I Think I have a Rootkit Infection

[woody55]

Cheers mate appreciate this

All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:9B013599 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Murdo & Louise
->Temp folder emptied: 100080 bytes
->Temporary Internet Files folder emptied: 1978783 bytes
->Java cache emptied: 8044 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 8200 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109688 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.2 log created on 03022011_181526

Files\Folders moved on Reboot...
C:\Users\Murdo & Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA1YJON7\showthread[1].php moved successfully.
C:\Users\Murdo & Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File\Folder C:\Windows\temp\mcafee_Yg6pttLH8f4ocKM not found!

Registry entries deleted on Reboot...


OLT.txt to follow

[woody55]

OTL logfile created on: 02/03/2011 6:20:52 PM - Run 5
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Murdo & Louise\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 241.15 Gb Total Space | 176.13 Gb Free Space | 73.04% Space Free | Partition Type: NTFS
Drive D: | 224.51 Gb Total Space | 104.11 Gb Free Space | 46.37% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 557.70 Gb Free Space | 59.87% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 312.14 Gb Free Space | 16.75% Space Free | Partition Type: NTFS
Drive H: | 1397.26 Gb Total Space | 312.04 Gb Free Space | 22.33% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Murdo & Louise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Murdo & Louise\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\System32\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Keyboard Express 3\keyexp.exe (Insight Software Solutions)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
PRC - C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Logitech\SetPoint\LBTWiz.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe ()
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\dlbtcoms.exe ( )
PRC - C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe (Lexmark International, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Murdo & Louise\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Keyboard Express 3\keyhook.dll (Insight Software Solutions)


