Greeting computer experts! As with others I have found it impossible to get rid of click.giftload. I've noticed lag when booting up; and something called offerbox.exe(I've noticed using task manager) begins running and causes IE to pop up to various sites. Anyway here's the DDS stuff (I'd really appreciate some help please):

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by colin at 17:20:30.95 on Sun 03/27/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.392 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OfferBox\OfferBox.exe
C:\Documents and Settings\colin\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: OfferBox: {fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} - c:\program files\offerbox\OfferBoxBHO.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DSLSTATEXE] c:\program files\bt voyager 105 adsl modem\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\bt voyager 105 adsl modem\dslagent.exe
mRun: [%FP%Friendly fts.exe] "c:\program files\voyagertest\fts.exe"
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ssdiag] c:\windows\ssdiag.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\documents and settings\colin\start menu\programs\startup\BBC iPlayer Desktop.lnk.disabled
StartupFolder: c:\documents and settings\colin\start menu\programs\startup\OpenOffice.org 3.0.lnk.disabled
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0b\aoltray.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-18 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-18 27784]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2009-2-17 55936]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-6 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-6 297752]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-11-5 30104]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-18 108552]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-11-5 30104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
.
=============== Created Last 30 ================
.
2011-03-22 12:43:40 0 ----a-w- c:\windows\Ytocakor.bin
2011-03-22 12:43:35 -------- d-----w- c:\docume~1\colin\locals~1\applic~1\{104856CE-9875-4766-BA7A-758338F643D1}
2011-03-22 12:42:15 -------- d-----w- c:\docume~1\colin\applic~1\OfferBox
2011-03-22 12:42:12 -------- d-----w- c:\program files\OfferBox
2011-03-22 12:42:00 -------- d-----w- c:\docume~1\colin\applic~1\A6B03AF72E542747E886F291D4CE1A71
2011-03-22 08:05:33 5943120 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{f16d095e-7eca-4855-85b0-d8a503a42fcc}\mpengine.dll
2011-03-17 00:04:35 8704 ----a-w- c:\windows\system32\vidccleaner.exe
2011-03-17 00:04:35 61440 ----a-w- c:\windows\system32\xvid.ax
2011-03-17 00:04:35 552960 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-17 00:04:35 159744 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-17 00:04:06 217088 ----a-w- c:\windows\system32\skjpeg40.dll
2011-03-17 00:04:05 83968 ----a-w- c:\windows\system32\Skbase40.dll
2011-03-17 00:04:03 -------- d-----w- c:\program files\Samsung
2011-03-17 00:03:48 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2011-03-17 00:03:48 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2011-03-17 00:03:48 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2011-03-17 00:03:48 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-03-17 00:03:48 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2011-03-17 00:03:48 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2011-03-17 00:03:48 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2011-03-17 00:03:47 323584 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2011-03-16 23:12:20 -------- d-----w- c:\docume~1\colin\locals~1\applic~1\ArcSoft
2011-03-16 23:11:11 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\ArcSoft
2011-03-16 23:10:40 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2011-03-16 23:10:38 245408 ----a-w- c:\windows\system32\unicows.dll
.
==================== Find3M ====================
.
2011-02-27 15:59:04 90112 ----a-w- c:\windows\DUMPc4b7.tmp
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-11 16:30:30 90112 ----a-w- c:\windows\DUMPa047.tmp
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2007-11-10 23:16:25 2293712 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2007-11-10 23:16:09 3928264 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-11-10 23:15:40 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2005-08-11 10:47:16 5671936 -c--a-w- c:\program files\aq3d.exe
2005-08-04 02:23:07 45056 -c--a-w- c:\program files\FreeDVD.exe
2005-08-04 02:22:53 891020 -c--a-w- c:\program files\DVDFabDecrypter29.exe
2005-08-04 01:47:43 536894 -c--a-w- c:\program files\DVD43_3-5-3_Setup.exe
2005-08-02 23:16:46 414470 -c--a-w- c:\program files\SetupImgTool_1.2.0_63.exe
2005-08-02 23:08:10 899414 -c--a-w- c:\program files\SetupDVDDecrypter_3.5.4.0.exe
2005-08-02 02:22:38 1245802 -c--a-w- c:\program files\dvd-ripper.exe
2005-07-31 10:52:31 1665325 -c--a-w- c:\program files\agsetup.exe
2005-07-30 23:22:45 21904216 -c--a-w- c:\program files\iTunesSetup.exe
2005-07-28 23:59:25 9278904 -c--a-w- c:\program files\heavyweaponsetup.exe
2004-08-09 23:30:22 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2004-06-14 16:04:29 954123 -c--a-w- c:\program files\ChankastUtilv02a3.exe
2004-03-11 13:40:34 308448 -c--a-w- c:\program files\unmsjvm.exe
1997-07-03 09:35:04 109056 -c--a-w- c:\program files\Unwise.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP0802N rev.TK100-28 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8737F439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x873857d0]; MOV EAX, [0x8738584c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x873D1AB8]
3 CLASSPNP[0xF7817FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x87315380]
\Driver\atapi[0x873E2B60] -> IRP_MJ_CREATE -> 0x8737F439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_SP0802N_________________________TK100-28#5&2713bb34&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8737F27F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 17:23:06.89 ===============

ps I've tried Spybot (which picks up the hijack deletes, but its back again after reboot) MalwareBytes and superantispyware both updated (but as this is a rootkit probably not suprising) but none get rid of this. This is my spybot scan log:

Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe

DoubleClick: Tracking cookie (Firefox: colin (default)) (Cookie, nothing done)


Common Dialogs: History (101 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: COM+.log (Backup file, nothing done)
C:\WINDOWS\COM+.log

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt

Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: Directx.log (Backup file, nothing done)
C:\WINDOWS\Directx.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Install: svcpack.log (Backup file, nothing done)
C:\WINDOWS\svcpack.log

Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log

Log: Install: DtcInstall.log (Backup file, nothing done)
C:\WINDOWS\DtcInstall.log

Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log

Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\setup.log

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log

Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

7-Zip: [SBI $0D2606FE] Extracted archives history (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\7-ZIP\Extraction\PathHistory

Internet Explorer: [SBI $D9A946AF] Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Internet Explorer\Main\Save Directory

Internet Explorer: [SBI $FF589D0C] Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Internet Explorer\Download Directory

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $D5C3373A] AutoComplete data (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Internet Explorer\IntelliForms\SPW

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\colin\Application Data\Macromedia\Flash Player\#SharedObjects\TGJMFAHT\s.ytimg.com\soundData.sol
Properties.size=49
Properties.md5=F2945B8419B125F71FC8FD7CDDB59948
Properties.filedate=1301078372
Properties.filedatetext=2011-03-25 19:39:31

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\PZD99DCJ\s.ytimg.com\videostats.sol
Properties.size=199
Properties.md5=A23D7E75417304DA459788EFB4FD8D73
Properties.filedate=1301079140
Properties.filedatetext=2011-03-25 19:52:19

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\sean\Application Data\Macromedia\Flash Player\#SharedObjects\LXWTGJMC\adcontent.videoegg.com\com.quantserve.sol
Properties.size=74
Properties.md5=7AAD593AA5FBE79E52ED809F2654AB40
Properties.filedate=1222020795
Properties.filedatetext=2008-09-21 19:13:15

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\sean\Application Data\Macromedia\Flash Player\#SharedObjects\LXWTGJMC\adcontent.videoegg.com\EAPUSER.sol
Properties.size=51
Properties.md5=CB4C2D307356625CCDD711249FDB75BE
Properties.filedate=1222020613
Properties.filedatetext=2008-09-21 19:10:12

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\sean\Application Data\Macromedia\Flash Player\#SharedObjects\LXWTGJMC\adcontent.videoegg.com\vepui.sol
Properties.size=68
Properties.md5=C691E8775164758709EEB1FD8DD1EFB5
Properties.filedate=1222020774
Properties.filedatetext=2008-09-21 19:12:54

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\sean\Application Data\Macromedia\Flash Player\#SharedObjects\LXWTGJMC\as1.suitesmart.com\6thElement.sol
Properties.size=151
Properties.md5=79202DE553CAC8F203BA65E4C1886381
Properties.filedate=1227191884
Properties.filedatetext=2008-11-20 15:38:04

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\sean\Application Data\Macromedia\Flash Player\#SharedObjects\LXWTGJMC\assets.espn.go.com\s_br.sol
Properties.size=35
Properties.md5=760FCA2DC2B18E30543493B04290322A
Properties.filedate=1228268466
Properties.filedatetext=2008-12-03 02:41:05

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\sean\Application Data\Macromedia\Flash Player\#SharedObjects\LXWTGJMC\bandtools.nabbr.com\com.quantserve.sol
Properties.size=74
Properties.md5=7AAD593AA5FBE79E52ED809F2654AB40
Properties.filedate=1233266015
Properties.filedatetext=2009-01-29 22:53:35

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\sean\Application Data\Macromedia\Flash Player\#SharedObjects\LXWTGJMC\bin.clearspring.com\clearspring.sol
Properties.size=1214
Properties.md5=717D5457148E1966122D3C64765BD10F
Properties.filedate=1232723340
Properties.filedatetext=2009-01-23 16:08:59

