDefender 7.2 2009.01.18 -
CAT-QuickHeal 10.00 2009.01.17 -
ClamAV 0.94.1 2009.01.17 -
Comodo 934 2009.01.17 -
DrWeb 4.44.0.09170 2009.01.18 -
eSafe 7.0.17.0 2009.01.15 -
eTrust-Vet 31.6.6312 2009.01.17 -
F-Prot 4.4.4.56 2009.01.17 -
F-Secure 8.0.14470.0 2009.01.17 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.18 -
Ikarus T3.1.1.45.0 2009.01.17 -
K7AntiVirus 7.10.594 2009.01.17 -
Kaspersky 7.0.0.125 2009.01.18 -
McAfee 5498 2009.01.17 -
McAfee+Artemis 5498 2009.01.17 -
Microsoft 1.4205 2009.01.17 -
NOD32 3774 2009.01.17 -
Norman 5.93.01 2009.01.16 -
nProtect 2009.1.8.0 2009.01.16 -
Panda 9.5.1.2 2009.01.17 -
PCTools 4.4.2.0 2009.01.17 -
Prevx1 V2 2009.01.18 -
Rising 21.12.52.00 2009.01.17 -
SecureWeb-Gateway 6.7.6 2009.01.17 -
Sophos 4.37.0 2009.01.17 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.18 -
TheHacker 6.3.1.5.222 2009.01.17 -
TrendMicro 8.700.0.1004 2009.01.16 -
VBA32 3.12.8.10 2009.01.17 -
ViRobot 2009.1.17.1563 2009.01.17 -
VirusBuster 4.5.11.0 2009.01.17 -
Additional information
File size: 295424 bytes
MD5...: 63999d0abd8dabfd76a9c07f6e104868
SHA1..: 509689ba3edd2cfad361773708b72dc35f1c77b8
SHA256: 5f6f0507b9ec1e8843363ea312475e9e6dd129e03ecb5308db285cd15fdfd482
SHA512: 2b13e8fecc4970fc2a812ff8f71e56cc3398aba89b97b99c865181de1e92ea34<br>96aeb602f4bda58cf35f01a09f49059334f63ea6aae02b4861b42375ebf408bb<br>
ssdeep: 6144:BRp6fWMV1Adl7LQup17zettU8kY0c0XwJs/nE0fiLitmNGAM:BPvMV1/ixe<br>ttmXwu/nHtc8<br>
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (80.9%)<br>Win32 Executable Generic (8.0%)<br>Win32 Dynamic Link Library (generic) (7.1%)<br>Generic Win/DOS Executable (1.8%)<br>DOS Executable Generic (1.8%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x761119fd<br>timedatestamp.....: 0x4802a11c (Mon Apr 14 00:11:08 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x3f7ca 0x3f800 6.62 d12183a6fa34bf7974abe33c87bdee41<br>.data 0x41000 0x9838 0x1200 5.40 2c69a08d65ee8234c239668dd7d86937<br>.rsrc 0x4b000 0x3e50 0x4000 3.25 07385c44d1453e3272809960a81ac436<br>.reloc 0x4f000 0x32ee 0x3400 6.19 c59c84e9cda7289330e30d991fa19248<br><br>( 17 imports ) <br>&gt; msvcrt.dll: wcscpy, wcscmp, _except_handler3, _wcsnicmp, wcscat, swscanf, wcsncpy, wcslen, wcsncat, swprintf, wcsrchr, memmove, _snwprintf, wcschr, sprintf, qsort, strncpy, gmtime, time, mktime, _mbslen, mbstowcs, __3@YAXPAX@Z, __2@YAPAXI@Z, free, _initterm, malloc, _adjust_fdiv, _ftol, _snprintf, strncmp, iswdigit, _wcsupr, wcstok, _wtol, _stricmp, __CxxFrameHandler, _purecall, _wcsicmp<br>&gt; ntdll.dll: NtOpenProcessToken, NtQueryInformationToken, RtlLengthSid, RtlCopySid, NtAllocateVirtualMemory, NtFreeVirtualMemory, RtlAcquireResourceShared, NtDelayExecution, DbgBreakPoint, RtlPrefixUnicodeString, NtResetEvent, NtWaitForMultipleObjects, RtlInitializeGenericTable, RtlDeleteCriticalSection, NtOpenProcess, NtQueryVirtualMemory, RtlLookupElementGenericTable, RtlCompareMemory, RtlInsertElementGenericTable, RtlDeleteElementGenericTable, RtlInitializeResource, NtCreateEvent, NtDuplicateObject, NtQuerySystemTime, RtlEqualSid, RtlAdjustPrivilege, RtlInitializeCriticalSection, NtTerminateProcess, RtlLengthRequiredSid, NtReleaseMutant, NtWaitForSingleObject, NtCreateMutant, NtQueryInformationProcess, NtDuplicateToken, NtSetInformationThread, RtlpNtEnumerateSubKey, NtRequestPort, NtConnectPort, NtSetEvent, RtlEnterCriticalSection, RtlAllocateHeap, NtOpenThreadToken, NtReplyPort, NtCompleteConnectPort, NtAcceptConnectPort, NtCreateSection, NtReplyWaitReceivePort, RtlFreeUnicodeString, NtCreatePort, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlQueryRegistryValues, NtDeviceIoControlFile, RtlExtendedLargeIntegerDivide, RtlConvertExclusiveToShared, RtlConvertSharedToExclusive, RtlDeleteResource, NtRequestWaitReplyPort, RtlFreeHeap, RtlLeaveCriticalSection, RtlAcquireResourceExclusive, RtlReleaseResource, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, NtClose, VerSetConditionMask, RtlCreateEnvironment, RtlSetProcessIsCritical, DbgPrint, NtQuerySystemInformation, NtSetTimer, NtCreateTimer, RtlCopySecurityDescriptor, RtlNtStatusToDosError, RtlDeleteAce, RtlGetAce, RtlQueryInformationAcl, RtlGetDaclSecurityDescriptor, RtlMapGenericMask, RtlSubAuthoritySid, RtlInitializeSid, RtlCreateUserSecurityObject, RtlSetDaclSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlCreateSecurityDescriptor, RtlWriteRegistryValue, RtlCreateRegistryKey, RtlLengthSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, NtSetSecurityObject, NtQuerySecurityObject, NtOpenSymbolicLinkObject, NtQueryDirectoryObject, NtCreateDirectoryObject, RtlFreeSid, RtlAllocateAndInitializeSid, RtlIntegerToUnicodeString, RtlAppendUnicodeToString, NtQueryMutant<br>&gt; ICAAPI.dll: IcaOpen, IcaStackCallback, IcaStackConnectionWait, IcaStackConnectionRequest, IcaStackConnectionAccept, _IcaStackIoControl, IcaStackUnlock, IcaStackReconnect, IcaStackTerminate, IcaChannelClose, IcaStackIoControl, IcaPushConsoleStack, IcaChannelOpen, IcaChannelIoControl, IcaStackConnectionClose, IcaStackClose, IcaClose, IcaIoControl, IcaStackOpen, IcaStackDisconnect<br>&gt; SHELL32.dll: SHGetFolderPathA<br>&gt; SETUPAPI.dll: SetupDiGetDeviceRegistryPropertyA, SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiDestroyDeviceInfoList<br>&gt; SHLWAPI.dll: PathAppendA<br>&gt; WINTRUST.dll: CryptCATAdminCalcHashFromFileHandle, CryptCATAdminEnumCatalogFromHash, CryptCATCatalogInfoFromContext, CryptCATAdminReleaseCatalogContext, CryptCATAdminReleaseContext, WTHelperProvDataFromStateData, WTHelperGetProvSignerFromChain, CryptCATAdminAcquireContext, WinVerifyTrust<br>&gt; RPCRT4.dll: RpcServerInqDefaultPrincNameW, RpcServerRegisterAuthInfoW, RpcServerRegisterIfEx, RpcBindingToStringBindingW, RpcServerListen, RpcImpersonateClient, I_RpcBindingIsClientLocal, RpcRevertToSelf, RpcServerUseProtseqEpW, I_RpcBindingInqLocalClientPID, RpcStringFreeW, RpcRaiseException, RpcSsContextLockExclusive, NdrServerCall2, RpcServerRegisterIf, RpcStringBindingParseW<br>&gt; KERNEL32.dll: GetLocalTime, GetDiskFreeSpaceA, GetDateFormatW, FileTimeToSystemTime, InitializeCriticalSection, GetVersion, CreateMutexW, GetModuleHandleA, InterlockedExchange, OutputDebugStringA, GetProcessAffinityMask, SetThreadAffinityMask, ResumeThread, GetExitCodeThread, GetSystemInfo, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GetVolumeInformationA, GlobalMemoryStatus, lstrlenA, lstrcpyA, GetFileSize, WriteFile, SetFilePointer, ReadFile, CreateFileA, HeapAlloc, HeapFree, CompareFileTime, CreateWaitableTimerW, SetWaitableTimer, FormatMessageW, LeaveCriticalSection, GetSystemDefaultLCID, SystemTimeToFileTime, LoadLibraryExA, GetVersionExA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetCurrentThreadId, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, DelayLoadFailureHook, lstrcpynW, GetACP, MultiByteToWideChar, SetLastError, lstrlenW, LocalFree, LocalAlloc, GetProcessHeap, DisableThreadLibraryCalls, DebugBreak, Sleep, CloseHandle, CreateProcessW, GetCurrentProcessId, IsDebuggerPresent, GetVersionExW, ResetEvent, SetEvent, VerifyVersionInfoW, CreateEventW, GetLastError, ReleaseMutex, UnmapViewOfFile, MapViewOfFile, OpenFileMappingW, WaitForMultipleObjects, OpenEventW, OpenMutexW, InterlockedDecrement, CreateThread, CreateFileW, GetSystemDirectoryW, GetSystemTime, GetComputerNameA, GetSystemTimeAsFileTime, UnregisterWait, WaitForSingleObject, InterlockedIncrement, lstrcpyW, ExitThread, QueryDosDeviceW, ProcessIdToSessionId, IsBadReadPtr, IsBadWritePtr, OpenProcess, GetComputerNameW, FreeLibrary, GetProcAddress, LoadLibraryW, GetProfileStringW, GetTickCount, RegisterWaitForSingleObject, lstrcatW, lstrcmpiW, GetProfileIntW, GetWindowsDirectoryW, SetThreadPriority, GetCurrentThread, LocalSize, GetCurrentProcess, PulseEvent, GetComputerNameExW, WideCharToMultiByte, InitializeCriticalSectionAndSpinCount, EnterCriticalSection, DeleteCriticalSection<br>&gt; USER32.dll: GetCursorPos, wvsprintfA, BroadcastSystemMessageA, wsprintfA, GetSystemMetrics, wsprintfW, ExitWindowsEx, LoadStringW, MessageBeep, GetMessageTime<br>&gt; Secur32.dll: GetUserNameExW<br>&gt; WS2_32.dll: -, -, -, getaddrinfo, -, -<br>&gt; ADVAPI32.dll: GetSidSubAuthorityCount, GetSidSubAuthority, AccessCheckAndAuditAlarmW, AllocateAndInitializeSid, SetEntriesInAclW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegEnumKeyW, DeregisterEventSource, CryptAcquireContextW, CryptCreateHash, CryptImportKey, CryptVerifySignatureW, CryptDestroyKey, CryptDestroyHash, CryptReleaseContext, AddAce, GetAce, GetAclInformation, GetUserNameA, CryptHashData, RegisterServiceCtrlHandlerW, GetSidIdentifierAuthority, IsValidSid, GetTokenInformation, EqualSid, LookupAccountSidW, RegSetValueExW, CryptGenRandom, RegisterEventSourceW, ReportEventW, SetServiceBits, RegOpenKeyW, GetUserNameW, SetServiceStatus, RegOpenKeyExW, GetSecurityDescriptorDacl, LsaDelete, LsaSetSecret, LsaClose, LsaOpenSecret, LsaCreateSecret, LsaOpenPolicy, LsaFreeMemory, LsaQuerySecret, GetEventLogInformation, LsaQueryInformationPolicy, RegQueryValueExW, RegCloseKey, LogonUserW, AddAccessAllowedAce, InitializeAcl, GetLengthSid, OpenThreadToken, CheckTokenMembership, MakeSelfRelativeSD, MakeAbsoluteSD, IsValidSecurityDescriptor, ElfReportEventW, ElfRegisterEventSourceW, I_ScSendTSMessage, RegNotifyChangeKeyValue, RegCreateKeyExW, RegQueryValueExA, RegOpenKeyExA, GetCurrentHwProfileA, RegEnumKeyExA, RegEnumKeyExW, LsaStorePrivateData, LsaNtStatusToWinError, LsaRetrievePrivateData, RegDeleteValueW, OpenProcessToken<br>&gt; CRYPT32.dll: CertCloseStore, CertCreateCertificateContext, CertOpenStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertGetIssuerCertificateFromStore, CertVerifySubjectCertificateContext, CryptExportPublicKeyInfo, CertEnumCertificatesInStore, CertFindExtension, CertVerifyCertificateChainPolicy, CertComparePublicKeyInfo, CryptDecodeObject, CryptVerifyCertificateSignature, CryptBinaryToStringW<br>&gt; OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -<br>&gt; AUTHZ.dll: AuthzFreeResourceManager, AuthziAllocateAuditParams, AuthziInitializeAuditParamsWithRM, AuthziInitializeAuditEvent, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthziFreeAuditParams, AuthzInitializeResourceManager, AuthziInitializeAuditEventType, AuthziFreeAuditEventType<br>&gt; mstlsapi.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br><br>( 1 exports ) <br>ServiceMain<br>
CWSandbox info: &lt;a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=63999d0abd8dabfd76a9c07f6e104868' target='_blank'&gt;http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=63999d0abd8dabfd76a9c07f6e104868&lt;/a&gt;

