PDA

View Full Version : qtru.lfo fix



plank1964
2010-02-15, 19:04
Hi Guys, problem I have is every time I start my pc get this error
Qtru.lfo , don’t know what’s going on, any help would be very welcome,
This is my log
Logfile of HijackThis v1.99.1
Scan saved at 16:42:45, on 15/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\msiexec.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe qtru.lfo gynfhtv
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {69ED654A-D1D9-4F0A-AB8D-DE45FFEEAE6D} - C:\Program Files\Online Services\qurobucyC:\WINDOWS\system32\qui4\qopre83122.exe.dll (file missing)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ball mess - {4AA5E949-83B9-1B50-154A-AF25C3180236} - blank (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\SpyGuardPro\bm.exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094991532328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139074103859
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9b799fe649efa) (gupdate1c9b799fe649efa) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

shelf life
2010-02-21, 15:54
hi plank1964,

Your log is a few days old. If you still need help simply reply to my post.

plank1964
2010-02-21, 19:16
Hi Shelf Life, the problem I have is every time I start the pc I get this
error Qtru.lfo cannot be detected, when I use IE It will not remember my login names and passwords for forums, e-mail ect ect , don’t know what is going on was going to do a clean install of the pc ,as it’s getting on a bit and full of junk, but this would be a last resort any help would be welcome .

shelf life
2010-02-21, 20:05
ok. First we will use hjt, then get two downloads. One is a malware remover the other for a closer look:

start HJT, click "Do a system scan only" put a checkmark beside the items below, close all windows and click "fix checked"

F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe qtru.lfo gynfhtv

O2 - BHO: (no name) - {69ED654A-D1D9-4F0A-AB8D-DE45FFEEAE6D} - C:\Program Files\Online Services\qurobucyC:\WINDOWS\system32\qui4\qopre83122.exe.dll (file missing)

O3 - Toolbar: Ball mess - {4AA5E949-83B9-1B50-154A-AF25C3180236} - blank (file missing)

O4 - HKLM\..\Run: "C:\Program Files\Common Files\SpyGuardPro\bm.exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com

Next:

Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

Last;

Please download [b]DDS (http://download.bleepingcomputer.com/sUBs/dds.scr) and save it to your desktop.
Double click dds.scr to run the tool. When done, DDS.txt will open.
Save both reports to your desktop.
You can Copy/paste both logs in your reply.

Post the Malwarebytes log and the DDS logs.

plank1964
2010-02-21, 23:46
Malwarebytes' Anti-Malware 1.44
Database version: 3772
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/02/2010 21:27:18
mbam-log-2010-02-21 (21-27-18).txt

Scan type: Full Scan (C:\|)
Objects scanned: 252644
Time elapsed: 1 hour(s), 11 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 7
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e524163-8d00-46f3-b239-1f42d48c8ed0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Registry Helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50d5107a-d278-4871-8989-f4ceaaf59cfc} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.SpyGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.SpyGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.SpyGuard) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\claire\Application Data\SpyGuardPro (Rogue.SpyGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\claire\Application Data\SpyGuardPro\Logs (Rogue.SpyGuard) -> Quarantined and deleted successfully.
C:\SpyGuardPro (Rogue.SpyGuard) -> Quarantined and deleted successfully.
C:\SpyGuardPro\AVQuar (Rogue.SpyGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\claire\Local Settings\Temp\NI.UGA6P_0001_N122M2210 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\claire\Application Data\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Documents and Settings\claire\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\claire\Application Data\SpyGuardPro\Logs\threats.log (Rogue.SpyGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\claire\Local Settings\Temp\NI.UGA6P_0001_N122M2210\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\claire\Local Settings\Temp\NI.UGA6P_0001_N122M2210\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\17PHolmes572.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msls50.dll (Trojan.Agent) -> Delete on reboot.

DDS (Ver_09-12-01.01) - NTFSx86
Run by claire at 21:35:41.00 on 21/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.418 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\claire\Desktop\dds.EXE

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer Provided By Sky Broadband
uStart Page = hxxp://www.msn.co.uk/
uDefault_Page_URL = hxxp://www.sky.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Ball mess: {4aa5e949-83b9-1b50-154a-af25c3180236} - blank
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {463DF6D5-BEC1-4D67-B217-59DB692DFC53} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [NvMixerTray] c:\program files\nvidia corporation\nvmixer\NvMixerTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2D337EB0-3BFB-42A3-B314-A24BBA8C085B} - hxxp://download.yahoo.com/dl/mail/yautoiol.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094991532328
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139074103859
DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - hxxp://www.microsoft.com/security/controls/SassCln.CAB
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader_uni.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab31267.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\claire\applic~1\mozilla\firefox\profiles\3zx9mna3.default\
FF - prefs.js: browser.search.selectedEngine - Google.co.uk
FF - prefs.js: browser.startup.homepage - www.msn.co.uk
FF - component: c:\documents and settings\claire\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);

============= SERVICES / DRIVERS ===============

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [2004-6-26 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [2004-6-26 5248]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2006-1-12 102528]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [2006-1-8 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [2006-1-8 5248]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2004-9-15 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-12 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-12 108552]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-4-20 394952]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-12-26 36608]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-8-10 13224]
S3 hercspud;Hercules (R) WDM Audio Driver;c:\windows\system32\drivers\hercspud.sys --> c:\windows\system32\drivers\hercspud.sys [?]
S3 hercwdm;Hercules (R) WDM Interface Driver;c:\windows\system32\drivers\hercwdm.sys --> c:\windows\system32\drivers\hercwdm.sys [?]
S3 oUltraf;oUltraf;\??\c:\docume~1\claire\locals~1\temp\oultraf.sys --> c:\docume~1\claire\locals~1\temp\oUltraf.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-5-19 89256]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-5-19 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-5-19 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-5-19 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-5-19 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-5-19 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-5-19 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-5-19 117672]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009-12-26 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2009-12-26 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2009-12-26 121856]
S3 VGAUTI;VGAUTI;c:\windows\system32\drivers\vgauti.sys [2003-8-25 36644]
S4 Ntlnkwi;Ntlnkwi; [x]

=============== Created Last 30 ================

2010-02-21 20:12:01 0 d-----w- c:\docume~1\claire\applic~1\Malwarebytes
2010-02-21 20:11:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-21 20:11:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-21 20:11:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-21 20:11:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-13 11:20:08 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-03 18:35:18 0 d-----w- c:\program files\iPod
2010-02-03 18:35:06 0 d-----w- c:\program files\iTunes
2010-01-30 20:18:47 0 d-----w- c:\program files\Amazon

==================== Find3M ====================

2010-01-15 18:17:11 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2008-08-27 16:32:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat
2008-04-06 16:01:18 331808 --sha-w- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 21:37:36.28 ===============


DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 15/08/2003 20:15:43
System Uptime: 21/02/2010 21:28:53 (0 hours ago)

Motherboard: http://www.abit.com.tw/ | | NF7-S/NF7 (nVidia-nForce2)
Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2079/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 115 GiB total, 28.447 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM (CDFS)
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 09/02/2010 00:40:47 - System Checkpoint
RP2: 10/02/2010 18:25:13 - System Checkpoint
RP3: 10/02/2010 21:46:53 - Software Distribution Service 3.0
RP4: 12/02/2010 14:46:04 - System Checkpoint
RP5: 13/02/2010 11:07:46 - Restore Operation
RP6: 13/02/2010 11:16:44 - Restore Operation
RP7: 13/02/2010 16:57:39 - Installed WinZip 14.0
RP8: 13/02/2010 16:59:13 - Uniblue RegistryBooster
RP9: 15/02/2010 16:23:01 - Advanced Registry Optimizer 2010 - Before Installation
RP10: 15/02/2010 16:23:59 - ADVANCED REGISTRY OPTIMIZER 2010- FIRST RUN
RP11: 15/02/2010 16:31:15 - Advanced Registry Optimizer 2010 Mon, Feb 15, 10 16:31
RP12: 16/02/2010 20:57:16 - System Checkpoint
RP13: 17/02/2010 21:01:19 - System Checkpoint