MS Management Console: [SBI $ECD50EAD] Recent command list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Microsoft Management Console\Recent File List

MS Management Console: [SBI $ECD50EAD] Recent command list (3 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Microsoft Management Console\Recent File List

MS Management Console: [SBI $ECD50EAD] Recent command list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Microsoft Management Console\Recent File List

MS Management Console: [SBI $ECD50EAD] Recent command list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: [SBI $E48560B4] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-500\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: [SBI $8E65C0EE] Last opened playlist (Registry value, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist

MS Media Player: [SBI $1BDA487B] Last selected track index (Registry value, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex

MS Media Player: [SBI $3B46EBCE] Manually modified tags history (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\MediaPlayer\AutoComplete\MediaEdit

MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Paint: [SBI $07867C39] Recent file list (3 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Paint: [SBI $07867C39] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Paint: [SBI $07867C39] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Regedit: [SBI $C3B62FC1] Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey

MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Search Assistant\ACMru

MS Wordpad: [SBI $4C02334D] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

MS Wordpad: [SBI $4C02334D] Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

MS Wordpad: [SBI $4C02334D] Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $787DC1A1] Open with list - .001 extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\OpenWithList

Windows.OpenWith: [SBI $787DC1A1] Open with list - .001 extension (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\OpenWithList

Windows.OpenWith: [SBI $787DC1A1] Open with list - .001 extension (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\OpenWithList

Windows.OpenWith: [SBI $09B2DC6B] Open with list - .002 extension (3 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002\OpenWithList

Windows.OpenWith: [SBI $09B2DC6B] Open with list - .002 extension (3 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002\OpenWithList

Windows.OpenWith: [SBI $09B2DC6B] Open with list - .002 extension (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002\OpenWithList

Windows.OpenWith: [SBI $26F7D72D] Open with list - .003 extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.003\OpenWithList

Windows.OpenWith: [SBI $26F7D72D] Open with list - .003 extension (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.003\OpenWithList

Windows.OpenWith: [SBI $EA2CE7FF] Open with list - .004 extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.004\OpenWithList

Windows.OpenWith: [SBI $EA2CE7FF] Open with list - .004 extension (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.004\OpenWithList

Windows.OpenWith: [SBI $C569ECB9] Open with list - .005 extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.005\OpenWithList

Windows.OpenWith: [SBI $C569ECB9] Open with list - .005 extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.005\OpenWithList

Windows.OpenWith: [SBI $C569ECB9] Open with list - .005 extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.005\OpenWithList

Windows.OpenWith: [SBI $B4A6F173] Open with list - .006 extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.006\OpenWithList

Windows.OpenWith: [SBI $B4A6F173] Open with list - .006 extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.006\OpenWithList

Windows.OpenWith: [SBI $B4A6F173] Open with list - .006 extension (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.006\OpenWithList

Windows.OpenWith: [SBI $9BE3FA35] Open with list - .007 extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.007\OpenWithList

Windows.OpenWith: [SBI $F6619696] Open with list - .008 extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.008\OpenWithList

Windows.OpenWith: [SBI $D9249DD0] Open with list - .009 extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.009\OpenWithList

Windows.OpenWith: [SBI $16E309E0] Open with list - .ASF extension (5 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\OpenWithList

Windows.OpenWith: [SBI $16E309E0] Open with list - .ASF extension (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\OpenWithList

Windows.OpenWith: [SBI $CDE7D0A6] Open with list - .ASX extension (5 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList

Windows.OpenWith: [SBI $CDE7D0A6] Open with list - .ASX extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (3 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (9 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (3 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $C92C6763] Open with list - .BUP extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BUP\OpenWithList

Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (157 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (102 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: [SBI $7308A845] Run history (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $AA0766B5] Stream history (12 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $AA0766B5] Stream history (7 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $AA0766B5] Stream history (11 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $AA0766B5] Stream history (13 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (13 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (11 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (8 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (12 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (6 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (110 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (6 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (116 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (166 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (214 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (21 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $B7EBA926] Last visited history (17 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $B7EBA926] Last visited history (16 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $B7EBA926] Last visited history (16 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $B7EBA926] Last visited history (19 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: [SBI $85C2C910] Last Copy/MoveTo folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinRAR: [SBI $0B56E92B] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\WinRAR\ArcHistory

WinRAR: [SBI $0B56E92B] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\WinRAR\ArcHistory

WinRAR: [SBI $0B56E92B] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\WinRAR\ArcHistory

WinRAR: [SBI $0B56E92B] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\WinRAR\ArcHistory

WinRAR: [SBI $A59A1C0A] Recent exe file list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\WinRAR\DialogEditHistory\ArcName

WinRAR: [SBI $A59A1C0A] Recent exe file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\WinRAR\DialogEditHistory\ArcName

WinRAR: [SBI $B84F9965] Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\WinRAR\General\LastFolder

WinRAR: [SBI $B510882E] Extraction directory history (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\WinRAR\DialogEditHistory\ExtrPath

WinRAR: [SBI $B510882E] Extraction directory history (16 files) (Registry key, nothing done)
HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\WinRAR\DialogEditHistory\ExtrPath

WinRAR: [SBI $B510882E] Extraction directory history (14 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\WinRAR\DialogEditHistory\ExtrPath

WinRAR: [SBI $3F9F3F01] Search by archive type history (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\WinRAR\DialogEditHistory\FindArcNames

WinRAR: [SBI $15BFF857] Search by archive name history (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\WinRAR\DialogEditHistory\FindNames

Cookie: [SBI $49804B54] Cookie (10) (Cookie, nothing done)


Cache: [SBI $49804B54] Cache (140) (Cache, nothing done)


History: [SBI $49804B54] History (59) (History, nothing done)


Cookie: [SBI $49804B54] Cookie (392) (Cookie, nothing done)


Cookie: [SBI $49804B54] Cookie (54) (Cookie, nothing done)


History: [SBI $49804B54] History (1) (History, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2004-04-27 unins000.exe (51.13.0.0)
2009-07-25 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2004-05-12 borlndmm.dll (7.0.4.453)
2004-05-12 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2004-05-12 UnzDll.dll (1.73.1.1)
2004-05-12 ZipDll.dll (1.73.2.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-03-08 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2011-02-24 Includes\Malware.sbi (*)
2011-03-22 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2010-12-28 Includes\Trojans.sbi (*)
2011-03-22 Includes\TrojansC-02.sbi (*)
2011-03-03 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-21 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Hi,

Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) and fresh dds.txt log in your reply.

heres the gmer scan, I'll post the dds next

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-29 23:24:12
Windows 5.1.2600 Service Pack 3
Running: oflic8zt.exe; Driver: C:\DOCUME~1\colin\LOCALS~1\Temp\kfpdqkow.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7B9A760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF63EAF80]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1904] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[1904] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\svchost.exe[1904] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006D000C
.text C:\WINDOWS\System32\svchost.exe[1904] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 023B000A
.text C:\WINDOWS\System32\svchost.exe[1904] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00EF000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2524] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DF000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2524] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E0000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2524] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00DE000C
.text C:\WINDOWS\Explorer.EXE[2912] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FE000A
.text C:\WINDOWS\Explorer.EXE[2912] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FF000A
.text C:\WINDOWS\Explorer.EXE[2912] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D4000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8737F27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8737F27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8737F27F

AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device B31EBD20
Device B3203631

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_SP0802N_________________________TK100-28#5&2713bb34&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1