========== Win32 Services (SafeList) ==========

SRV - (MAFVX) -- File not found
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (NitroDriverReadSpool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
SRV - (astcc) -- C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (BlueSoleilCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
SRV - (BsHelpCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
SRV - (BsMobileCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe ()
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (dlbt_device) -- C:\Windows\System32\dlbtcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (btkrnl) -- C:\Windows\System32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\Windows\System32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\Windows\System32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\Windows\System32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\Windows\System32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\Windows\System32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (ha20x22k) -- C:\Windows\System32\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (IvtBtBUs) -- C:\Windows\System32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (SI3112r) -- C:\Windows\system32\DRIVERS\SI3112r.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (BTNetFilter) -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys (IVT Corporation.)
DRV - (IntelC52) -- C:\Windows\System32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\Windows\System32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\Windows\System32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\Windows\System32\drivers\mohfilt.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED F6 BE 7A 5D F8 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/06/08 23:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Murdo & Louise\AppData\Roaming\Mozilla\Extensions
[2010/06/08 23:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Murdo & Louise\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2011/03/02 18:15:56 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Watch for Browser Events) - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\Program Files\Keyboard Express 3\kie.dll (Insight Software Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20101104123601.dll (McAfee, Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] File not found
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLBTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [dlbtmon.exe] C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Nuance OmniPage 17-reminder] C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Standby] c:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\skype4com.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/02 18:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/03/02 18:15:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/02 18:13:25 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Murdo & Louise\Desktop\OTL.exe
[2011/03/02 12:59:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/02 12:16:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/02 10:39:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/01 20:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/02/23 17:58:16 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/23 17:58:15 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/09 21:20:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/09 21:20:52 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/09 21:20:51 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/09 21:20:51 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/09 21:20:51 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/09 21:20:51 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/09 21:20:51 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/09 21:20:51 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/09 21:20:51 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/09 21:20:43 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 21:20:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/09 21:20:40 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/09 21:19:57 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/02/09 21:19:56 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/09 21:19:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/09 21:19:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/09 21:19:52 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 21:19:52 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 21:19:49 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/08 23:12:13 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/02/08 23:12:09 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/02/08 23:05:25 | 000,000,000 | ---D | C] -- C:\Users\Murdo & Louise\AppData\Local\Sunbelt Software
[2011/02/08 23:04:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/02/08 23:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/02/08 23:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/02/08 22:35:05 | 000,000,000 | ---D | C] -- C:\Users\Murdo & Louise\AppData\Roaming\Malwarebytes
[2011/02/08 22:34:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/08 22:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/08 22:34:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/08 22:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/06 11:23:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/06 11:23:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/06 11:23:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/06 11:23:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/07 20:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2010/07/07 20:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[2010/05/20 21:01:04 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbtserv.dll
[2010/05/20 21:01:04 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbtusb1.dll
[2010/05/20 21:01:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbthbn3.dll
[2010/05/20 21:01:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomc.dll
[2010/05/20 21:01:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbtpmui.dll
[2010/05/20 21:01:04 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbtlmpm.dll
[2010/05/20 21:01:04 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbtcoms.exe
[2010/05/20 21:01:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomm.dll
[2010/05/20 21:01:04 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbtinpa.dll
[2010/05/20 21:01:04 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbtiesc.dll
[2010/05/20 21:01:04 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbtih.exe
[2010/05/20 21:01:04 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbtcfg.exe
[2010/05/20 21:01:04 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBThcp.dll
[2010/05/20 21:01:04 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbtprox.dll
[2010/05/20 21:01:04 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbtpplc.dll
[2010/01/27 01:47:00 | 002,495,080 | ---- | C] (Amazon.com) -- C:\Program Files\AmazonMP3Downloader.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/02 18:22:35 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/02 18:22:35 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/02 18:17:25 | 000,001,097 | ---- | M] () -- C:\Windows\System32\bscs.ini