==== Installed Programs ======================


3D Groove Playback Engine
3DVIA Player 4.1
3GP Video Converter 3
4oD
Ad-aware 6 Personal
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASAPI Update
Audio Converter
Avanquest update
AVG Free 8.5
AVI Video Joiner 1.2
AVIConverter 3.0
AviSynth 2.5
BBC iPlayer Download Manager
BHA B's Recorder GOLD 5.20
BitTorrent 3.4.2
Bonjour
BufferChm
CardRecovery
CDDRV_Installer
CloneDVD2
Colin McRae Rally 2005
ConvertXtoDVD 2.2.2.256
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
cp_PrintOnCDConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CustomerResearchQFolder
D5100
D5100_Help
DDD Pool
DeviceManagementQFolder
DivxToDVD 0.5.2
DVD Decrypter (Remove Only)
DVD Shrink 3.1.7
DVDFab Decrypter 2.9.5.2
eSupportQFolder
Exact Audio Copy PSP Edition 1.0
Far Cry (Patch 1)
FaxTools
ffdshow (remove only)
FullDPAppQFolder
Google Chrome
Google Earth Pro
Google Toolbar for Internet Explorer
Google Update Helper
Hide Your IP Address
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Premier Software 6.5
HP Product Assistant
HP Solution Center 7.0
HP Update
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
HPSSupply
IBM ViaVoice Command and Control Runtime 5.3 - UK English
IncrediFace (remove only)
InstantShareDevices
InstantShareDevicesMFC
Internet Download Manager
iTunes
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 15
K-Lite Mega Codec Pack 3.4.0
Kali II
KhalInstallWrapper
Logitech SetPoint
Macromedia Fireworks MX 2004
MadOnion.com/3DMark2001 SE
Magic DVD Copier V4.3
Magic DVD Ripper V4.1
Malwarebytes' Anti-Malware
MarketResearch
Medal of Honor Allied Assault
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
mkv2vob
MobileMe Control Panel
Mozilla Firefox (1.5)
MP3 Splitter & Joiner
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPhoneExplorer
Nero 6 Ultra Edition
Network Play System (Patching)
Nokia Connectivity Cable Driver
NVIDIA Drivers
NvMixer
OpenSSL 0.9.6m
OptionalContentQFolder
PanoStandAlone
PC Connectivity Solution
Photodex Presenter
PhotoDVD 2.5.2.0
PhotoGallery
QuickTime
RandMap
RealPlayer
Registry Mechanic 5.2
Rhapsody Player Engine
Roxio Express Labeler 3
Safari
Samsung Converter
Samsung Master
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung USB Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Shop for HP Supplies
SkinsHP1
Sky Broadband
SlideShow
SlideShowMusic
SolutionCenter
Sonic_PrimoSDK
Sony Ericsson PC Suite 4.010.00
Status
Synacast Plug-in 1.0.9.5
Toolbox
TrayApp
TSUNAMI-MPEG DVD Author PRO
Unload
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Service
VLC media player 1.0.1
WebFldrs XP
WebReg
WinAVIVideoConverter
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip 14.0
Xilisoft Video Converter Ultimate
ZoneAlarm Pro

==== Event Viewer Messages From Past Week ========

21/02/2010 21:31:28, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde
21/02/2010 16:31:16, error: Service Control Manager [7022] - The KService service hung on starting.
19/02/2010 16:03:39, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
18/02/2010 11:17:02, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 00508DFB38CB has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
15/02/2010 21:51:21, error: Service Control Manager [7023] - The Microsoft Time service terminated with the following error: The specified module could not be found.
15/02/2010 15:53:22, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/02/2010 15:53:21, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

==== End Of File ===========================

shelf life
2010-02-22, 00:51
ok good. We will get one more download to use. Its called combofix. there is a guide to read before using it. Read through and follow the guide. Download Combofix, disable AV etc as explained in the guide. Post the combofix log in your reply.

the guide;
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

plank1964
2010-02-22, 19:59
Hi Shelf Life, this is the report from Combo fix..

ComboFix 10-02-21.02 - claire 22/02/2010 17:32:48.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.537 [GMT 0:00]
Running from: c:\documents and settings\claire\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\claire\Application Data\Desktopicon
c:\documents and settings\claire\Application Data\Desktopicon\config.ini
c:\documents and settings\claire\Application Data\inst.exe
C:\LOG.TXT
c:\windows\run.log
c:\windows\system32\ineWc01

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OULTRAF
-------\Service_oUltraf


((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 )))))))))))))))))))))))))))))))
.