---- EOF - GMER 1.0.15 ----

thanks for the responce btw. My DDS scan:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by colin at 23:27:23.70 on Tue 03/29/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.535 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Documents and Settings\colin\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: OfferBox: {fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} - c:\program files\offerbox\OfferBoxBHO.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DSLSTATEXE] c:\program files\bt voyager 105 adsl modem\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\bt voyager 105 adsl modem\dslagent.exe
mRun: [%FP%Friendly fts.exe] "c:\program files\voyagertest\fts.exe"
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ssdiag] c:\windows\ssdiag.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\documents and settings\colin\start menu\programs\startup\BBC iPlayer Desktop.lnk.disabled
StartupFolder: c:\documents and settings\colin\start menu\programs\startup\OpenOffice.org 3.0.lnk.disabled
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0b\aoltray.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-18 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-18 27784]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2009-2-17 55936]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-6 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-6 297752]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-11-5 30104]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-18 108552]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-11-5 30104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
.
=============== Created Last 30 ================
.
2011-03-22 12:43:40 0 ----a-w- c:\windows\Ytocakor.bin
2011-03-22 12:43:35 -------- d-----w- c:\docume~1\colin\locals~1\applic~1\{104856CE-9875-4766-BA7A-758338F643D1}
2011-03-22 12:42:15 -------- d-----w- c:\docume~1\colin\applic~1\OfferBox
2011-03-22 12:42:12 -------- d-----w- c:\program files\OfferBox
2011-03-22 12:42:00 -------- d-----w- c:\docume~1\colin\applic~1\A6B03AF72E542747E886F291D4CE1A71
2011-03-22 08:05:33 5943120 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{f16d095e-7eca-4855-85b0-d8a503a42fcc}\mpengine.dll
2011-03-17 00:04:35 8704 ----a-w- c:\windows\system32\vidccleaner.exe
2011-03-17 00:04:35 61440 ----a-w- c:\windows\system32\xvid.ax
2011-03-17 00:04:35 552960 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-17 00:04:35 159744 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-17 00:04:06 217088 ----a-w- c:\windows\system32\skjpeg40.dll
2011-03-17 00:04:05 83968 ----a-w- c:\windows\system32\Skbase40.dll
2011-03-17 00:04:03 -------- d-----w- c:\program files\Samsung
2011-03-17 00:03:48 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2011-03-17 00:03:48 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2011-03-17 00:03:48 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2011-03-17 00:03:48 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-03-17 00:03:48 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2011-03-17 00:03:48 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2011-03-17 00:03:48 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2011-03-17 00:03:47 323584 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2011-03-16 23:12:20 -------- d-----w- c:\docume~1\colin\locals~1\applic~1\ArcSoft
2011-03-16 23:11:11 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\ArcSoft
2011-03-16 23:10:40 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2011-03-16 23:10:38 245408 ----a-w- c:\windows\system32\unicows.dll
.
==================== Find3M ====================
.
2011-02-27 15:59:04 90112 ----a-w- c:\windows\DUMPc4b7.tmp
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-11 16:30:30 90112 ----a-w- c:\windows\DUMPa047.tmp
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2007-11-10 23:16:25 2293712 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2007-11-10 23:16:09 3928264 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-11-10 23:15:40 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2005-08-11 10:47:16 5671936 -c--a-w- c:\program files\aq3d.exe
2005-08-04 02:23:07 45056 -c--a-w- c:\program files\FreeDVD.exe
2005-08-04 02:22:53 891020 -c--a-w- c:\program files\DVDFabDecrypter29.exe
2005-08-04 01:47:43 536894 -c--a-w- c:\program files\DVD43_3-5-3_Setup.exe
2005-08-02 23:16:46 414470 -c--a-w- c:\program files\SetupImgTool_1.2.0_63.exe
2005-08-02 23:08:10 899414 -c--a-w- c:\program files\SetupDVDDecrypter_3.5.4.0.exe
2005-08-02 02:22:38 1245802 -c--a-w- c:\program files\dvd-ripper.exe
2005-07-31 10:52:31 1665325 -c--a-w- c:\program files\agsetup.exe
2005-07-30 23:22:45 21904216 -c--a-w- c:\program files\iTunesSetup.exe
2005-07-28 23:59:25 9278904 -c--a-w- c:\program files\heavyweaponsetup.exe
2004-08-09 23:30:22 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2004-06-14 16:04:29 954123 -c--a-w- c:\program files\ChankastUtilv02a3.exe
2004-03-11 13:40:34 308448 -c--a-w- c:\program files\unmsjvm.exe
1997-07-03 09:35:04 109056 -c--a-w- c:\program files\Unwise.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP0802N rev.TK100-28 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8737F439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x873857d0]; MOV EAX, [0x8738584c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x873D1AB8]
3 CLASSPNP[0xF7817FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x87371280]
\Driver\atapi[0x873E2B60] -> IRP_MJ_CREATE -> 0x8737F439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_SP0802N_________________________TK100-28#5&2713bb34&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8737F27F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 23:29:42.18 ===============

Hi,

1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format).

thanks, here's the log:

2011/03/30 18:10:03.0406 2768 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/30 18:10:03.0421 2768 ================================================================================
2011/03/30 18:10:03.0421 2768 SystemInfo:
2011/03/30 18:10:03.0421 2768
2011/03/30 18:10:03.0421 2768 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/30 18:10:03.0421 2768 Product type: Workstation
2011/03/30 18:10:03.0421 2768 ComputerName: C-1F6C1AA3F9AD4
2011/03/30 18:10:03.0421 2768 UserName: colin
2011/03/30 18:10:03.0421 2768 Windows directory: C:\WINDOWS
2011/03/30 18:10:03.0421 2768 System windows directory: C:\WINDOWS
2011/03/30 18:10:03.0421 2768 Processor architecture: Intel x86
2011/03/30 18:10:03.0421 2768 Number of processors: 1
2011/03/30 18:10:03.0421 2768 Page size: 0x1000
2011/03/30 18:10:03.0421 2768 Boot type: Normal boot
2011/03/30 18:10:03.0421 2768 ================================================================================
2011/03/30 18:10:03.0750 2768 Initialize success
2011/03/30 18:10:06.0281 0828 ================================================================================
2011/03/30 18:10:06.0281 0828 Scan started
2011/03/30 18:10:06.0281 0828 Mode: Manual;
2011/03/30 18:10:06.0281 0828 ================================================================================
2011/03/30 18:10:08.0453 0828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/30 18:10:09.0062 0828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/30 18:10:09.0687 0828 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/30 18:10:10.0046 0828 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
2011/03/30 18:10:10.0406 0828 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/30 18:10:12.0843 0828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/30 18:10:13.0140 0828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/30 18:10:13.0828 0828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/30 18:10:14.0156 0828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/30 18:10:14.0531 0828 Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/03/30 18:10:14.0578 0828 Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/03/30 18:10:15.0109 0828 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/03/30 18:10:15.0437 0828 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/03/30 18:10:15.0781 0828 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
2011/03/30 18:10:16.0078 0828 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/30 18:10:16.0468 0828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/30 18:10:17.0109 0828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/30 18:10:17.0421 0828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/30 18:10:17.0750 0828 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/30 18:10:19.0468 0828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/30 18:10:20.0062 0828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/30 18:10:20.0656 0828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/30 18:10:20.0984 0828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/30 18:10:21.0281 0828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/30 18:10:21.0875 0828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/30 18:10:22.0187 0828 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/03/30 18:10:22.0546 0828 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/03/30 18:10:22.0906 0828 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/30 18:10:23.0312 0828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/30 18:10:23.0687 0828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/30 18:10:24.0000 0828 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/30 18:10:24.0281 0828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/30 18:10:24.0609 0828 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/30 18:10:24.0921 0828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/30 18:10:25.0234 0828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/30 18:10:25.0562 0828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/30 18:10:25.0875 0828 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/30 18:10:26.0500 0828 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/30 18:10:27.0421 0828 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/30 18:10:28.0140 0828 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/03/30 18:10:28.0875 0828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/30 18:10:29.0875 0828 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/03/30 18:10:30.0390 0828 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/03/30 18:10:30.0765 0828 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/03/30 18:10:31.0343 0828 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/30 18:10:31.0687 0828 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/30 18:10:32.0000 0828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/30 18:10:32.0312 0828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/30 18:10:32.0656 0828 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/30 18:10:33.0031 0828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/30 18:10:33.0328 0828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/30 18:10:33.0656 0828 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/30 18:10:33.0968 0828 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/30 18:10:34.0250 0828 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/30 18:10:34.0562 0828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/30 18:10:34.0937 0828 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/30 18:10:35.0343 0828 lanusb (73f6efd2a2315af34f7872559686c471) C:\WINDOWS\system32\DRIVERS\glausb.sys
2011/03/30 18:10:36.0171 0828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/30 18:10:36.0453 0828 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/30 18:10:36.0781 0828 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/03/30 18:10:37.0078 0828 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/03/30 18:10:37.0375 0828 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/30 18:10:37.0656 0828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/30 18:10:38.0031 0828 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/03/30 18:10:38.0343 0828 MPFIREWL (3c13975e2171bc4cd534bab053994303) C:\WINDOWS\system32\Drivers\MpFirewall.sys
2011/03/30 18:10:38.0984 0828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/30 18:10:39.0468 0828 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/30 18:10:39.0937 0828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/30 18:10:40.0234 0828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/30 18:10:40.0515 0828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/30 18:10:40.0828 0828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/30 18:10:41.0125 0828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/30 18:10:41.0453 0828 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/30 18:10:41.0812 0828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/30 18:10:42.0140 0828 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/30 18:10:42.0421 0828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/30 18:10:42.0718 0828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/30 18:10:43.0140 0828 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/30 18:10:43.0531 0828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/30 18:10:43.0968 0828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/30 18:10:44.0421 0828 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/03/30 18:10:44.0812 0828 npapimon (61fafbf2cfb4e367622b010c7623d69d) C:\WINDOWS\system32\drivers\npapimon.sys
2011/03/30 18:10:45.0187 0828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/30 18:10:45.0671 0828 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/30 18:10:46.0140 0828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/30 18:10:46.0437 0828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/30 18:10:46.0718 0828 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/30 18:10:47.0062 0828 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/30 18:10:47.0343 0828 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/30 18:10:47.0640 0828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/30 18:10:48.0000 0828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/30 18:10:48.0625 0828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/30 18:10:49.0078 0828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/30 18:10:51.0265 0828 PPPoEWin (8ae03e978bc99f31ae31b183cd373951) C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS
2011/03/30 18:10:51.0578 0828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/30 18:10:51.0890 0828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/30 18:10:52.0250 0828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/30 18:10:52.0578 0828 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/30 18:10:54.0171 0828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/30 18:10:54.0484 0828 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/30 18:10:54.0781 0828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/30 18:10:55.0140 0828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/30 18:10:55.0484 0828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/30 18:10:55.0875 0828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/30 18:10:56.0265 0828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/30 18:10:56.0687 0828 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/30 18:10:56.0921 0828 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/30 18:10:57.0015 0828 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/03/30 18:10:57.0203 0828 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/30 18:10:57.0578 0828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/30 18:10:58.0156 0828 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/03/30 18:10:58.0671 0828 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/30 18:10:58.0968 0828 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/30 18:10:59.0343 0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/30 18:11:00.0000 0828 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/03/30 18:11:00.0656 0828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/30 18:11:00.0953 0828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/30 18:11:01.0406 0828 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/30 18:11:01.0828 0828 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/03/30 18:11:02.0250 0828 ssdiagn (bf319f185b12605df986d9fbf7ac216e) C:\WINDOWS\system32\drivers\ssdiagn.sys
2011/03/30 18:11:02.0546 0828 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/03/30 18:11:02.0859 0828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/30 18:11:03.0234 0828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/30 18:11:04.0734 0828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/30 18:11:05.0140 0828 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/30 18:11:05.0562 0828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/30 18:11:05.0843 0828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/30 18:11:06.0140 0828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/30 18:11:06.0484 0828 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/03/30 18:11:06.0765 0828 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/03/30 18:11:07.0062 0828 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/03/30 18:11:07.0406 0828 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
2011/03/30 18:11:07.0828 0828 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/03/30 18:11:08.0187 0828 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/03/30 18:11:08.0562 0828 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/03/30 18:11:08.0906 0828 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/03/30 18:11:09.0312 0828 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/03/30 18:11:10.0062 0828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/30 18:11:10.0843 0828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/30 18:11:11.0328 0828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/30 18:11:11.0687 0828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/30 18:11:11.0984 0828 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/30 18:11:12.0296 0828 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/30 18:11:12.0625 0828 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/30 18:11:12.0937 0828 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/30 18:11:13.0250 0828 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/30 18:11:13.0562 0828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/30 18:11:14.0218 0828 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/30 18:11:14.0578 0828 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/30 18:11:14.0984 0828 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/03/30 18:11:15.0640 0828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/30 18:11:16.0109 0828 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/30 18:11:16.0453 0828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/30 18:11:16.0562 0828 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/30 18:11:16.0562 0828 ================================================================================
2011/03/30 18:11:16.0562 0828 Scan finished
2011/03/30 18:11:16.0562 0828 ================================================================================
2011/03/30 18:11:16.0578 1276 Detected object count: 1
2011/03/30 18:11:24.0218 1276 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/30 18:11:24.0218 1276 \HardDisk0 - ok
2011/03/30 18:11:24.0218 1276 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/30 18:11:36.0765 2452 Deinitialize success