[2011/03/02 18:17:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/02 18:17:11 | 2414,460,928 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/02 18:16:21 | 000,056,448 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00411102}.rfx
[2011/03/02 18:16:21 | 000,056,448 | ---- | M] () -- C:\Windows\System32\BMXState-{00000003-00000000-00000000-00001102-0000000B-00411102}.rfx
[2011/03/02 18:16:21 | 000,000,820 | ---- | M] () -- C:\Windows\System32\DVCState-{00000003-00000000-00000000-00001102-0000000B-00411102}.rfx
[2011/03/02 18:15:56 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/03/02 18:13:38 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Murdo & Louise\Desktop\OTL.exe
[2011/03/02 10:06:10 | 000,000,053 | ---- | M] () -- C:\Windows\wininit.ini
[2011/03/01 21:50:11 | 179,129,969 | ---- | M] () -- C:\Windows\System32\R
[2011/02/20 10:19:02 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/02/19 12:22:08 | 000,003,504 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/02/19 12:06:51 | 000,000,181 | ---- | M] () -- C:\Users\Murdo & Louise\AppData\Roaming\default.rss
[2011/02/19 12:01:18 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/02/09 21:30:16 | 003,874,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/08 23:12:07 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/02/03 05:45:07 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/01/31 22:22:02 | 000,045,941 | ---- | M] () -- C:\Users\Murdo & Louise\Desktop\Boys Kilt Outfit.jpg
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/02 10:06:10 | 000,000,053 | ---- | C] () -- C:\Windows\wininit.ini
[2011/03/01 21:06:31 | 179,129,969 | ---- | C] () -- C:\Windows\System32\R
[2011/02/06 11:23:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/06 11:23:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/06 11:23:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/06 11:23:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/06 11:23:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/31 22:22:30 | 000,045,941 | ---- | C] () -- C:\Users\Murdo & Louise\Desktop\Boys Kilt Outfit.jpg
[2011/01/20 17:07:32 | 000,098,304 | RHS- | C] () -- C:\Windows\System32\ctdvinst4.dll
[2010/12/23 02:48:53 | 000,000,181 | ---- | C] () -- C:\Users\Murdo & Louise\AppData\Roaming\default.rss
[2010/12/23 02:25:17 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/12/09 21:44:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/09 12:16:03 | 000,164,864 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/11/09 12:16:03 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/10/27 23:45:25 | 000,070,646 | ---- | C] () -- C:\Program Files\Uninstall.exe
[2010/10/27 02:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/09/28 20:07:36 | 000,224,001 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/09/17 18:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/08/06 17:10:14 | 002,860,384 | ---- | C] () -- C:\Windows\System32\btwicons.dll
[2010/07/07 21:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2010/07/07 21:23:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010/07/07 20:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2010/07/07 20:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2010/07/07 20:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2010/07/07 20:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2010/07/07 20:14:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2010/07/07 20:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2010/06/19 22:16:50 | 000,000,248 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI
[2010/06/19 22:16:10 | 000,000,135 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2010/06/01 23:40:03 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/05/27 09:12:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2010/05/24 20:55:37 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/22 00:03:38 | 000,000,917 | ---- | C] () -- C:\Users\Murdo & Louise\AppData\Roaming\coreavc.ini
[2010/05/21 19:05:21 | 000,005,982 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
[2010/05/21 19:05:21 | 000,000,096 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
[2010/05/21 13:01:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
[2010/05/21 00:31:57 | 000,000,391 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/05/21 00:19:32 | 000,018,944 | ---- | C] () -- C:\Users\Murdo & Louise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/21 00:18:37 | 000,000,088 | RHS- | C] () -- C:\ProgramData\B57D7868DD.sys
[2010/05/21 00:18:36 | 000,003,504 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/20 23:15:17 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/05/20 21:01:04 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbtutil.dll
[2010/05/20 21:01:04 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBTinst.dll
[2010/05/20 21:01:04 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbtinsb.dll
[2010/05/20 21:01:04 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbtins.dll
[2010/05/20 21:01:04 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbtjswr.dll
[2010/05/20 21:01:04 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbtinsr.dll
[2010/05/20 21:01:04 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbtcub.dll
[2010/05/20 21:01:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbtcu.dll
[2010/05/20 21:01:04 | 000,069,632 | ---- | C] () -- C:\Windows\System32\DLBTcfg.dll
[2010/05/20 21:01:04 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbtcur.dll
[2010/05/20 21:00:24 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbtcoin.dll
[2010/05/20 21:00:24 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll
[2010/05/20 21:00:24 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbtvs.dll
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2010/01/21 21:59:14 | 000,009,107 | ---- | C] () -- C:\Program Files\Readme.html
[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 003,874,872 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,628,024 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,110,208 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/01 10:12:32 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009/06/17 09:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/27 16:04:46 | 000,001,097 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2009/02/27 15:45:16 | 000,405,589 | ---- | C] () -- C:\Windows\System32\BsUI.dll
[2009/02/27 15:44:50 | 000,278,647 | ---- | C] () -- C:\Windows\System32\outlookAddin.dll
[2009/02/27 15:44:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HtmPrintHelper.dll
[2009/02/27 15:44:10 | 000,622,693 | ---- | C] () -- C:\Windows\System32\BSShell.dll
[2009/02/27 15:41:38 | 000,098,403 | ---- | C] () -- C:\Windows\System32\Bs2Res.dll
[2009/02/27 15:41:02 | 000,122,976 | ---- | C] () -- C:\Windows\System32\BsMobileSDK.dll
[2009/02/27 15:40:50 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BsMobileCSps.dll
[2008/12/07 11:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008/10/22 14:30:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\BsVistaCommon.dll
[2008/03/07 12:54:22 | 017,907,824 | ---- | C] () -- C:\Windows\System32\BsLangInDepRes.dll
[2007/05/09 19:35:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