2010-02-21 20:12 . 2010-02-21 20:12 -------- d-----w- c:\documents and settings\claire\Application Data\Malwarebytes
2010-02-21 20:11 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-21 20:11 . 2010-02-21 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-21 20:11 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-21 20:11 . 2010-02-21 20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-13 16:58 . 2010-02-13 16:58 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Application Data\Uniblue
2010-02-13 16:58 . 2010-02-13 18:33 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Local Settings\Application Data\WinZip
2010-02-13 15:50 . 2010-02-13 15:50 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Local Settings\Application Data\Mozilla
2010-02-13 11:20 . 2010-02-13 11:20 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-08 20:38 . 2010-02-08 20:38 -------- d-----w- c:\documents and settings\claire\Local Settings\Application Data\iRinger
2010-02-04 19:40 . 2010-02-04 19:40 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Local Settings\Application Data\Ahead
2010-02-03 18:35 . 2010-02-03 18:35 -------- d-----w- c:\program files\iPod
2010-02-03 18:35 . 2010-02-03 18:35 -------- d-----w- c:\program files\iTunes
2010-02-03 18:32 . 2010-02-03 18:32 -------- d-----w- c:\program files\QuickTime
2010-01-30 20:20 . 2010-01-30 20:20 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Application Data\Amazon
2010-01-30 20:18 . 2010-01-30 20:18 -------- d-----w- c:\program files\Amazon
2010-01-25 18:49 . 2010-01-25 18:50 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Application Data\MSN6
2010-01-25 18:48 . 2010-01-25 18:48 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Local Settings\Application Data\Identities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 17:49 . 2009-01-03 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-02-22 17:45 . 2009-09-27 14:48 -------- d-----w- c:\documents and settings\claire\Application Data\DMCache
2010-02-21 22:01 . 2010-02-22 15:16 55296 ----a-w- c:\windows\Internet Logs\xDB3ED.tmp
2010-02-21 22:01 . 2010-02-22 15:16 2817024 ----a-w- c:\windows\Internet Logs\xDB3EE.tmp
2010-02-21 22:00 . 2009-08-31 16:50 -------- d-----w- c:\documents and settings\claire\Application Data\vlc
2010-02-21 21:29 . 2010-02-21 21:30 85504 ----a-w- c:\windows\Internet Logs\xDB3EC.tmp
2010-02-20 20:29 . 2010-02-21 16:27 2786816 ----a-w- c:\windows\Internet Logs\xDB3EB.tmp
2010-02-20 20:29 . 2010-02-21 16:27 91648 ----a-w- c:\windows\Internet Logs\xDB3EA.tmp
2010-02-20 19:12 . 2010-01-17 17:26 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Application Data\vlc
2010-02-20 16:18 . 2010-01-19 17:16 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Application Data\DMCache
2010-02-19 20:22 . 2010-02-20 16:16 48640 ----a-w- c:\windows\Internet Logs\xDB3E8.tmp
2010-02-19 20:22 . 2010-02-20 16:17 2781184 ----a-w- c:\windows\Internet Logs\xDB3E9.tmp
2010-02-19 18:03 . 2010-01-19 17:16 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Application Data\IDM
2010-02-18 20:18 . 2010-02-19 16:01 53248 ----a-w- c:\windows\Internet Logs\xDB3E7.tmp
2010-02-18 13:56 . 2010-02-18 19:12 73728 ----a-w- c:\windows\Internet Logs\xDB3E5.tmp
2010-02-18 13:56 . 2010-02-18 19:12 2780160 ----a-w- c:\windows\Internet Logs\xDB3E6.tmp
2010-02-16 23:35 . 2010-02-17 11:23 2778624 ----a-w- c:\windows\Internet Logs\xDB3E4.tmp
2010-02-16 23:35 . 2010-02-17 11:23 54272 ----a-w- c:\windows\Internet Logs\xDB3E3.tmp
2010-02-16 00:14 . 2010-02-16 20:29 2774528 ----a-w- c:\windows\Internet Logs\xDB3E2.tmp
2010-02-16 00:14 . 2010-02-16 20:29 38912 ----a-w- c:\windows\Internet Logs\xDB3E1.tmp
2010-02-15 19:40 . 2010-02-15 21:49 2792448 ----a-w- c:\windows\Internet Logs\xDB3E0.tmp
2010-02-15 19:40 . 2010-02-15 21:49 75264 ----a-w- c:\windows\Internet Logs\xDB3DF.tmp
2010-02-15 15:30 . 2010-02-15 15:50 60416 ----a-w- c:\windows\Internet Logs\xDB3DD.tmp
2010-02-15 15:30 . 2010-02-15 15:50 2774016 ----a-w- c:\windows\Internet Logs\xDB3DE.tmp
2010-02-13 20:11 . 2010-02-15 11:54 2773504 ----a-w- c:\windows\Internet Logs\xDB3DC.tmp
2010-02-13 20:11 . 2010-02-15 11:54 172544 ----a-w- c:\windows\Internet Logs\xDB3DB.tmp
2010-02-13 16:58 . 2008-12-23 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-02-13 15:09 . 2010-01-16 14:58 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Application Data\Apple Computer
2010-02-11 18:10 . 2010-02-12 14:30 91136 ----a-w- c:\windows\Internet Logs\xDB3D9.tmp
2010-02-10 21:52 . 2010-02-11 12:36 63488 ----a-w- c:\windows\Internet Logs\xDB3D8.tmp
2010-02-09 18:40 . 2010-02-10 16:32 2719232 ----a-w- c:\windows\Internet Logs\xDB3D7.tmp
2010-02-09 18:40 . 2010-02-10 16:32 48128 ----a-w- c:\windows\Internet Logs\xDB3D6.tmp
2010-02-09 01:09 . 2010-02-09 16:05 2719232 ----a-w- c:\windows\Internet Logs\xDB3D5.tmp
2010-02-09 01:09 . 2010-02-09 16:05 38400 ----a-w- c:\windows\Internet Logs\xDB3D4.tmp
2010-02-09 00:39 . 2010-02-13 11:11 2719232 ----a-w- c:\windows\Internet Logs\xDB3DA.tmp
2010-02-08 21:24 . 2010-02-09 00:38 2718720 ----a-w- c:\windows\Internet Logs\xDB3D3.tmp
2010-02-08 21:24 . 2010-02-09 00:38 53248 ----a-w- c:\windows\Internet Logs\xDB3D2.tmp
2010-02-07 22:01 . 2010-02-08 20:02 2713088 ----a-w- c:\windows\Internet Logs\xDB3D1.tmp
2010-02-07 22:01 . 2010-02-08 20:02 56832 ----a-w- c:\windows\Internet Logs\xDB3D0.tmp
2010-02-06 14:43 . 2010-02-07 17:22 2712576 ----a-w- c:\windows\Internet Logs\xDB3CF.tmp
2010-02-06 14:43 . 2010-02-07 17:22 45568 ----a-w- c:\windows\Internet Logs\xDB3CE.tmp
2010-02-06 12:58 . 2010-02-06 13:30 2711552 ----a-w- c:\windows\Internet Logs\xDB3CD.tmp
2010-02-06 12:58 . 2010-02-06 13:30 53248 ----a-w- c:\windows\Internet Logs\xDB3CC.tmp
2010-02-05 20:23 . 2010-02-06 12:19 2711040 ----a-w- c:\windows\Internet Logs\xDB3CB.tmp
2010-02-05 20:23 . 2010-02-06 12:19 44544 ----a-w- c:\windows\Internet Logs\xDB3CA.tmp
2010-02-05 11:51 . 2010-02-05 15:42 2710528 ----a-w- c:\windows\Internet Logs\xDB3C9.tmp
2010-02-05 11:51 . 2010-02-05 15:42 45568 ----a-w- c:\windows\Internet Logs\xDB3C8.tmp
2010-02-04 23:13 . 2010-02-05 10:54 84992 ----a-w- c:\windows\Internet Logs\xDB3C7.tmp
2010-02-04 14:30 . 2010-02-04 17:17 44544 ----a-w- c:\windows\Internet Logs\xDB3C6.tmp
2010-02-03 20:12 . 2010-02-04 13:23 95744 ----a-w- c:\windows\Internet Logs\xDB3C4.tmp
2010-02-03 20:12 . 2010-02-04 13:23 2706432 ----a-w- c:\windows\Internet Logs\xDB3C5.tmp
2010-02-03 20:09 . 2010-02-03 20:09 79488 ----a-w- c:\documents and settings\Drew's iphone.RAPID\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-03 18:35 . 2009-07-11 15:15 -------- d-----w- c:\program files\Common Files\Apple
2010-02-03 18:25 . 2010-02-03 18:25 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-03 10:48 . 2010-02-03 15:34 44032 ----a-w- c:\windows\Internet Logs\xDB3C2.tmp
2010-02-03 10:48 . 2010-02-03 15:34 2691072 ----a-w- c:\windows\Internet Logs\xDB3C3.tmp
2010-02-02 23:12 . 2010-02-03 10:02 2690560 ----a-w- c:\windows\Internet Logs\xDB3C1.tmp
2010-02-02 23:12 . 2010-02-03 10:02 83968 ----a-w- c:\windows\Internet Logs\xDB3C0.tmp
2010-02-02 18:23 . 2010-02-02 19:11 61440 ----a-w- c:\windows\Internet Logs\xDB3BE.tmp
2010-02-02 18:23 . 2010-02-02 19:11 2690048 ----a-w- c:\windows\Internet Logs\xDB3BF.tmp
2010-02-01 18:54 . 2010-02-02 09:24 2684416 ----a-w- c:\windows\Internet Logs\xDB3BD.tmp
2010-02-01 18:54 . 2010-02-02 09:24 55296 ----a-w- c:\windows\Internet Logs\xDB3BC.tmp
2010-02-01 01:51 . 2010-02-01 16:37 2683904 ----a-w- c:\windows\Internet Logs\xDB3BB.tmp
2010-02-01 01:51 . 2010-02-01 16:37 37888 ----a-w- c:\windows\Internet Logs\xDB3BA.tmp
2010-01-31 19:12 . 2010-02-01 00:25 2683392 ----a-w- c:\windows\Internet Logs\xDB3B9.tmp
2010-01-31 19:12 . 2010-02-01 00:25 51200 ----a-w- c:\windows\Internet Logs\xDB3B8.tmp
2010-01-31 14:11 . 2010-01-31 16:43 2682880 ----a-w- c:\windows\Internet Logs\xDB3B7.tmp
2010-01-31 14:11 . 2010-01-31 16:43 91136 ----a-w- c:\windows\Internet Logs\xDB3B6.tmp
2010-01-31 00:34 . 2010-01-31 11:16 73216 ----a-w- c:\windows\Internet Logs\xDB3B4.tmp
2010-01-31 00:34 . 2010-01-31 11:16 2682368 ----a-w- c:\windows\Internet Logs\xDB3B5.tmp
2010-01-30 13:24 . 2010-01-30 16:58 2678272 ----a-w- c:\windows\Internet Logs\xDB3B3.tmp
2010-01-30 13:24 . 2010-01-30 16:58 74752 ----a-w- c:\windows\Internet Logs\xDB3B2.tmp
2010-01-29 20:03 . 2010-01-30 12:02 2676224 ----a-w- c:\windows\Internet Logs\xDB3B1.tmp
2010-01-29 20:03 . 2010-01-30 12:02 48640 ----a-w- c:\windows\Internet Logs\xDB3B0.tmp
2010-01-28 22:42 . 2010-01-29 15:18 2673152 ----a-w- c:\windows\Internet Logs\xDB3AF.tmp
2010-01-28 22:42 . 2010-01-29 15:18 54784 ----a-w- c:\windows\Internet Logs\xDB3AE.tmp
2010-01-28 01:40 . 2010-01-28 16:11 2673152 ----a-w- c:\windows\Internet Logs\xDB3AD.tmp
2010-01-28 01:40 . 2010-01-28 16:11 36864 ----a-w- c:\windows\Internet Logs\xDB3AC.tmp
2010-01-27 21:09 . 2010-01-28 01:10 53248 ----a-w- c:\windows\Internet Logs\xDB3AA.tmp
2010-01-27 21:09 . 2010-01-28 01:10 2674176 ----a-w- c:\windows\Internet Logs\xDB3AB.tmp
2010-01-27 10:15 . 2010-01-27 16:56 2672640 ----a-w- c:\windows\Internet Logs\xDB3A9.tmp
2010-01-27 10:15 . 2010-01-27 16:56 40960 ----a-w- c:\windows\Internet Logs\xDB3A8.tmp
2010-01-26 20:39 . 2010-01-27 09:19 2672640 ----a-w- c:\windows\Internet Logs\xDB3A7.tmp
2010-01-26 20:39 . 2010-01-27 09:19 56320 ----a-w- c:\windows\Internet Logs\xDB3A6.tmp
2010-01-26 15:59 . 2010-01-26 16:17 96768 ----a-w- c:\windows\Internet Logs\xDB3A4.tmp
2010-01-26 15:59 . 2010-01-26 16:17 2672128 ----a-w- c:\windows\Internet Logs\xDB3A5.tmp
2010-01-25 22:20 . 2010-01-25 22:21 2671104 ----a-w- c:\windows\Internet Logs\xDB3A3.tmp
2010-01-25 22:20 . 2010-01-25 22:21 47104 ----a-w- c:\windows\Internet Logs\xDB3A2.tmp
2010-01-25 00:45 . 2010-01-25 18:25 2669056 ----a-w- c:\windows\Internet Logs\xDB3A1.tmp
2010-01-25 00:45 . 2010-01-25 18:25 36864 ----a-w- c:\windows\Internet Logs\xDB3A0.tmp
2010-01-24 18:53 . 2010-01-24 23:57 2668544 ----a-w- c:\windows\Internet Logs\xDB39F.tmp
2010-01-24 18:53 . 2010-01-24 23:57 86016 ----a-w- c:\windows\Internet Logs\xDB39E.tmp
2010-01-22 21:48 . 2010-01-23 17:05 78336 ----a-w- c:\windows\Internet Logs\xDB39C.tmp
2010-01-22 21:48 . 2010-01-23 17:05 2667520 ----a-w- c:\windows\Internet Logs\xDB39D.tmp
2010-01-22 20:02 . 2010-01-22 20:02 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Application Data\Media Player Classic
2010-01-22 20:02 . 2010-01-22 20:02 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Application Data\DivX
2010-01-22 17:24 . 2010-01-22 19:41 43008 ----a-w- c:\windows\Internet Logs\xDB39A.tmp
2010-01-22 17:24 . 2010-01-22 19:41 2667008 ----a-w- c:\windows\Internet Logs\xDB39B.tmp
2010-01-22 11:24 . 2010-01-22 14:07 2666496 ----a-w- c:\windows\Internet Logs\xDB399.tmp
2010-01-22 11:24 . 2010-01-22 14:07 64000 ----a-w- c:\windows\Internet Logs\xDB398.tmp
2007-07-27 19:01 . 2006-01-24 19:02 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-07-27 19:01 . 2006-01-24 19:02 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-27 19:01 . 2006-01-24 19:02 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-04-06 16:01 . 2008-04-06 15:36 331808 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-09-17 3118512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-03-03 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-07 198160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-15 07:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mswspl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-03-12 21:43 81920 ----a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\Program Files\\Java\\j2re1.4.2\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre1.5.0_03\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Kali95\\Kali.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"31876:TCP"= 31876:TCP:ppLive
"43339:UDP"= 43339:UDP:ppLive
"37236:TCP"= 37236:TCP:ppLive
"46733:UDP"= 46733:UDP:ppLive
"35762:TCP"= 35762:TCP:ppLive
"41970:UDP"= 41970:UDP:ppLive