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix]
Hi,
do I need to disable my firewall (I have Mcafee personal firewall) then connect to the internet before running combofix?

Hi,

Disabling antivirus component is enough.

after about 4 attempts I got this:

ComboFix 11-03-29.06 - colin 03/31/2011 21:08:32.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.613 [GMT 1:00]
Running from: c:\documents and settings\colin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\colin\Application Data\Adobe\plugs
c:\documents and settings\colin\Application Data\Adobe\shed
c:\documents and settings\colin\Application Data\OfferBox
c:\documents and settings\colin\Application Data\OfferBox\config.dat
c:\documents and settings\colin\Application Data\OfferBox\config.xml
c:\documents and settings\colin\Local Settings\Application Data\{104856CE-9875-4766-BA7A-758338F643D1}
c:\documents and settings\colin\Local Settings\Application Data\{104856CE-9875-4766-BA7A-758338F643D1}\chrome.manifest
c:\documents and settings\colin\Local Settings\Application Data\{104856CE-9875-4766-BA7A-758338F643D1}\chrome\content\_cfg.js
c:\documents and settings\colin\Local Settings\Application Data\{104856CE-9875-4766-BA7A-758338F643D1}\chrome\content\overlay.xul
c:\documents and settings\colin\Local Settings\Application Data\{104856CE-9875-4766-BA7A-758338F643D1}\install.rdf
c:\documents and settings\sean.C-1F6C1AA3F9AD4\Application Data\Megat
c:\documents and settings\sean.C-1F6C1AA3F9AD4\Application Data\Megat\fiuxz.fuy
c:\documents and settings\sean.C-1F6C1AA3F9AD4\Application Data\OfferBox
c:\documents and settings\sean.C-1F6C1AA3F9AD4\Application Data\OfferBox\config.dat
c:\documents and settings\sean.C-1F6C1AA3F9AD4\Application Data\OfferBox\config.xml
c:\program files\OfferBox
c:\program files\OfferBox\OfferBox.exe
c:\program files\OfferBox\OfferBoxBHO.dll
c:\program files\OfferBox\OfferBoxChromeExtension.crx
c:\program files\OfferBox\OfferBoxEngine.dll
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome.manifest
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\events.js
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\overlay.xul
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.xpt
c:\program files\OfferBox\offerboxffx@offerbox.com\install.rdf
c:\program files\OfferBox\OfferBoxLauncher.exe
c:\program files\OfferBox\res\language.xml
c:\program files\OfferBox\res\loader.gif
c:\program files\OfferBox\uninst.exe
c:\temp\sanR24
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-03-31 17:15 . 2011-03-31 17:15 -------- d-----w- c:\documents and settings\colin\Application Data\AVG10
2011-03-31 17:12 . 2011-03-31 17:12 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
2011-03-31 17:04 . 2011-03-31 18:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
2011-03-31 17:02 . 2011-03-31 17:02 -------- d-----w- C:\$AVG
2011-03-30 17:09 . 2011-03-30 17:09 -------- d-----w- C:\New Folder
2011-03-27 16:15 . 2011-03-27 16:16 -------- d-----w- c:\program files\ERUNT
2011-03-24 12:30 . 2011-03-24 12:30 -------- d-----w- c:\documents and settings\sean.C-1F6C1AA3F9AD4\Local Settings\Application Data\{4C179AEA-C7E2-49FE-A51F-8382BCDC352D}
2011-03-22 12:52 . 2011-03-22 12:52 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2011-03-22 12:43 . 2011-03-24 00:28 0 ----a-w- c:\windows\Ytocakor.bin
2011-03-22 12:42 . 2011-03-22 19:12 -------- d-----w- c:\documents and settings\colin\Application Data\A6B03AF72E542747E886F291D4CE1A71
2011-03-22 08:05 . 2011-02-11 06:54 5943120 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F16D095E-7ECA-4855-85B0-D8A503A42FCC}\mpengine.dll
2011-03-17 00:04 . 2005-12-14 15:11 61440 ----a-w- c:\windows\system32\xvid.ax
2011-03-17 00:04 . 2005-12-14 15:10 552960 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-17 00:04 . 2005-12-14 15:08 159744 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-17 00:04 . 2004-03-09 09:39 8704 ----a-w- c:\windows\system32\vidccleaner.exe
2011-03-17 00:04 . 1998-07-09 19:41 217088 ----a-w- c:\windows\system32\skjpeg40.dll
2011-03-17 00:04 . 1998-03-04 10:40 83968 ----a-w- c:\windows\system32\Skbase40.dll
2011-03-17 00:04 . 2011-03-17 00:04 -------- d-----w- c:\program files\Samsung
2011-03-17 00:03 . 2011-03-17 00:03 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-03-17 00:03 . 2004-10-22 02:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-03-17 00:03 . 2004-10-22 02:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-03-17 00:03 . 2004-10-22 02:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-03-17 00:03 . 2004-10-22 02:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-03-17 00:03 . 2004-10-22 02:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-03-17 00:03 . 2004-10-22 02:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-03-17 00:03 . 2011-03-17 00:03 323584 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-03-16 23:12 . 2011-03-16 23:12 -------- d-----w- c:\documents and settings\colin\Application Data\ArcSoft
2011-03-16 23:12 . 2011-03-16 23:12 -------- d-----w- c:\documents and settings\colin\Local Settings\Application Data\ArcSoft
2011-03-16 23:11 . 2011-03-16 23:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ArcSoft
2011-03-16 23:10 . 2006-11-10 15:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2011-03-16 23:10 . 2005-04-27 16:36 245408 ----a-w- c:\windows\system32\unicows.dll
2011-03-16 23:09 . 2011-03-16 23:10 -------- d-----w- c:\program files\Common Files\ArcSoft
2011-03-16 23:09 . 2011-03-16 23:09 -------- d-----w- c:\program files\ArcSoft
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-27 15:59 . 2009-02-17 09:55 90112 ----a-w- c:\windows\DUMPc4b7.tmp
2011-02-11 06:54 . 2010-10-24 14:28 5943120 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2004-08-12 08:04 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-12 07:57 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-02-17 18:14 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-02-17 18:14 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-12 08:05 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 09:41 . 2011-02-07 18:48 5890896 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-11 16:30 . 2009-02-17 09:55 90112 ----a-w- c:\windows\DUMPa047.tmp
2011-01-07 14:09 . 2004-08-12 07:55 290048 ----a-w- c:\windows\system32\atmfd.dll
2007-11-10 23:16 . 2007-11-10 23:16 2293712 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2007-11-10 23:16 . 2007-11-10 23:15 3928264 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-11-10 23:15 . 2007-11-10 23:15 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2005-08-11 10:47 . 2005-08-11 10:47 5671936 -c--a-w- c:\program files\aq3d.exe
2005-08-04 02:23 . 2005-08-04 02:23 45056 -c--a-w- c:\program files\FreeDVD.exe
2005-08-04 02:22 . 2005-08-04 02:22 891020 -c--a-w- c:\program files\DVDFabDecrypter29.exe
2005-08-04 01:47 . 2005-08-04 01:47 536894 -c--a-w- c:\program files\DVD43_3-5-3_Setup.exe
2005-08-02 23:16 . 2005-08-02 23:16 414470 -c--a-w- c:\program files\SetupImgTool_1.2.0_63.exe
2005-08-02 23:08 . 2005-08-02 23:08 899414 -c--a-w- c:\program files\SetupDVDDecrypter_3.5.4.0.exe
2005-08-02 02:22 . 2005-08-02 02:22 1245802 -c--a-w- c:\program files\dvd-ripper.exe
2005-07-31 10:52 . 2005-07-31 10:40 1665325 -c--a-w- c:\program files\agsetup.exe
2005-07-30 23:22 . 2005-07-30 23:22 21904216 -c--a-w- c:\program files\iTunesSetup.exe
2005-07-28 23:59 . 2005-07-28 23:59 9278904 -c--a-w- c:\program files\heavyweaponsetup.exe
2004-08-09 23:30 . 2005-12-27 00:55 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2004-06-14 16:04 . 2005-08-16 17:35 954123 -c--a-w- c:\program files\ChankastUtilv02a3.exe
2004-03-11 13:40 . 2004-03-11 13:40 308448 -c--a-w- c:\program files\unmsjvm.exe
1997-07-03 09:35 . 2005-11-13 00:13 109056 -c--a-w- c:\program files\Unwise.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 14:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
"DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 16384]
"%FP%Friendly fts.exe"="c:\program files\VoyagerTest\fts.exe" [2003-05-06 72192]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2005-04-11 83544]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2003-08-19 1048576]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ssdiag"="c:\windows\ssdiag.exe" [2005-05-13 57401]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\sean.C-1F6C1AA3F9AD4\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-12-16 95232]
BBC iPlayer Desktop.lnk.disabled [2009-11-25 752]
OpenOffice.org 3.0.lnk.disabled [2009-5-10 864]
.
c:\documents and settings\Colin Bowden.D1SSKL1J.000\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk.disabled [2007-5-23 723]
Last.fm Helper.lnk.disabled [2008-1-29 655]
Xfire.lnk.disabled [2007-10-4 650]
.
c:\documents and settings\colin\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk.disabled [2009-7-25 752]
OpenOffice.org 3.0.lnk.disabled [2009-4-19 864]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0b\aoltray.exe [2009-2-17 156784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"kdx"=c:\program files\Kontiki\KHost.exe -all
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Tmowuzesecoqaf"=rundll32.exe "c:\windows\sqdfiav.dll",Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"4oD"="c:\program files\Kontiki\KHost.exe" -all
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"tukdtjsr"=c:\windows\system32\tukdtjsr.exe
"tukdtjsrx"=c:\windows\system32\tukdtjsrx.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0b\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 7:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 7:41 PM 67656]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 7:15 PM 12872]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
2011-03-31 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 14:23]
.
2011-03-31 c:\windows\Tasks\User_Feed_Synchronization-{811A37BF-9428-4715-8F25-4026143FA384}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
.
- - - - ORPHANS REMOVED - - - -
.
Notify-avgrsstarter - avgrsstx.dll
AddRemove-OfferBox Browser - c:\program files\OfferBox\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-31 21:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-03-31 21:27:23
ComboFix-quarantined-files.txt 2011-03-31 20:27
.
Pre-Run: 7,303,831,552 bytes free
Post-Run: 7,881,424,896 bytes free
.
- - End Of File - - 0802EFFBD247C2449070623E29912911