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

Kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, January 18, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, January 18, 2009 20:17:08
Records in database: 1643542
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 56483
Threat name: 7
Infected objects: 11
Suspicious objects: 0
Duration of the scan: 02:32:55


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Documents and Settings\Sam\nah_mskg.exe.vir Infected: Trojan.Win32.Inject.lpl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSpqlt.sys.vir Infected: Backdoor.Win32.TDSS.bkw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\__.zip Infected: Backdoor.Win32.TDSS.bkw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSScfmm.dll.vir Infected: Trojan.Win32.Agent.arvz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSScfum.dll.vir Infected: Rootkit.Win32.TDSS.dbg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSShrxx.dll.vir Infected: Backdoor.Win32.TDSS.asz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSnrsr.dll.vir Infected: Backdoor.Win32.TDSS.asz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSofxh.dll.vir Infected: Backdoor.Win32.TDSS.blh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoiqt.dll.vir Infected: Backdoor.Win32.TDSS.blh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSriqp.dll.vir Infected: Backdoor.Win32.TDSS.atb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSvkql.dll.vir Infected: Backdoor.Win32.TDSS.atb 1

The selected area was scanned.


HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:29 PM, on 1/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Final Draft 7\Final Draft.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HPsetm] "C:\Documents and Settings\Sam\Application Data\Google\ijdkq13324484.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8886 bytes

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Open HijackThis, click do a system scan only and checkmark this:

O4 - HKCU\..\Run: [HPsetm] "C:\Documents and Settings\Sam\Application Data\Google\ijdkq13324484.exe"

Close all windows including browser and press fix checked.

Reboot.

Post back a fresh HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:07 AM, on 1/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8581 bytes

That looks good :)

Please re-enable TeaTimer and post back a fresh HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:55 PM, on 1/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8806 bytes

Log is fine.

Still problems?

Nope, everything is working wonderfully. thanks for everything!

Great :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Please download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.

Then download and install Java Runtime Environment (JRE) 6 Update 11 (http://java.sun.com/javase/downloads/index.jsp).

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (http://www.personalfirewall.comodo.com/download_firewall.html) (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) PC Tools (http://www.pctools.com/firewall/download/)
4) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1644)

Malwarebytes' Anti-Malware Scanning Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1645)


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)

Happy surfing and stay clean! :bigthumb:

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.