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [26/06/2004 13:17 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [26/06/2004 13:17 5248]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [12/01/2006 11:56 102528]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [08/01/2006 20:27 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [08/01/2006 20:27 5248]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [15/09/2004 17:42 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/10/2008 11:02 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/10/2008 11:02 108552]
S2 gupdate1c9b799fe649efa;Google Update Service (gupdate1c9b799fe649efa);c:\program files\Google\Update\GoogleUpdate.exe [07/04/2009 16:00 133104]
S2 vvlkjg;Microsoft Time;c:\windows\system32\svchost.exe -k netsvcs [18/08/2001 10:00 14336]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [26/12/2009 11:53 36608]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [10/08/2009 16:40 13224]
S3 hercspud;Hercules (R) WDM Audio Driver;c:\windows\system32\drivers\hercspud.sys --> c:\windows\system32\drivers\hercspud.sys [?]
S3 hercwdm;Hercules (R) WDM Interface Driver;c:\windows\system32\drivers\hercwdm.sys --> c:\windows\system32\drivers\hercwdm.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [19/05/2009 17:26 89256]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [19/05/2009 17:26 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [19/05/2009 17:26 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [19/05/2009 17:26 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [19/05/2009 17:26 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [19/05/2009 17:26 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [19/05/2009 17:26 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [19/05/2009 17:26 117672]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [26/12/2009 11:53 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [26/12/2009 11:53 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [26/12/2009 11:53 121856]
S3 VGAUTI;VGAUTI;c:\windows\system32\drivers\vgauti.sys [25/08/2003 18:20 36644]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/10/2008 11:02 908056]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/10/2008 11:02 297752]
S4 Ntlnkwi;Ntlnkwi; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vvlkjg
.
Contents of the 'Scheduled Tasks' folder

2010-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 16:00]