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by colin at 21:38:45.01 on Thu 03/31/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.609 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Documents and Settings\colin\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DSLSTATEXE] c:\program files\bt voyager 105 adsl modem\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\bt voyager 105 adsl modem\dslagent.exe
mRun: [%FP%Friendly fts.exe] "c:\program files\voyagertest\fts.exe"
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ssdiag] c:\windows\ssdiag.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\documents and settings\colin\start menu\programs\startup\BBC iPlayer Desktop.lnk.disabled
StartupFolder: c:\documents and settings\colin\start menu\programs\startup\OpenOffice.org 3.0.lnk.disabled
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0b\aoltray.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2009-2-17 55936]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
.
=============== Created Last 30 ================
.
2011-03-31 19:36:36 -------- d-sha-r- C:\cmdcons
2011-03-31 19:28:47 98816 ----a-w- c:\windows\sed.exe
2011-03-31 19:28:47 89088 ----a-w- c:\windows\MBR.exe
2011-03-31 19:28:47 256512 ----a-w- c:\windows\PEV.exe
2011-03-31 19:28:47 161792 ----a-w- c:\windows\SWREG.exe
2011-03-31 17:15:46 -------- d-----w- c:\docume~1\colin\applic~1\AVG10
2011-03-31 17:12:09 -------- d--h--w- c:\docume~1\alluse~1.win\applic~1\Common Files
2011-03-31 17:04:10 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVG10
2011-03-31 17:02:51 -------- d-----w- C:\$AVG
2011-03-30 17:09:25 -------- d-----w- C:\New Folder
2011-03-22 12:43:40 0 ----a-w- c:\windows\Ytocakor.bin
2011-03-22 12:42:00 -------- d-----w- c:\docume~1\colin\applic~1\A6B03AF72E542747E886F291D4CE1A71
2011-03-22 08:05:33 5943120 ------w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{f16d095e-7eca-4855-85b0-d8a503a42fcc}\mpengine.dll
2011-03-17 00:04:35 8704 ----a-w- c:\windows\system32\vidccleaner.exe
2011-03-17 00:04:35 61440 ----a-w- c:\windows\system32\xvid.ax
2011-03-17 00:04:35 552960 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-17 00:04:35 159744 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-17 00:04:06 217088 ----a-w- c:\windows\system32\skjpeg40.dll
2011-03-17 00:04:05 83968 ----a-w- c:\windows\system32\Skbase40.dll
2011-03-17 00:04:03 -------- d-----w- c:\program files\Samsung
2011-03-17 00:03:48 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2011-03-17 00:03:48 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2011-03-17 00:03:48 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2011-03-17 00:03:48 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-03-17 00:03:48 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2011-03-17 00:03:48 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2011-03-17 00:03:48 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2011-03-17 00:03:47 323584 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2011-03-16 23:12:20 -------- d-----w- c:\docume~1\colin\locals~1\applic~1\ArcSoft
2011-03-16 23:11:11 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\ArcSoft
2011-03-16 23:10:40 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2011-03-16 23:10:38 245408 ----a-w- c:\windows\system32\unicows.dll
.
==================== Find3M ====================
.
2011-02-27 15:59:04 90112 ----a-w- c:\windows\DUMPc4b7.tmp
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-11 16:30:30 90112 ----a-w- c:\windows\DUMPa047.tmp
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2007-11-10 23:16:25 2293712 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2007-11-10 23:16:09 3928264 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-11-10 23:15:40 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2005-08-11 10:47:16 5671936 -c--a-w- c:\program files\aq3d.exe
2005-08-04 02:23:07 45056 -c--a-w- c:\program files\FreeDVD.exe
2005-08-04 02:22:53 891020 -c--a-w- c:\program files\DVDFabDecrypter29.exe
2005-08-04 01:47:43 536894 -c--a-w- c:\program files\DVD43_3-5-3_Setup.exe
2005-08-02 23:16:46 414470 -c--a-w- c:\program files\SetupImgTool_1.2.0_63.exe
2005-08-02 23:08:10 899414 -c--a-w- c:\program files\SetupDVDDecrypter_3.5.4.0.exe
2005-08-02 02:22:38 1245802 -c--a-w- c:\program files\dvd-ripper.exe
2005-07-31 10:52:31 1665325 -c--a-w- c:\program files\agsetup.exe
2005-07-30 23:22:45 21904216 -c--a-w- c:\program files\iTunesSetup.exe
2005-07-28 23:59:25 9278904 -c--a-w- c:\program files\heavyweaponsetup.exe
2004-08-09 23:30:22 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2004-06-14 16:04:29 954123 -c--a-w- c:\program files\ChankastUtilv02a3.exe
2004-03-11 13:40:34 308448 -c--a-w- c:\program files\unmsjvm.exe
1997-07-03 09:35:04 109056 -c--a-w- c:\program files\Unwise.exe
.
============= FINISH: 21:39:03.20 ===============

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:



File::
c:\windows\Ytocakor.bin
c:\windows\system32\tukdtjsr.exe
c:\windows\system32\tukdtjsrx.exe
c:\windows\sqdfiav.dll
DirLook::
c:\documents and settings\sean.C-1F6C1AA3F9AD4\Local Settings\Application Data\{4C179AEA-C7E2-49FE-A51F-8382BCDC352D}
c:\documents and settings\colin\Application Data\A6B03AF72E542747E886F291D4CE1A71
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Tmowuzesecoqaf"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"tukdtjsr"=-
"tukdtjsrx"=-



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one ((Adobe Reader X + 10.0.1 update for it)) if you need Adobe Reader.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 24 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is not checked.
Click Scan
Wait for the scan to finish.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Hi there, here's the combofix file I'll post the others after uninstalling adobe et al, thanks!