< End of report >

[ken545]

Backup Your Registry with ERUNT:

• Download erunt.zip to your Desktop from here:
  http://aumha.org/downloads/erunt.zip
• Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
• Inside the new folder, double-click ERUNT.exe to start the program
• OK all the prompts to back up your registry to the default location.

Note: to restore your registry, go to the backup folder and start ERDNT.exe



Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::

Code:

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


Also let me know if you see any difference in your system ??

[woody55]

It said it needed to perform a deeper scan and did

ComboFix 11-03-02.01 - Murdo & Louise 02/03/2011 19:31:09.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3070.2230 [GMT 0:00]
Running from: c:\users\Murdo & Louise\Desktop\ComboFix.exe
Command switches used :: c:\users\Murdo & Louise\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2011-02-02 to 2011-03-02 )))))))))))))))))))))))))))))))
.

2011-03-02 19:44 . 2011-03-02 19:44 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-03-02 19:44 . 2011-03-02 19:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-02 18:15 . 2011-03-02 18:15 -------- d-----w- C:\_OTL
2011-03-01 20:46 . 2011-03-01 20:46 -------- d-----w- c:\program files\Sophos
2011-02-23 17:58 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 17:58 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 17:58 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-09 21:19 . 2010-12-21 05:38 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-08 23:12 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-08 23:12 . 2011-02-08 23:12 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-08 23:05 . 2011-02-08 23:05 -------- d-----w- c:\users\Murdo & Louise\AppData\Local\Sunbelt Software
2011-02-08 23:04 . 2011-02-13 19:57 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-02-08 23:04 . 2011-02-08 23:12 -------- d-----w- c:\programdata\Lavasoft
2011-02-08 23:04 . 2011-02-08 23:04 -------- d-----w- c:\program files\Lavasoft
2011-02-08 22:35 . 2011-02-08 22:35 -------- d-----w- c:\users\Murdo & Louise\AppData\Roaming\Malwarebytes
2011-02-08 22:34 . 2011-02-08 22:34 -------- d-----w- c:\programdata\Malwarebytes
2011-02-08 22:34 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-08 22:34 . 2011-02-08 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-08 22:34 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 12:22 . 2010-05-21 00:18 3504 --sha-w- c:\programdata\KGyGaAvL.sys
2011-01-29 20:04 . 2010-10-27 23:45 70646 ----a-w- c:\program files\Uninstall.exe
2011-01-16 23:12 . 2010-05-26 17:03 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-01-16 22:40 . 2010-05-26 17:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-01-16 21:39 . 2010-06-10 07:04 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-21 23:41 . 2010-06-01 23:40 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-08 13:12 . 2010-05-20 22:00 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 13:11 . 2010-05-20 22:00 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 13:11 . 2010-05-20 22:00 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 13:11 . 2010-05-20 22:00 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-01-27 01:47 . 2010-01-27 01:47 2495080 ----a-w- c:\program files\AmazonMP3Downloader.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2008-11-17 210208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"dlbtmon.exe"="c:\program files\Dell Photo AIO Printer 922\dlbtmon.exe" [2007-02-28 431600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]
"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-12 73728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Keyboard Express 3.lnk - c:\program files\Keyboard Express 3\keyexp.exe [2010-5-20 3364352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 12:28 72208 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-09 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 198232]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1353304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 73816]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-04 15232]
R3 MAFVX;MAFVX;c:\users\MURDO&~1\AppData\Local\Temp\MAFVX.exe [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 55840]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 198232]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1353304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 73816]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1227352]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2011-02-20 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-05-21 14:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1787969973-3853490696-3738150907-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C57201AC-06E7-9A97-4D3E-370FCC5BB250}*]
"oagljfefmbkbenpecmabdbmehnbdml"=hex:69,61,64,69,69,64,6a,6a,6e,6f,62,63,6a,6c,
66,6a,63,67,00,00
"naampgfnkclfidbjbfddgefnahgh"=hex:69,61,64,69,69,64,6a,6a,6e,6f,62,63,6a,6c,
66,6a,63,67,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5980)
c:\program files\Keyboard Express 3\KEYHOOK.DLL
.
Completion time: 2011-03-02 19:48:25
ComboFix-quarantined-files.txt 2011-03-02 19:48
ComboFix2.txt 2011-03-02 17:02

Pre-Run: 189,088,333,824 bytes free
Post-Run: 189,047,402,496 bytes free

- - End Of File - - 931B8AF229BDEA3AD5A73C3C13CF10AC












I dont seem to be getting redirected anymore !

I've tried 20 times and no re-directing

Thanks very much - your help is really appreciated!

[ken545]

Great, but there are still questionable files and entries on your log.



Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Driver::

Code:

Driver::
MAFVX

File::
c:\users\MURDO&~1\AppData\Local\Temp\MAFVX.exe

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.







Please run this free online virus scanner from ESET

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

[woody55]

Thanks - Followed your instruction

ComboFix 11-03-02.01 - Murdo & Louise 02/03/2011 23:07:15.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3070.1926 [GMT 0:00]
Running from: c:\users\Murdo & Louise\Desktop\ComboFix.exe
Command switches used :: c:\users\Murdo & Louise\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\users\MURDO&~1\AppData\Local\Temp\MAFVX.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MAFVX


((((((((((((((((((((((((( Files Created from 2011-02-02 to 2011-03-02 )))))))))))))))))))))))))))))))
.