2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 16:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
FF - ProfilePath - c:\documents and settings\claire\Application Data\Mozilla\Firefox\Profiles\3zx9mna3.default\
FF - prefs.js: browser.search.selectedEngine - Google.co.uk
FF - prefs.js: browser.startup.homepage - www.msn.co.uk
FF - component: c:\documents and settings\claire\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4AA5E949-83B9-1B50-154A-AF25C3180236} - blank
AddRemove-AVIConverter - c:\program files\AVIConverter\uninst.exe
AddRemove-Synacast Plug-in - c:\program files\Common Files\Synacast\SynaLive\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-22 17:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86D30128]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7768f28
\Driver\ACPI -> ACPI.sys @ 0xf764dcb8
\Driver\atapi -> atapi.sys @ 0xf7605852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vvlkjg]
"ServiceDll"="c:\windows\system32\xtftrkxl.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-1677128483-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07d35bcb-2405-402c-8e91-01b78dc1034d}]
@Denied: (Full) (Everyone)
"Model"=dword:00000020
"Therad"=dword:0000000e
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c5,c5,8a,60,51,8a,4c,c7,c6,63,f1,bf,1b,2e,55,12,c8,4a,4d,ac,ce,
95,78,c4,e7,24,79,e6,03,f4,69,93,f1,b6,55,11,71,ed,a9,e4,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3388)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-02-22 17:55:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-22 17:54

Pre-Run: 30,361,980,928 bytes free
Post-Run: 31,964,659,712 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 5F2F03A16E753986DF83D5DE381B40EC

shelf life
2010-02-23, 04:01
Ok first we will use combofix. Then get a file checked out.
Before using combofix please disable Tea Timer if active, your AV and any running anti-malware.

Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:



File::
c:\windows\system32\xtftrkxl.dll

Driver::
vvlkjg

NetSvcs::
vvlkjg

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vvlkjg]



Name the Notepad file CFScript.txt and Save it to your desktop.
now locate the file you just saved and the combofix icon, both on your desktop
using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log
please post the new combofix log and a new hjt log.
----------------------------------------------
to show all files;

on the desktop double click my computer,at the top click on> tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok

next:
Navigate to C:Windows/system32/drivers/atapi.sys
to see if you can locate it.

Last go to virus total (http://www.virustotal.com/) click the Browse button and locate the file (atapi.sys) again on your machine. Click on it, then on open then upload it using the Send button.
If it says on the website:
File has already been analysed:
click the Reanalyse file now button.

Once done you can copy paste the results in your reply

plank1964
2010-02-23, 19:06
Hi , hope this helps ..

hjt log

Logfile of HijackThis v1.99.1
Scan saved at 16:38:10, on 23/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094991532328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139074103859
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

combofix log

ComboFix 10-02-22.07 - claire 23/02/2010 16:08:32.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.555 [GMT 0:00]
Running from: c:\documents and settings\claire\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\claire\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\system32\xtftrkxl.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VVLKJG
-------\Service_vvlkjg


((((((((((((((((((((((((( Files Created from 2010-01-23 to 2010-02-23 )))))))))))))))))))))))))))))))
.