ComboFix 11-03-29.06 - colin 04/01/2011 18:48:20.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.599 [GMT 1:00]
Running from: c:\documents and settings\colin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\colin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
FILE ::
"c:\windows\sqdfiav.dll"
"c:\windows\system32\tukdtjsr.exe"
"c:\windows\system32\tukdtjsrx.exe"
"c:\windows\Ytocakor.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\OfferBox Browser.lnk
c:\program files\INSTALL.LOG
c:\windows\system32\Install.txt
c:\windows\system32\tukdtjsr.txt
c:\windows\Ytocakor.bin
.
.
((((((((((((((((((((((((( Files Created from 2011-03-01 to 2011-04-01 )))))))))))))))))))))))))))))))
.
.
2011-03-31 17:15 . 2011-03-31 17:15 -------- d-----w- c:\documents and settings\colin\Application Data\AVG10
2011-03-31 17:12 . 2011-03-31 17:12 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
2011-03-31 17:04 . 2011-03-31 18:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
2011-03-31 17:02 . 2011-03-31 17:02 -------- d-----w- C:\$AVG
2011-03-30 17:09 . 2011-03-30 17:09 -------- d-----w- C:\New Folder
2011-03-27 16:15 . 2011-03-27 16:16 -------- d-----w- c:\program files\ERUNT
2011-03-24 12:30 . 2011-03-24 12:30 -------- d-----w- c:\documents and settings\sean.C-1F6C1AA3F9AD4\Local Settings\Application Data\{4C179AEA-C7E2-49FE-A51F-8382BCDC352D}
2011-03-22 12:52 . 2011-03-22 12:52 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2011-03-22 12:42 . 2011-03-22 19:12 -------- d-----w- c:\documents and settings\colin\Application Data\A6B03AF72E542747E886F291D4CE1A71
2011-03-22 08:05 . 2011-02-11 06:54 5943120 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F16D095E-7ECA-4855-85B0-D8A503A42FCC}\mpengine.dll
2011-03-17 00:04 . 2005-12-14 15:11 61440 ----a-w- c:\windows\system32\xvid.ax
2011-03-17 00:04 . 2005-12-14 15:10 552960 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-17 00:04 . 2005-12-14 15:08 159744 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-17 00:04 . 2004-03-09 09:39 8704 ----a-w- c:\windows\system32\vidccleaner.exe
2011-03-17 00:04 . 1998-07-09 19:41 217088 ----a-w- c:\windows\system32\skjpeg40.dll
2011-03-17 00:04 . 1998-03-04 10:40 83968 ----a-w- c:\windows\system32\Skbase40.dll
2011-03-17 00:04 . 2011-03-17 00:04 -------- d-----w- c:\program files\Samsung
2011-03-17 00:03 . 2011-03-17 00:03 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-03-17 00:03 . 2004-10-22 02:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-03-17 00:03 . 2004-10-22 02:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-03-17 00:03 . 2004-10-22 02:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-03-17 00:03 . 2004-10-22 02:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-03-17 00:03 . 2004-10-22 02:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-03-17 00:03 . 2004-10-22 02:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-03-17 00:03 . 2011-03-17 00:03 323584 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-03-16 23:12 . 2011-03-16 23:12 -------- d-----w- c:\documents and settings\colin\Application Data\ArcSoft
2011-03-16 23:12 . 2011-03-16 23:12 -------- d-----w- c:\documents and settings\colin\Local Settings\Application Data\ArcSoft
2011-03-16 23:11 . 2011-03-16 23:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ArcSoft
2011-03-16 23:10 . 2006-11-10 15:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2011-03-16 23:10 . 2005-04-27 16:36 245408 ----a-w- c:\windows\system32\unicows.dll
2011-03-16 23:09 . 2011-03-16 23:10 -------- d-----w- c:\program files\Common Files\ArcSoft
2011-03-16 23:09 . 2011-03-16 23:09 -------- d-----w- c:\program files\ArcSoft
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-27 15:59 . 2009-02-17 09:55 90112 ----a-w- c:\windows\DUMPc4b7.tmp
2011-02-11 06:54 . 2010-10-24 14:28 5943120 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2004-08-12 08:04 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-12 07:57 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-02-17 18:14 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-02-17 18:14 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-12 08:05 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 09:41 . 2011-02-07 18:48 5890896 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-11 16:30 . 2009-02-17 09:55 90112 ----a-w- c:\windows\DUMPa047.tmp
2011-01-07 14:09 . 2004-08-12 07:55 290048 ----a-w- c:\windows\system32\atmfd.dll
2007-11-10 23:16 . 2007-11-10 23:16 2293712 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2007-11-10 23:16 . 2007-11-10 23:15 3928264 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-11-10 23:15 . 2007-11-10 23:15 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2005-08-11 10:47 . 2005-08-11 10:47 5671936 -c--a-w- c:\program files\aq3d.exe
2005-08-04 02:23 . 2005-08-04 02:23 45056 -c--a-w- c:\program files\FreeDVD.exe
2005-08-04 02:22 . 2005-08-04 02:22 891020 -c--a-w- c:\program files\DVDFabDecrypter29.exe
2005-08-04 01:47 . 2005-08-04 01:47 536894 -c--a-w- c:\program files\DVD43_3-5-3_Setup.exe
2005-08-02 23:16 . 2005-08-02 23:16 414470 -c--a-w- c:\program files\SetupImgTool_1.2.0_63.exe
2005-08-02 23:08 . 2005-08-02 23:08 899414 -c--a-w- c:\program files\SetupDVDDecrypter_3.5.4.0.exe
2005-08-02 02:22 . 2005-08-02 02:22 1245802 -c--a-w- c:\program files\dvd-ripper.exe
2005-07-31 10:52 . 2005-07-31 10:40 1665325 -c--a-w- c:\program files\agsetup.exe
2005-07-30 23:22 . 2005-07-30 23:22 21904216 -c--a-w- c:\program files\iTunesSetup.exe
2005-07-28 23:59 . 2005-07-28 23:59 9278904 -c--a-w- c:\program files\heavyweaponsetup.exe
2004-08-09 23:30 . 2005-12-27 00:55 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2004-06-14 16:04 . 2005-08-16 17:35 954123 -c--a-w- c:\program files\ChankastUtilv02a3.exe
2004-03-11 13:40 . 2004-03-11 13:40 308448 -c--a-w- c:\program files\unmsjvm.exe
1997-07-03 09:35 . 2005-11-13 00:13 109056 -c--a-w- c:\program files\Unwise.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\colin\Application Data\A6B03AF72E542747E886F291D4CE1A71 ----
.
.
---- Directory of c:\documents and settings\sean.C-1F6C1AA3F9AD4\Local Settings\Application Data\{4C179AEA-C7E2-49FE-A51F-8382BCDC352D} ----
.
2011-03-24 12:30 . 2011-03-24 12:30 5954 ----a-w- c:\documents and settings\sean.C-1F6C1AA3F9AD4\Local Settings\Application Data\{4C179AEA-C7E2-49FE-A51F-8382BCDC352D}\chrome\content\overlay.xul
2011-03-24 12:30 . 2011-03-24 12:30 2122 ----a-w- c:\documents and settings\sean.C-1F6C1AA3F9AD4\Local Settings\Application Data\{4C179AEA-C7E2-49FE-A51F-8382BCDC352D}\chrome\content\_cfg.js
2011-03-24 12:30 . 2011-03-24 12:30 764 ----a-w- c:\documents and settings\sean.C-1F6C1AA3F9AD4\Local Settings\Application Data\{4C179AEA-C7E2-49FE-A51F-8382BCDC352D}\install.rdf
2011-03-24 12:30 . 2011-03-24 12:30 122 ----a-w- c:\documents and settings\sean.C-1F6C1AA3F9AD4\Local Settings\Application Data\{4C179AEA-C7E2-49FE-A51F-8382BCDC352D}\chrome.manifest
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-31_20.24.10 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 14:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
"DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 16384]
"%FP%Friendly fts.exe"="c:\program files\VoyagerTest\fts.exe" [2003-05-06 72192]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2005-04-11 83544]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2003-08-19 1048576]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ssdiag"="c:\windows\ssdiag.exe" [2005-05-13 57401]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\sean.C-1F6C1AA3F9AD4\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-12-16 95232]
BBC iPlayer Desktop.lnk.disabled [2009-11-25 752]
OpenOffice.org 3.0.lnk.disabled [2009-5-10 864]
.
c:\documents and settings\Colin Bowden.D1SSKL1J.000\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk.disabled [2007-5-23 723]
Last.fm Helper.lnk.disabled [2008-1-29 655]
Xfire.lnk.disabled [2007-10-4 650]
.
c:\documents and settings\colin\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk.disabled [2009-7-25 752]
OpenOffice.org 3.0.lnk.disabled [2009-4-19 864]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0b\aoltray.exe [2009-2-17 156784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"kdx"=c:\program files\Kontiki\KHost.exe -all
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"4oD"="c:\program files\Kontiki\KHost.exe" -all
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0b\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 7:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 7:41 PM 67656]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 7:15 PM 12872]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
2011-04-01 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 14:23]
.
2011-04-01 c:\windows\Tasks\User_Feed_Synchronization-{811A37BF-9428-4715-8F25-4026143FA384}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-01 19:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-04-01 19:03:19
ComboFix-quarantined-files.txt 2011-04-01 18:03
ComboFix2.txt 2011-03-31 20:27
.
Pre-Run: 7,865,843,712 bytes free
Post-Run: 7,871,950,848 bytes free
.
- - End Of File - - 9B75182E29F1B127FEC52D0E85E6A780

eset:
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinProlacop.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users.WINDOWS\Desktop\eBay.url Win32/Adware.ADON application
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\eBay.url Win32/Adware.ADON application
C:\Documents and Settings\colin\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.url Win32/Adware.ADON application