2011-03-02 23:19 . 2011-03-02 23:19 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-03-02 23:19 . 2011-03-02 23:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-02 18:15 . 2011-03-02 18:15 -------- d-----w- C:\_OTL
2011-03-01 20:46 . 2011-03-01 20:46 -------- d-----w- c:\program files\Sophos
2011-02-23 17:58 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 17:58 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 17:58 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-09 21:19 . 2010-12-21 05:38 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-08 23:12 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-08 23:12 . 2011-02-08 23:12 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-08 23:05 . 2011-02-08 23:05 -------- d-----w- c:\users\Murdo & Louise\AppData\Local\Sunbelt Software
2011-02-08 23:04 . 2011-02-13 19:57 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-02-08 23:04 . 2011-02-08 23:12 -------- d-----w- c:\programdata\Lavasoft
2011-02-08 23:04 . 2011-02-08 23:04 -------- d-----w- c:\program files\Lavasoft
2011-02-08 22:35 . 2011-02-08 22:35 -------- d-----w- c:\users\Murdo & Louise\AppData\Roaming\Malwarebytes
2011-02-08 22:34 . 2011-02-08 22:34 -------- d-----w- c:\programdata\Malwarebytes
2011-02-08 22:34 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-08 22:34 . 2011-02-08 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-08 22:34 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 12:22 . 2010-05-21 00:18 3504 --sha-w- c:\programdata\KGyGaAvL.sys
2011-01-29 20:04 . 2010-10-27 23:45 70646 ----a-w- c:\program files\Uninstall.exe
2011-01-16 23:12 . 2010-05-26 17:03 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-01-16 22:40 . 2010-05-26 17:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-01-16 21:39 . 2010-06-10 07:04 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-21 23:41 . 2010-06-01 23:40 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-08 13:12 . 2010-05-20 22:00 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 13:11 . 2010-05-20 22:00 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 13:11 . 2010-05-20 22:00 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 13:11 . 2010-05-20 22:00 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-01-27 01:47 . 2010-01-27 01:47 2495080 ----a-w- c:\program files\AmazonMP3Downloader.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2008-11-17 210208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"dlbtmon.exe"="c:\program files\Dell Photo AIO Printer 922\dlbtmon.exe" [2007-02-28 431600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]
"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-12 73728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Keyboard Express 3.lnk - c:\program files\Keyboard Express 3\keyexp.exe [2010-5-20 3364352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 12:28 72208 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-09 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 198232]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1353304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 73816]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-04 15232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 84264]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2007-08-29 116264]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 164840]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-13 141792]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-09-15 188736]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 55840]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 198232]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1353304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 73816]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1227352]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 313288]
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 562464]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2011-02-20 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-05-21 14:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1787969973-3853490696-3738150907-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C57201AC-06E7-9A97-4D3E-370FCC5BB250}*]
"oagljfefmbkbenpecmabdbmehnbdml"=hex:69,61,64,69,69,64,6a,6a,6e,6f,62,63,6a,6c,
66,6a,63,67,00,00
"naampgfnkclfidbjbfddgefnahgh"=hex:69,61,64,69,69,64,6a,6a,6e,6f,62,63,6a,6c,
66,6a,63,67,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5076)
c:\program files\Keyboard Express 3\KEYHOOK.DLL
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\logishrd\Bluetooth\LBTServ.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlbtcoms.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\fxssvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Logitech\SetPoint\LBTWiz.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2011-03-02 23:29:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-02 23:28
ComboFix2.txt 2011-03-02 19:48
ComboFix3.txt 2011-03-02 17:02

Pre-Run: 189,115,326,464 bytes free
Post-Run: 188,855,164,928 bytes free

- - End Of File - - 7417996CBD54404CB93A67679BA8D31D




ESET Log to follow (currently scanning)

[woody55]

Thanks - Followed your instruction

ComboFix 11-03-02.01 - Murdo & Louise 02/03/2011 23:07:15.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3070.1926 [GMT 0:00]
Running from: c:\users\Murdo & Louise\Desktop\ComboFix.exe
Command switches used :: c:\users\Murdo & Louise\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\users\MURDO&~1\AppData\Local\Temp\MAFVX.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MAFVX


((((((((((((((((((((((((( Files Created from 2011-02-02 to 2011-03-02 )))))))))))))))))))))))))))))))
.