2010-02-21 20:12 . 2010-02-21 20:12 -------- d-----w- c:\documents and settings\claire\Application Data\Malwarebytes
2010-02-21 20:11 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-21 20:11 . 2010-02-21 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-21 20:11 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-21 20:11 . 2010-02-21 20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-13 16:58 . 2010-02-13 16:58 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Application Data\Uniblue
2010-02-13 16:58 . 2010-02-13 18:33 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Local Settings\Application Data\WinZip
2010-02-13 15:50 . 2010-02-13 15:50 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Local Settings\Application Data\Mozilla
2010-02-13 11:20 . 2010-02-13 11:20 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-08 20:38 . 2010-02-08 20:38 -------- d-----w- c:\documents and settings\claire\Local Settings\Application Data\iRinger
2010-02-04 19:40 . 2010-02-04 19:40 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Local Settings\Application Data\Ahead
2010-02-03 18:35 . 2010-02-03 18:35 -------- d-----w- c:\program files\iPod
2010-02-03 18:35 . 2010-02-03 18:35 -------- d-----w- c:\program files\iTunes
2010-02-03 18:32 . 2010-02-03 18:32 -------- d-----w- c:\program files\QuickTime
2010-01-30 20:20 . 2010-01-30 20:20 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Application Data\Amazon
2010-01-30 20:18 . 2010-01-30 20:18 -------- d-----w- c:\program files\Amazon
2010-01-25 18:49 . 2010-01-25 18:50 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Application Data\MSN6
2010-01-25 18:48 . 2010-01-25 18:48 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Local Settings\Application Data\Identities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 16:24 . 2009-01-03 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-02-23 16:20 . 2009-09-27 14:48 -------- d-----w- c:\documents and settings\claire\Application Data\DMCache
2010-02-23 15:40 . 2009-05-19 17:26 -------- d-----w- c:\program files\Avanquest update
2010-02-22 19:22 . 2010-02-23 13:09 47104 ----a-w- c:\windows\Internet Logs\xDB3F0.tmp
2010-02-22 19:22 . 2010-02-23 13:09 2888704 ----a-w- c:\windows\Internet Logs\xDB3F1.tmp
2010-02-22 18:47 . 2009-08-31 16:50 -------- d-----w- c:\documents and settings\claire\Application Data\vlc
2010-02-22 18:42 . 2005-02-13 14:19 -------- d-----w- c:\program files\Google
2010-02-22 18:31 . 2008-12-23 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-02-22 18:30 . 2004-05-16 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-02-22 18:26 . 2005-06-09 17:33 -------- d-----w- c:\program files\Audio Converter
2010-02-22 18:16 . 2010-02-22 18:18 180224 ----a-w- c:\windows\Internet Logs\xDB3EF.tmp
2010-02-22 18:14 . 2007-11-18 13:50 -------- d-----w- c:\program files\AVI Video Joiner
2010-02-22 18:04 . 2008-09-13 13:49 -------- d-----w- c:\program files\YouTube Downloader
2010-02-22 18:04 . 2008-12-07 13:03 -------- d-----w- c:\program files\CardRecovery
2010-02-22 18:03 . 2009-04-22 16:40 -------- d-----w- c:\program files\Hide Your IP Address
2010-02-21 22:01 . 2010-02-22 15:16 55296 ----a-w- c:\windows\Internet Logs\xDB3ED.tmp
2010-02-21 22:01 . 2010-02-22 15:16 2817024 ----a-w- c:\windows\Internet Logs\xDB3EE.tmp
2010-02-21 21:29 . 2010-02-21 21:30 85504 ----a-w- c:\windows\Internet Logs\xDB3EC.tmp
2010-02-20 20:29 . 2010-02-21 16:27 2786816 ----a-w- c:\windows\Internet Logs\xDB3EB.tmp
2010-02-20 20:29 . 2010-02-21 16:27 91648 ----a-w- c:\windows\Internet Logs\xDB3EA.tmp
2010-02-20 19:12 . 2010-01-17 17:26 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Application Data\vlc
2010-02-20 16:18 . 2010-01-19 17:16 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Application Data\DMCache
2010-02-19 20:22 . 2010-02-20 16:16 48640 ----a-w- c:\windows\Internet Logs\xDB3E8.tmp
2010-02-19 20:22 . 2010-02-20 16:17 2781184 ----a-w- c:\windows\Internet Logs\xDB3E9.tmp
2010-02-19 18:03 . 2010-01-19 17:16 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Application Data\IDM
2010-02-18 20:18 . 2010-02-19 16:01 53248 ----a-w- c:\windows\Internet Logs\xDB3E7.tmp
2010-02-18 13:56 . 2010-02-18 19:12 73728 ----a-w- c:\windows\Internet Logs\xDB3E5.tmp
2010-02-18 13:56 . 2010-02-18 19:12 2780160 ----a-w- c:\windows\Internet Logs\xDB3E6.tmp
2010-02-16 23:35 . 2010-02-17 11:23 2778624 ----a-w- c:\windows\Internet Logs\xDB3E4.tmp
2010-02-16 23:35 . 2010-02-17 11:23 54272 ----a-w- c:\windows\Internet Logs\xDB3E3.tmp
2010-02-16 00:14 . 2010-02-16 20:29 2774528 ----a-w- c:\windows\Internet Logs\xDB3E2.tmp
2010-02-16 00:14 . 2010-02-16 20:29 38912 ----a-w- c:\windows\Internet Logs\xDB3E1.tmp
2010-02-15 19:40 . 2010-02-15 21:49 2792448 ----a-w- c:\windows\Internet Logs\xDB3E0.tmp
2010-02-15 19:40 . 2010-02-15 21:49 75264 ----a-w- c:\windows\Internet Logs\xDB3DF.tmp
2010-02-15 15:30 . 2010-02-15 15:50 60416 ----a-w- c:\windows\Internet Logs\xDB3DD.tmp
2010-02-15 15:30 . 2010-02-15 15:50 2774016 ----a-w- c:\windows\Internet Logs\xDB3DE.tmp
2010-02-13 20:11 . 2010-02-15 11:54 2773504 ----a-w- c:\windows\Internet Logs\xDB3DC.tmp
2010-02-13 20:11 . 2010-02-15 11:54 172544 ----a-w- c:\windows\Internet Logs\xDB3DB.tmp
2010-02-13 15:09 . 2010-01-16 14:58 -------- d-----w- c:\documents and settings\Drew's iphone.RAPID\Application Data\Apple Computer
2010-02-11 18:10 . 2010-02-12 14:30 91136 ----a-w- c:\windows\Internet Logs\xDB3D9.tmp
2010-02-10 21:52 . 2010-02-11 12:36 63488 ----a-w- c:\windows\Internet Logs\xDB3D8.tmp
2010-02-09 18:40 . 2010-02-10 16:32 2719232 ----a-w- c:\windows\Internet Logs\xDB3D7.tmp
2010-02-09 18:40 . 2010-02-10 16:32 48128 ----a-w- c:\windows\Internet Logs\xDB3D6.tmp
2010-02-09 01:09 . 2010-02-09 16:05 2719232 ----a-w- c:\windows\Internet Logs\xDB3D5.tmp
2010-02-09 01:09 . 2010-02-09 16:05 38400 ----a-w- c:\windows\Internet Logs\xDB3D4.tmp
2010-02-09 00:39 . 2010-02-13 11:11 2719232 ----a-w- c:\windows\Internet Logs\xDB3DA.tmp
2010-02-08 21:24 . 2010-02-09 00:38 2718720 ----a-w- c:\windows\Internet Logs\xDB3D3.tmp
2010-02-08 21:24 . 2010-02-09 00:38 53248 ----a-w- c:\windows\Internet Logs\xDB3D2.tmp
2010-02-07 22:01 . 2010-02-08 20:02 2713088 ----a-w- c:\windows\Internet Logs\xDB3D1.tmp
2010-02-07 22:01 . 2010-02-08 20:02 56832 ----a-w- c:\windows\Internet Logs\xDB3D0.tmp
2010-02-06 14:43 . 2010-02-07 17:22 2712576 ----a-w- c:\windows\Internet Logs\xDB3CF.tmp
2010-02-06 14:43 . 2010-02-07 17:22 45568 ----a-w- c:\windows\Internet Logs\xDB3CE.tmp
2010-02-06 12:58 . 2010-02-06 13:30 2711552 ----a-w- c:\windows\Internet Logs\xDB3CD.tmp
2010-02-06 12:58 . 2010-02-06 13:30 53248 ----a-w- c:\windows\Internet Logs\xDB3CC.tmp
2010-02-05 20:23 . 2010-02-06 12:19 2711040 ----a-w- c:\windows\Internet Logs\xDB3CB.tmp
2010-02-05 20:23 . 2010-02-06 12:19 44544 ----a-w- c:\windows\Internet Logs\xDB3CA.tmp
2010-02-05 11:51 . 2010-02-05 15:42 2710528 ----a-w- c:\windows\Internet Logs\xDB3C9.tmp
2010-02-05 11:51 . 2010-02-05 15:42 45568 ----a-w- c:\windows\Internet Logs\xDB3C8.tmp
2010-02-04 23:13 . 2010-02-05 10:54 84992 ----a-w- c:\windows\Internet Logs\xDB3C7.tmp
2010-02-04 14:30 . 2010-02-04 17:17 44544 ----a-w- c:\windows\Internet Logs\xDB3C6.tmp
2010-02-03 20:12 . 2010-02-04 13:23 95744 ----a-w- c:\windows\Internet Logs\xDB3C4.tmp
2010-02-03 20:12 . 2010-02-04 13:23 2706432 ----a-w- c:\windows\Internet Logs\xDB3C5.tmp
2010-02-03 20:09 . 2010-02-03 20:09 79488 ----a-w- c:\documents and settings\Drew's iphone.RAPID\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-03 18:35 . 2009-07-11 15:15 -------- d-----w- c:\program files\Common Files\Apple
2010-02-03 18:25 . 2010-02-03 18:25 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-03 10:48 . 2010-02-03 15:34 44032 ----a-w- c:\windows\Internet Logs\xDB3C2.tmp
2010-02-03 10:48 . 2010-02-03 15:34 2691072 ----a-w- c:\windows\Internet Logs\xDB3C3.tmp
2010-02-02 23:12 . 2010-02-03 10:02 2690560 ----a-w- c:\windows\Internet Logs\xDB3C1.tmp
2010-02-02 23:12 . 2010-02-03 10:02 83968 ----a-w- c:\windows\Internet Logs\xDB3C0.tmp
2010-02-02 18:23 . 2010-02-02 19:11 61440 ----a-w- c:\windows\Internet Logs\xDB3BE.tmp
2010-02-02 18:23 . 2010-02-02 19:11 2690048 ----a-w- c:\windows\Internet Logs\xDB3BF.tmp
2010-02-01 18:54 . 2010-02-02 09:24 2684416 ----a-w- c:\windows\Internet Logs\xDB3BD.tmp
2010-02-01 18:54 . 2010-02-02 09:24 55296 ----a-w- c:\windows\Internet Logs\xDB3BC.tmp
2010-02-01 01:51 . 2010-02-01 16:37 2683904 ----a-w- c:\windows\Internet Logs\xDB3BB.tmp
2010-02-01 01:51 . 2010-02-01 16:37 37888 ----a-w- c:\windows\Internet Logs\xDB3BA.tmp
2010-01-31 19:12 . 2010-02-01 00:25 2683392 ----a-w- c:\windows\Internet Logs\xDB3B9.tmp
2010-01-31 19:12 . 2010-02-01 00:25 51200 ----a-w- c:\windows\Internet Logs\xDB3B8.tmp
2010-01-31 14:11 . 2010-01-31 16:43 2682880 ----a-w- c:\windows\Internet Logs\xDB3B7.tmp
2010-01-31 14:11 . 2010-01-31 16:43 91136 ----a-w- c:\windows\Internet Logs\xDB3B6.tmp
2010-01-31 00:34 . 2010-01-31 11:16 73216 ----a-w- c:\windows\Internet Logs\xDB3B4.tmp
2010-01-31 00:34 . 2010-01-31 11:16 2682368 ----a-w- c:\windows\Internet Logs\xDB3B5.tmp
2010-01-30 13:24 . 2010-01-30 16:58 2678272 ----a-w- c:\windows\Internet Logs\xDB3B3.tmp
2010-01-30 13:24 . 2010-01-30 16:58 74752 ----a-w- c:\windows\Internet Logs\xDB3B2.tmp
2010-01-29 20:03 . 2010-01-30 12:02 2676224 ----a-w- c:\windows\Internet Logs\xDB3B1.tmp
2010-01-29 20:03 . 2010-01-30 12:02 48640 ----a-w- c:\windows\Internet Logs\xDB3B0.tmp
2010-01-28 22:42 . 2010-01-29 15:18 2673152 ----a-w- c:\windows\Internet Logs\xDB3AF.tmp
2010-01-28 22:42 . 2010-01-29 15:18 54784 ----a-w- c:\windows\Internet Logs\xDB3AE.tmp
2010-01-28 01:40 . 2010-01-28 16:11 2673152 ----a-w- c:\windows\Internet Logs\xDB3AD.tmp
2010-01-28 01:40 . 2010-01-28 16:11 36864 ----a-w- c:\windows\Internet Logs\xDB3AC.tmp
2010-01-27 21:09 . 2010-01-28 01:10 53248 ----a-w- c:\windows\Internet Logs\xDB3AA.tmp
2010-01-27 21:09 . 2010-01-28 01:10 2674176 ----a-w- c:\windows\Internet Logs\xDB3AB.tmp
2010-01-27 10:15 . 2010-01-27 16:56 2672640 ----a-w- c:\windows\Internet Logs\xDB3A9.tmp
2010-01-27 10:15 . 2010-01-27 16:56 40960 ----a-w- c:\windows\Internet Logs\xDB3A8.tmp
2010-01-26 20:39 . 2010-01-27 09:19 2672640 ----a-w- c:\windows\Internet Logs\xDB3A7.tmp
2010-01-26 20:39 . 2010-01-27 09:19 56320 ----a-w- c:\windows\Internet Logs\xDB3A6.tmp
2010-01-26 15:59 . 2010-01-26 16:17 96768 ----a-w- c:\windows\Internet Logs\xDB3A4.tmp
2010-01-26 15:59 . 2010-01-26 16:17 2672128 ----a-w- c:\windows\Internet Logs\xDB3A5.tmp
2010-01-25 22:20 . 2010-01-25 22:21 2671104 ----a-w- c:\windows\Internet Logs\xDB3A3.tmp
2010-01-25 22:20 . 2010-01-25 22:21 47104 ----a-w- c:\windows\Internet Logs\xDB3A2.tmp
2010-01-25 00:45 . 2010-01-25 18:25 2669056 ----a-w- c:\windows\Internet Logs\xDB3A1.tmp
2007-07-27 19:01 . 2006-01-24 19:02 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-07-27 19:01 . 2006-01-24 19:02 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-27 19:01 . 2006-01-24 19:02 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-04-06 16:01 . 2008-04-06 15:36 331808 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-09-17 3118512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-03-03 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-07 198160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-15 07:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-03-12 21:43 81920 ----a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\Program Files\\Java\\j2re1.4.2\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre1.5.0_03\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Kali95\\Kali.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"31876:TCP"= 31876:TCP:ppLive
"43339:UDP"= 43339:UDP:ppLive
"37236:TCP"= 37236:TCP:ppLive
"46733:UDP"= 46733:UDP:ppLive
"35762:TCP"= 35762:TCP:ppLive
"41970:UDP"= 41970:UDP:ppLive