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by colin at 3:17:57.43 on Sat 04/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.635 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\colin\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DSLSTATEXE] c:\program files\bt voyager 105 adsl modem\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\bt voyager 105 adsl modem\dslagent.exe
mRun: [%FP%Friendly fts.exe] "c:\program files\voyagertest\fts.exe"
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ssdiag] c:\windows\ssdiag.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\documents and settings\colin\start menu\programs\startup\BBC iPlayer Desktop.lnk.disabled
StartupFolder: c:\documents and settings\colin\start menu\programs\startup\OpenOffice.org 3.0.lnk.disabled
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0b\aoltray.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2009-2-17 55936]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
.
=============== Created Last 30 ================
.
2011-04-01 23:51:30 -------- d-----w- c:\program files\ESET
2011-04-01 23:41:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-01 23:41:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-01 22:46:03 3584 ----a-r- c:\docume~1\colin\applic~1\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2011-04-01 22:46:02 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-04-01 22:45:07 -------- d-----w- c:\program files\MSECACHE
2011-04-01 20:17:57 6792528 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{618480b4-05cd-4306-a610-8d835a866654}\mpengine.dll
2011-03-31 19:36:36 -------- d-sha-r- C:\cmdcons
2011-03-31 19:28:47 98816 ----a-w- c:\windows\sed.exe
2011-03-31 19:28:47 89088 ----a-w- c:\windows\MBR.exe
2011-03-31 19:28:47 256512 ----a-w- c:\windows\PEV.exe
2011-03-31 19:28:47 161792 ----a-w- c:\windows\SWREG.exe
2011-03-31 17:15:46 -------- d-----w- c:\docume~1\colin\applic~1\AVG10
2011-03-31 17:12:09 -------- d--h--w- c:\docume~1\alluse~1.win\applic~1\Common Files
2011-03-31 17:04:10 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVG10
2011-03-31 17:02:51 -------- d-----w- C:\$AVG
2011-03-30 17:09:25 -------- d-----w- C:\New Folder
2011-03-22 12:42:00 -------- d-----w- c:\docume~1\colin\applic~1\A6B03AF72E542747E886F291D4CE1A71
2011-03-17 00:04:35 8704 ----a-w- c:\windows\system32\vidccleaner.exe
2011-03-17 00:04:35 61440 ----a-w- c:\windows\system32\xvid.ax
2011-03-17 00:04:35 552960 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-17 00:04:35 159744 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-17 00:04:06 217088 ----a-w- c:\windows\system32\skjpeg40.dll
2011-03-17 00:04:05 83968 ----a-w- c:\windows\system32\Skbase40.dll
2011-03-17 00:04:03 -------- d-----w- c:\program files\Samsung
2011-03-17 00:03:48 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2011-03-17 00:03:48 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2011-03-17 00:03:48 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2011-03-17 00:03:48 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-03-17 00:03:48 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2011-03-17 00:03:48 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2011-03-17 00:03:48 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2011-03-17 00:03:47 323584 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2011-03-16 23:12:20 -------- d-----w- c:\docume~1\colin\locals~1\applic~1\ArcSoft
2011-03-16 23:11:11 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\ArcSoft
2011-03-16 23:10:40 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2011-03-16 23:10:38 245408 ----a-w- c:\windows\system32\unicows.dll
.
==================== Find3M ====================
.
2011-02-27 15:59:04 90112 ----a-w- c:\windows\DUMPc4b7.tmp
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-11 16:30:30 90112 ----a-w- c:\windows\DUMPa047.tmp
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2007-11-10 23:16:25 2293712 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2007-11-10 23:16:09 3928264 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-11-10 23:15:40 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2005-08-11 10:47:16 5671936 -c--a-w- c:\program files\aq3d.exe
2005-08-04 02:23:07 45056 -c--a-w- c:\program files\FreeDVD.exe
2005-08-04 02:22:53 891020 -c--a-w- c:\program files\DVDFabDecrypter29.exe
2005-08-04 01:47:43 536894 -c--a-w- c:\program files\DVD43_3-5-3_Setup.exe
2005-08-02 23:16:46 414470 -c--a-w- c:\program files\SetupImgTool_1.2.0_63.exe
2005-08-02 23:08:10 899414 -c--a-w- c:\program files\SetupDVDDecrypter_3.5.4.0.exe
2005-08-02 02:22:38 1245802 -c--a-w- c:\program files\dvd-ripper.exe
2005-07-31 10:52:31 1665325 -c--a-w- c:\program files\agsetup.exe
2005-07-30 23:22:45 21904216 -c--a-w- c:\program files\iTunesSetup.exe
2005-07-28 23:59:25 9278904 -c--a-w- c:\program files\heavyweaponsetup.exe
2004-08-09 23:30:22 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2004-06-14 16:04:29 954123 -c--a-w- c:\program files\ChankastUtilv02a3.exe
2004-03-11 13:40:34 308448 -c--a-w- c:\program files\unmsjvm.exe
1997-07-03 09:35:04 109056 -c--a-w- c:\program files\Unwise.exe
.
============= FINISH: 3:18:55.93 ===============

Hi,

Open notepad and copy/paste the text in the quotebox below into it:



http://forums.spybot.info/showthread.php?t=62003
Suspect::[76]
c:\documents and settings\sean.C-1F6C1AA3F9AD4\Local Settings\Application Data\{4C179AEA-C7E2-49FE-A51F-8382BCDC352D}
Folder::
c:\documents and settings\colin\Application Data\A6B03AF72E542747E886F291D4CE1A71
File::
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinProlacop.zip
C:\Documents and Settings\All Users.WINDOWS\Desktop\eBay.url
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\eBay.url
C:\Documents and Settings\colin\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.url



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Hi, sorry I wasn't connected to the internet when i ran the cf scan, so cf couldn't submit the suspect file. CF told me i could submit this manually later: an IE file appeared in the c: directory CF-submit, should i click on this and follow the instructions?

anyway here's the cf scan:

ComboFix 11-03-29.06 - colin 04/02/2011 13:54:40.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.696 [GMT 1:00]
Running from: c:\documents and settings\colin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\colin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip"
"c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinProlacop.zip"
"c:\documents and settings\All Users.WINDOWS\Desktop\eBay.url"
"c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\eBay.url"
"c:\documents and settings\colin\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.url"
.
file zipped: c:\documents and settings\sean.C-1F6C1AA3F9AD4\Local Settings\Application Data\{4C179AEA-C7E2-49FE-A51F-8382BCDC352D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip
c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinProlacop.zip
c:\documents and settings\All Users.WINDOWS\Desktop\eBay.url
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\eBay.url
c:\documents and settings\colin\Application Data\A6B03AF72E542747E886F291D4CE1A71
c:\documents and settings\colin\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.url
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-01 23:51 . 2011-04-01 23:51 -------- d-----w- c:\program files\ESET
2011-04-01 23:41 . 2011-04-01 23:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-01 23:41 . 2011-04-01 23:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-01 22:46 . 2011-04-01 22:46 3584 ----a-r- c:\documents and settings\colin\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-04-01 22:46 . 2011-04-01 22:46 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-04-01 22:45 . 2011-04-01 22:45 -------- d-----w- c:\program files\MSECACHE
2011-04-01 20:17 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{618480B4-05CD-4306-A610-8D835A866654}\mpengine.dll
2011-03-31 17:15 . 2011-03-31 17:15 -------- d-----w- c:\documents and settings\colin\Application Data\AVG10
2011-03-31 17:12 . 2011-03-31 17:12 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
2011-03-31 17:04 . 2011-03-31 18:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
2011-03-31 17:02 . 2011-03-31 17:02 -------- d-----w- C:\$AVG
2011-03-30 17:09 . 2011-03-30 17:09 -------- d-----w- C:\New Folder
2011-03-27 16:15 . 2011-03-27 16:16 -------- d-----w- c:\program files\ERUNT
2011-03-24 12:30 . 2011-03-24 12:30 -------- d-----w- c:\documents and settings\sean.C-1F6C1AA3F9AD4\Local Settings\Application Data\{4C179AEA-C7E2-49FE-A51F-8382BCDC352D}
2011-03-22 12:52 . 2011-03-22 12:52 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2011-03-17 00:04 . 2005-12-14 15:11 61440 ----a-w- c:\windows\system32\xvid.ax
2011-03-17 00:04 . 2005-12-14 15:10 552960 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-17 00:04 . 2005-12-14 15:08 159744 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-17 00:04 . 2004-03-09 09:39 8704 ----a-w- c:\windows\system32\vidccleaner.exe
2011-03-17 00:04 . 1998-07-09 19:41 217088 ----a-w- c:\windows\system32\skjpeg40.dll
2011-03-17 00:04 . 1998-03-04 10:40 83968 ----a-w- c:\windows\system32\Skbase40.dll
2011-03-17 00:04 . 2011-03-17 00:04 -------- d-----w- c:\program files\Samsung
2011-03-17 00:03 . 2011-03-17 00:03 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-03-17 00:03 . 2004-10-22 02:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-03-17 00:03 . 2004-10-22 02:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-03-17 00:03 . 2004-10-22 02:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-03-17 00:03 . 2004-10-22 02:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-03-17 00:03 . 2004-10-22 02:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-03-17 00:03 . 2004-10-22 02:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-03-17 00:03 . 2011-03-17 00:03 323584 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-03-16 23:12 . 2011-03-16 23:12 -------- d-----w- c:\documents and settings\colin\Application Data\ArcSoft
2011-03-16 23:12 . 2011-03-16 23:12 -------- d-----w- c:\documents and settings\colin\Local Settings\Application Data\ArcSoft
2011-03-16 23:11 . 2011-03-16 23:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ArcSoft
2011-03-16 23:10 . 2006-11-10 15:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2011-03-16 23:10 . 2005-04-27 16:36 245408 ----a-w- c:\windows\system32\unicows.dll
2011-03-16 23:09 . 2011-03-16 23:10 -------- d-----w- c:\program files\Common Files\ArcSoft
2011-03-16 23:09 . 2011-03-16 23:09 -------- d-----w- c:\program files\ArcSoft
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-27 15:59 . 2009-02-17 09:55 90112 ----a-w- c:\windows\DUMPc4b7.tmp
2011-02-11 06:54 . 2010-10-24 14:28 5943120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2004-08-12 08:04 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-12 07:57 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-02-17 18:14 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-02-17 18:14 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-12 08:05 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 09:41 . 2011-02-07 18:48 5890896 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-11 16:30 . 2009-02-17 09:55 90112 ----a-w- c:\windows\DUMPa047.tmp
2011-01-07 14:09 . 2004-08-12 07:55 290048 ----a-w- c:\windows\system32\atmfd.dll
2007-11-10 23:16 . 2007-11-10 23:16 2293712 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2007-11-10 23:16 . 2007-11-10 23:15 3928264 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-11-10 23:15 . 2007-11-10 23:15 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2005-08-11 10:47 . 2005-08-11 10:47 5671936 -c--a-w- c:\program files\aq3d.exe
2005-08-04 02:23 . 2005-08-04 02:23 45056 -c--a-w- c:\program files\FreeDVD.exe
2005-08-04 02:22 . 2005-08-04 02:22 891020 -c--a-w- c:\program files\DVDFabDecrypter29.exe
2005-08-04 01:47 . 2005-08-04 01:47 536894 -c--a-w- c:\program files\DVD43_3-5-3_Setup.exe
2005-08-02 23:16 . 2005-08-02 23:16 414470 -c--a-w- c:\program files\SetupImgTool_1.2.0_63.exe
2005-08-02 23:08 . 2005-08-02 23:08 899414 -c--a-w- c:\program files\SetupDVDDecrypter_3.5.4.0.exe
2005-08-02 02:22 . 2005-08-02 02:22 1245802 -c--a-w- c:\program files\dvd-ripper.exe
2005-07-31 10:52 . 2005-07-31 10:40 1665325 -c--a-w- c:\program files\agsetup.exe
2005-07-30 23:22 . 2005-07-30 23:22 21904216 -c--a-w- c:\program files\iTunesSetup.exe
2005-07-28 23:59 . 2005-07-28 23:59 9278904 -c--a-w- c:\program files\heavyweaponsetup.exe
2004-08-09 23:30 . 2005-12-27 00:55 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2004-06-14 16:04 . 2005-08-16 17:35 954123 -c--a-w- c:\program files\ChankastUtilv02a3.exe
2004-03-11 13:40 . 2004-03-11 13:40 308448 -c--a-w- c:\program files\unmsjvm.exe
1997-07-03 09:35 . 2005-11-13 00:13 109056 -c--a-w- c:\program files\Unwise.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-31_20.24.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-02 09:58 . 2011-04-02 09:58 16384 c:\windows\Temp\Perflib_Perfdata_98.dat
+ 2011-04-01 23:41 . 2011-04-01 23:40 157472 c:\windows\system32\javaws.exe
+ 2011-04-01 23:41 . 2011-04-01 23:40 145184 c:\windows\system32\javaw.exe
- 2010-03-31 09:59 . 2010-03-09 03:28 145184 c:\windows\system32\javaw.exe
+ 2011-04-01 23:41 . 2011-04-01 23:40 145184 c:\windows\system32\java.exe
- 2010-03-31 09:59 . 2010-03-09 03:28 145184 c:\windows\system32\java.exe
+ 2011-04-01 23:13 . 2011-04-01 23:13 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2011-04-01 22:46 . 2011-04-01 22:46 472064 c:\windows\Installer\5bc8134.msi
+ 2011-04-01 23:41 . 2011-04-01 23:41 180224 c:\windows\Installer\1114ce.msi
+ 2011-04-01 23:40 . 2011-04-01 23:40 677376 c:\windows\Installer\1114c0.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 14:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
"DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 16384]
"%FP%Friendly fts.exe"="c:\program files\VoyagerTest\fts.exe" [2003-05-06 72192]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2005-04-11 83544]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2003-08-19 1048576]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ssdiag"="c:\windows\ssdiag.exe" [2005-05-13 57401]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\sean.C-1F6C1AA3F9AD4\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-12-16 95232]
BBC iPlayer Desktop.lnk.disabled [2009-11-25 752]
OpenOffice.org 3.0.lnk.disabled [2009-5-10 864]
.
c:\documents and settings\Colin Bowden.D1SSKL1J.000\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk.disabled [2007-5-23 723]
Last.fm Helper.lnk.disabled [2008-1-29 655]
Xfire.lnk.disabled [2007-10-4 650]
.
c:\documents and settings\colin\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk.disabled [2009-7-25 752]
OpenOffice.org 3.0.lnk.disabled [2009-4-19 864]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0b\aoltray.exe [2009-2-17 156784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"kdx"=c:\program files\Kontiki\KHost.exe -all
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"4oD"="c:\program files\Kontiki\KHost.exe" -all
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0b\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 7:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 7:41 PM 67656]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 7:15 PM 12872]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
2011-04-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 14:23]
.
2011-04-02 c:\windows\Tasks\User_Feed_Synchronization-{811A37BF-9428-4715-8F25-4026143FA384}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-02 14:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-04-02 14:10:37
ComboFix-quarantined-files.txt 2011-04-02 13:10
ComboFix2.txt 2011-04-01 18:03
ComboFix3.txt 2011-03-31 20:27
.
Pre-Run: 7,732,043,776 bytes free
Post-Run: 7,750,635,520 bytes free
.
- - End Of File - - E491E67B5786BFB42F65E859DD1D9A94

I clicked and submitted the file anway (I'm sure it was the right one)

Hi,

Open notepad and copy/paste the text in the codebox below into it:



@echo off
for %%g in (
c:\documents and settings\sean.C-1F6C1AA3F9AD4\Local Settings\Application Data\{4C179AEA-C7E2-49FE-A51F-8382BCDC352D}
) do zip Files_for_submission %%g
del %0



Save this as grab.bat
Choose to Save type as - All Files
Save it on your desktop.
It should look like this: http://www.techsupportforum.com/sectools/tetonbob/bat_icon.gif
Double click on grab.bat & allow it to run

A file, Files_for_submission.zip will be created on your desktop.

Go to this website (http://www.bleepingcomputer.com/submit-malware.php?channel=76) and upload the file. Kindly include a link to this topic in the message.

Save this as grab.bat
Choose to Save type as - All Files
Save it on your desktop.
It should look like this: http://www.techsupportforum.com/sectools/tetonbob/bat_icon.gif
Double click on grab.bat & allow it to run

A file, Files_for_submission.zip will be created on your desktop.

Go to this website (http://www.bleepingcomputer.com/submit-malware.php?channel=76) and upload the file. Kindly include a link to this topic in the message.
Grab bat just dissapeared no file new file appeared.
This is the file CF-submit wants to send: C:\Qoobox\Quarantine\[76]-Submit_2011-04-02_13.54.32.zip would that be the right one?

Hi,

Let's try to do the thing manually.

Go to c:\documents and settings\sean.C-1F6C1AA3F9AD4\Local Settings\Application Data folder and archive {4C179AEA-C7E2-49FE-A51F-8382BCDC352D} folder into a zip file. Then submit that zip file to that linked address.

done, I hope I got that right! Sorry about that!

Thanks for the submission :)

You may delete that c:\documents and settings\sean.C-1F6C1AA3F9AD4\Local Settings\Application Data\{4C179AEA-C7E2-49FE-A51F-8382BCDC352D} folder now.

How's the system running?

Hi, very slow booting up, but once it gets going its alright.

Hi,

Some tips for improving system performance here (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html).

Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

I uninstalled combofix before reseting system restore, is that bad? I haven't reset system restore yet.

No, that's ok :)

So far, so good! Thanks Blade sensei :)

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.