2011-03-02 23:19 . 2011-03-02 23:19 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-03-02 23:19 . 2011-03-02 23:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-02 18:15 . 2011-03-02 18:15 -------- d-----w- C:\_OTL
2011-03-01 20:46 . 2011-03-01 20:46 -------- d-----w- c:\program files\Sophos
2011-02-23 17:58 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 17:58 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 17:58 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-09 21:19 . 2010-12-21 05:38 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-08 23:12 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-08 23:12 . 2011-02-08 23:12 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-08 23:05 . 2011-02-08 23:05 -------- d-----w- c:\users\Murdo & Louise\AppData\Local\Sunbelt Software
2011-02-08 23:04 . 2011-02-13 19:57 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-02-08 23:04 . 2011-02-08 23:12 -------- d-----w- c:\programdata\Lavasoft
2011-02-08 23:04 . 2011-02-08 23:04 -------- d-----w- c:\program files\Lavasoft
2011-02-08 22:35 . 2011-02-08 22:35 -------- d-----w- c:\users\Murdo & Louise\AppData\Roaming\Malwarebytes
2011-02-08 22:34 . 2011-02-08 22:34 -------- d-----w- c:\programdata\Malwarebytes
2011-02-08 22:34 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-08 22:34 . 2011-02-08 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-08 22:34 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 12:22 . 2010-05-21 00:18 3504 --sha-w- c:\programdata\KGyGaAvL.sys
2011-01-29 20:04 . 2010-10-27 23:45 70646 ----a-w- c:\program files\Uninstall.exe
2011-01-16 23:12 . 2010-05-26 17:03 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-01-16 22:40 . 2010-05-26 17:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-01-16 21:39 . 2010-06-10 07:04 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-21 23:41 . 2010-06-01 23:40 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-08 13:12 . 2010-05-20 22:00 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 13:11 . 2010-05-20 22:00 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 13:11 . 2010-05-20 22:00 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 13:11 . 2010-05-20 22:00 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-01-27 01:47 . 2010-01-27 01:47 2495080 ----a-w- c:\program files\AmazonMP3Downloader.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2008-11-17 210208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"dlbtmon.exe"="c:\program files\Dell Photo AIO Printer 922\dlbtmon.exe" [2007-02-28 431600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]
"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-12 73728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Keyboard Express 3.lnk - c:\program files\Keyboard Express 3\keyexp.exe [2010-5-20 3364352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 12:28 72208 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-09 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 198232]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1353304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 73816]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-04 15232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 84264]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2007-08-29 116264]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 164840]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-13 141792]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-09-15 188736]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 55840]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 198232]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1353304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 73816]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1227352]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 313288]
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 562464]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2011-02-20 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-05-21 14:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1787969973-3853490696-3738150907-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C57201AC-06E7-9A97-4D3E-370FCC5BB250}*]
"oagljfefmbkbenpecmabdbmehnbdml"=hex:69,61,64,69,69,64,6a,6a,6e,6f,62,63,6a,6c,
66,6a,63,67,00,00
"naampgfnkclfidbjbfddgefnahgh"=hex:69,61,64,69,69,64,6a,6a,6e,6f,62,63,6a,6c,
66,6a,63,67,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5076)
c:\program files\Keyboard Express 3\KEYHOOK.DLL
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\logishrd\Bluetooth\LBTServ.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlbtcoms.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\fxssvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Logitech\SetPoint\LBTWiz.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2011-03-02 23:29:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-02 23:28
ComboFix2.txt 2011-03-02 19:48
ComboFix3.txt 2011-03-02 17:02

Pre-Run: 189,115,326,464 bytes free
Post-Run: 188,855,164,928 bytes free

- - End Of File - - 7417996CBD54404CB93A67679BA8D31D




ESET Log to follow (currently scanning)

[woody55]

Results Screenshot Attached

[ken545]

Looking good, lets just check this file

You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again


c:\windows\system32\drivers\pxkbf.sys <--This file


If the site is busy you can try this one
http://virusscan.jotti.org/en

[woody55]

Hi There

I followed your instructions to the letter but that file doesn't show up ?