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [26/06/2004 13:17 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [26/06/2004 13:17 5248]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [12/01/2006 11:56 102528]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [08/01/2006 20:27 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [08/01/2006 20:27 5248]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [15/09/2004 17:42 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/10/2008 11:02 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/10/2008 11:02 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/10/2008 11:02 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/10/2008 11:02 297752]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [26/12/2009 11:53 36608]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [10/08/2009 16:40 13224]
S3 hercspud;Hercules (R) WDM Audio Driver;c:\windows\system32\drivers\hercspud.sys --> c:\windows\system32\drivers\hercspud.sys [?]
S3 hercwdm;Hercules (R) WDM Interface Driver;c:\windows\system32\drivers\hercwdm.sys --> c:\windows\system32\drivers\hercwdm.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [19/05/2009 17:26 89256]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [19/05/2009 17:26 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [19/05/2009 17:26 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [19/05/2009 17:26 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [19/05/2009 17:26 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [19/05/2009 17:26 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [19/05/2009 17:26 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [19/05/2009 17:26 117672]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [26/12/2009 11:53 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [26/12/2009 11:53 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [26/12/2009 11:53 121856]
S3 VGAUTI;VGAUTI;c:\windows\system32\drivers\vgauti.sys [25/08/2003 18:20 36644]
S4 Ntlnkwi;Ntlnkwi; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.co.uk/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
FF - ProfilePath - c:\documents and settings\claire\Application Data\Mozilla\Firefox\Profiles\3zx9mna3.default\
FF - prefs.js: browser.search.selectedEngine - Google.co.uk
FF - prefs.js: browser.startup.homepage - www.msn.co.uk
FF - component: c:\documents and settings\claire\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-23 16:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86D16008]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7768f28
\Driver\ACPI -> ACPI.sys @ 0xf764dcb8
\Driver\atapi -> atapi.sys @ 0xf7605852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2376)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Kontiki\KService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-02-23 16:28:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-23 16:28
ComboFix2.txt 2010-02-22 17:55

Pre-Run: 50,960,056,320 bytes free
Post-Run: 50,952,818,688 bytes free

- - End Of File - - E9756A0430053CD576E04DA928A74C30


Virus total result.

a-squared 4.5.0.50 2010.02.23 -
AhnLab-V3 5.0.0.2 2010.02.23 -
AntiVir 8.2.1.172 2010.02.23 -
Antiy-AVL 2.0.3.7 2010.02.23 -
Authentium 5.2.0.5 2010.02.23 -
Avast 4.8.1351.0 2010.02.23 -
AVG 9.0.0.730 2010.02.23 -
BitDefender 7.2 2010.02.23 -
CAT-QuickHeal 10.00 2010.02.23 -
ClamAV 0.96.0.0-git 2010.02.23 -
Comodo 4036 2010.02.23 -
DrWeb 5.0.1.12222 2010.02.23 -
eSafe 7.0.17.0 2010.02.23 Win32.Rootkit
eTrust-Vet 35.2.7323 2010.02.23 -
F-Prot 4.5.1.85 2010.02.22 -
F-Secure 9.0.15370.0 2010.02.23 -
Fortinet 4.0.14.0 2010.02.21 -
GData 19 2010.02.23 -
Ikarus T3.1.1.80.0 2010.02.23 -
Jiangmin 13.0.900 2010.02.23 -
K7AntiVirus 7.10.980 2010.02.22 -
Kaspersky 7.0.0.125 2010.02.23 -
McAfee 5900 2010.02.22 -
McAfee+Artemis 5900 2010.02.22 -
McAfee-GW-Edition 6.8.5 2010.02.23 -
Microsoft 1.5406 2010.02.23 -
NOD32 4890 2010.02.23 -
Norman 6.04.08 2010.02.23 -
nProtect 2009.1.8.0 2010.02.23 -
Panda 10.0.2.2 2010.02.22 -
PCTools 7.0.3.5 2010.02.23 -
Prevx 3.0 2010.02.23 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.23 -
Sunbelt 5694 2010.02.23 -
Symantec 20091.2.0.41 2010.02.23 -
TheHacker 6.5.1.6.206 2010.02.23 -
TrendMicro 9.120.0.1004 2010.02.23 -
VBA32 3.12.12.2 2010.02.23 -
ViRobot 2010.2.23.2198 2010.02.23 -
VirusBuster 5.0.27.0 2010.02.23 -
Additional information
File size: 96512 bytes
MD5...: 9f3a2f5aa6875c72bf062c712cfa2674
SHA1..: a719156e8ad67456556a02c34e762944234e7a44
SHA256: b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9
ssdeep: 1536:MwXpkfV74F1D7yNEZIHRRJMohmus27G1j/XBoDQi7oaRMJfYHFktprll1Kb
DD0uu:MQ+N74vkEZIxMohjsimBoDTRMBwFktZu

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x159f7
timedatestamp.....: 0x4802539d (Sun Apr 13 18:40:29 2008)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x97ba 0x9800 6.45 0d7d81391f33c6450a81be1e3ac8c7b7
NONPAGE 0x9b80 0x18e8 0x1900 6.48 c74a833abd81cc5d037de168e055ad29
.rdata 0xb480 0xa64 0xa80 4.31 8523651899e28819a14bf9415af25708
.data 0xbf00 0xd94 0xe00 0.45 3575b51634ae7a56f55f1ee0a6213834
PAGESCAN 0xcd00 0x157f 0x1580 6.20 dc4c309c4db9576daa752fdd125fccf9
PAGE 0xe280 0x61da 0x6200 6.46 40b83d4d552384e58a03517a98eb4863
INIT 0x14480 0x22be 0x2300 6.47 906462abc478368424ea462d5868d2e3
.rsrc 0x16780 0x3e0 0x400 3.36 8fd2d82e745b289c28bc056d3a0d62ab
.reloc 0x16b80 0xd20 0xd80 6.39 ce2b0898cc0e40b618e5df9099f6be45

( 3 imports )
> ntoskrnl.exe: RtlInitUnicodeString, swprintf, KeSetEvent, IoCreateSymbolicLink, IoGetConfigurationInformation, IoDeleteSymbolicLink, MmFreeMappingAddress, IoFreeErrorLogEntry, IoDisconnectInterrupt, MmUnmapIoSpace, ObReferenceObjectByPointer, IofCompleteRequest, RtlCompareUnicodeString, IofCallDriver, MmAllocateMappingAddress, IoAllocateErrorLogEntry, IoConnectInterrupt, IoDetachDevice, KeWaitForSingleObject, KeInitializeEvent, KeCancelTimer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, IoBuildDeviceIoControlRequest, IoQueueWorkItem, MmMapIoSpace, IoInvalidateDeviceRelations, IoReportDetectedDevice, IoReportResourceForDetection, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, PoRequestPowerIrp, KeInsertByKeyDeviceQueue, PoRegisterDeviceForIdleDetection, sprintf, MmMapLockedPagesSpecifyCache, ObfDereferenceObject, IoGetAttachedDeviceReference, IoInvalidateDeviceState, ZwClose, ObReferenceObjectByHandle, ZwCreateDirectoryObject, IoBuildSynchronousFsdRequest, PoStartNextPowerIrp, IoCreateDevice, RtlCopyUnicodeString, IoAllocateDriverObjectExtension, RtlQueryRegistryValues, ZwOpenKey, RtlFreeUnicodeString, IoStartTimer, KeInitializeTimer, IoInitializeTimer, KeInitializeDpc, KeInitializeSpinLock, IoInitializeIrp, ZwCreateKey, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, ZwSetValueKey, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, IoStartPacket, KefReleaseSpinLockFromDpcLevel, IoBuildAsynchronousFsdRequest, IoFreeMdl, MmUnlockPages, IoWriteErrorLogEntry, KeRemoveByKeyDeviceQueue, MmMapLockedPagesWithReservedMapping, MmUnmapReservedMapping, KeSynchronizeExecution, IoStartNextPacket, KeBugCheckEx, KeRemoveDeviceQueue, KeSetTimer, _allmul, MmProbeAndLockPages, _except_handler3, PoSetPowerState, IoOpenDeviceRegistryKey, RtlWriteRegistryValue, RtlDeleteRegistryValue, _aulldiv, strstr, _strupr, KeQuerySystemTime, IoWMIRegistrationControl, KeTickCount, IoAttachDeviceToDeviceStack, IoDeleteDevice, ExAllocatePoolWithTag, IoAllocateWorkItem, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, MmLockPagableDataSection, IoGetDriverObjectExtension, MmUnlockPagableImageSection, ExFreePoolWithTag, IoFreeIrp, IoFreeWorkItem, InitSafeBootMode, RtlCompareMemory, PoCallDriver, memmove, MmHighestUserAddress
> HAL.dll: KfAcquireSpinLock, READ_PORT_UCHAR, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalGetInterruptVector, HalTranslateBusAddress, KeStallExecutionProcessor, KfReleaseSpinLock, READ_PORT_BUFFER_USHORT, READ_PORT_USHORT, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR
> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
packers (Kaspersky): PE_Patch
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: IDE/ATAPI Port Driver
original name: atapi.sys
internal name: atapi.sys
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

shelf life
2010-02-24, 01:47
hi,

ok thanks for the info. looks ok. dont worry about the eSafe result from virus total.
My file returns the same result. You can do a online scan for another opinion, then I think we can call it quits:

ESET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.

plank1964
2010-02-24, 19:52
Hi, this is the log from Easy online Scanner.


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=11d03e2fed62a3429f3d59059da8c0a8
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-24 05:47:24
# local_time=2010-02-24 05:47:24 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=514 16777214 0 1 184459918 184459918 0 0
# compatibility_mode=1024 16777175 100 0 43220048 43220048 0 0
# compatibility_mode=8192 67108863 100 0 3883 3883 0 0
# compatibility_mode=9217 16777214 75 70 58318018 71983388 0 0
# scanned=98318
# found=2
# cleaned=2
# scan_time=4233
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{705026EE-C90C-4091-8120-3B19F5BFF276}\RP19\A0007100.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

shelf life
2010-02-25, 01:44
ok good. You can download a small tool that will remove Combofix:

Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

Keep Malwarebytes and note that it must be updated manually and a scan started manually. The paid version offers auto-updates and a real time protection feature that runs in the background.

One last thing you can do is a system restore. The how and the why:

One of the features of Windows XP, Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

If all is good, some tips to help you remain malware free:

10 Tips that should help *Reduce and Prevent* your risk To Malware:


1) It is essential to keep your OS (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us),(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and your then prompted to install software to remedy this. Use the Alt+F4 key to close your browser. See also the signs (http://www.virusvault.us/signs1.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If these are constantly finding malware on your computer then its time to review your computer habits.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Do you trust the source?

5) Don't click on ads/pop ups or any offer from websites requesting that you need to install software to your computer--*for any reason.* Use the Alt+f4 key to close your browser.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.*

8) Install and understand the *limitations* of a software firewall.

9) A tool (http://nsslabs.com/general/ie8-hardening-tool.html)for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's.

10) Warez, cracks etc are very popular for carrying all kinds of malware payloads. Using them will cause you all kinds of problems. If you download/install files via p2p (http://www.virusvault.us/p2p.html) networks then you are also much more likely to encounter malicious code. Do you really trust the source of the file? Do you really need another malware source?

A longer version in link below.

Happy Safe Surfing.

plank1964
2010-02-25, 19:16
Hi shelf life, Thank you so much for your time and help with fixing my pc, you are a true Legend , people like you help restore my faith in the internet Thanks’ again. .

shelf life
2010-02-26, 03:37
hi,

Your welcome. happy safe surfing out there.