Troublesome virtumonde infection

M

marcop

New member
Hi,

My PC has been infected with Virtumonde, and it keeps coming back again and again. I've done the Kaspersky scan, (see below). However when I used Spybot in safe mode, Virtumonde was always found even though I've cleaned 4 times already. Grateful for any help you guys can give! Thanks!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 22, 2008 8:21:49 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/04/2008
Kaspersky Anti-Virus database records: 718713
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 196163
Number of viruses found: 6
Number of infected objects: 39
Number of suspicious objects: 0
Duration of the scan process: 03:23:18

Infected Object Name / Virus Name / Last Action
C:\boot\bcd Object is locked skipped
C:\boot\BCD.LOG Object is locked skipped
C:\is151942.exe Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Vonage\EasySetupGuide\Xtras\regxtra121.x32 Infected: Backdoor.Win32.RAdmin.ag skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1f06bdd465de983deb2273bf05d5d29e_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2b2effc925a836fafbfe6ab5b73fae7b_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2f14738406d1415380d61821ec9690e7_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4c06ac1796db8b2972548b9a5368701e_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4dd74855cd590dfeda3872e7da814677_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5c1a56bd2a1df4f7487a9fa7ce2cb3fd_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae469a39d43a8078b98963b014bf74c3_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c382082bbce79ebf4231939807966e21_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c571eabdf318f6b8af646d6d7e8e7f17_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f2c43cfb16d18beb675c2fa850972067_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\NetZero\Isp\BootExceptions.log Object is locked skipped
C:\ProgramData\NetZero\Isp\ExecExceptions.log Object is locked skipped
C:\ProgramData\NetZero\Isp\IspDblog.txt Object is locked skipped
C:\ProgramData\NetZero\Isp\MainExceptions.log Object is locked skipped
C:\ProgramData\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{37551BB3-07AF-4B6E-BA6F-0583FC4E95E4}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F88AE57A-C83B-4D79-B0FA-017A9D1275DA}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FFF41699-B03C-4BAE-BDE1-E5A6E1DDB61C}.DAT Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2008-04-21_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\Log.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\Shl_{C9AAC4A7-5CAA-49AB-BA08-1CDCBA97E206}.ldb Object is locked skipped
C:\ProgramData\Symantec\SPBBC\Shl_{C9AAC4A7-5CAA-49AB-BA08-1CDCBA97E206}.sds Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\9E3D4604.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\F727CA9D.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\marc\AppData\Local\Apple Computer\Safari\Cache.db Object is locked skipped
C:\Users\marc\AppData\Local\Apple Computer\Safari\WebpageIcons.db Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QFLZ49J\kriv[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.pmw skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QFLZ49J\kriv[2] Infected: not-a-virus:AdWare.Win32.Virtumonde.pmw skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BBQH5U2D\kriv[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.pmw skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDYXEAVF\idkfa[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.plw skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9A2OR8C\idkfa[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.pmx skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9A2OR8C\kriv[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.pmw skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCHAEVHL\idkfa[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.plw skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\UsrClass.dat{b7aad9ac-0835-11dc-98d2-0019d2593fe3}.TM.blf Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\UsrClass.dat{b7aad9ac-0835-11dc-98d2-0019d2593fe3}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\UsrClass.dat{b7aad9ac-0835-11dc-98d2-0019d2593fe3}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\marc\AppData\Local\Temp\tmp0001e0bd Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp0002c8d9 Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp0002eea2 Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp00030694 Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp000324de Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp000340a7 Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp00037223 Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp0003b1d1 Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp0003d0c6 Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp0003e474 Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp0003fb2f Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp0003fef6 Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp00041e87 Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp000457b0 Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp0004f797 Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp000567f5 Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp0006c8ab Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp00074401 Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp000f2413 Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp00163f9e Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Local\Temp\tmp01963b43 Infected: Packed.Win32.Monder.gen skipped
C:\Users\marc\AppData\Roaming\Apple Computer\Safari\PubSub\Database\Database.sqlite3 Object is locked skipped
C:\Users\marc\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\marc\Documents\personal_folder.pst/Archive Folders/Inbox/Personal/03 Sep 2005 06:35 from Marc Edwards:Text info/Windows_XP_Service_Pack_2_by_Unknown_www.crack.cd_.zip/WinXP keyChanger.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Users\marc\Documents\personal_folder.pst/Archive Folders/Inbox/Personal/03 Sep 2005 06:35 from Marc Edwards:Text info/Windows_XP_Service_Pack_2_by_Unknown_www.crack.cd_.zip/WinXP keyChanger.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Users\marc\Documents\personal_folder.pst/Archive Folders/Inbox/Personal/03 Sep 2005 06:35 from Marc Edwards:Text info/Windows_XP_Service_Pack_2_by_Unknown_www.crack.cd_.zip/WinXP keyChanger.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Users\marc\Documents\personal_folder.pst/Archive Folders/Inbox/Personal/03 Sep 2005 06:35 from Marc Edwards:Text info/Windows_XP_Service_Pack_2_by_Unknown_www.crack.cd_.zip/WinXP keyChanger.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Users\marc\Documents\personal_folder.pst/Archive Folders/Inbox/Personal/03 Sep 2005 06:35 from Marc Edwards:Text info/Windows_XP_Service_Pack_2_by_Unknown_www.crack.cd_.zip Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Users\marc\Documents\personal_folder.pst Mail MS Mail: infected - 5 skipped
C:\Users\marc\ntuser.dat Object is locked skipped
C:\Users\marc\ntuser.dat.LOG1 Object is locked skipped
C:\Users\marc\ntuser.dat.LOG2 Object is locked skipped
C:\Users\marc\ntuser.dat{9c53bf42-d22f-11dc-b3ed-0016d39ac21f}.TM.blf Object is locked skipped
C:\Users\marc\ntuser.dat{9c53bf42-d22f-11dc-b3ed-0016d39ac21f}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\marc\ntuser.dat{9c53bf42-d22f-11dc-b3ed-0016d39ac21f}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{9c53bf27-d22f-11dc-b3ed-0016d39ac21f}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{9c53bf27-d22f-11dc-b3ed-0016d39ac21f}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{9c53bf27-d22f-11dc-b3ed-0016d39ac21f}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{9c53bf27-d22f-11dc-b3ed-0016d39ac21f}.TxR.blf Object is locked skipped
C:\Windows\System32\Ikeext.etl Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\mljjhgf.dll Infected: Packed.Win32.Monder.gen skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\pmkhijh.dll Infected: Packed.Win32.Monder.gen skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\tusrr.dll Infected: Packed.Win32.Monder.gen skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\JETD3B2.tmp Object is locked skipped
C:\Windows\tracing\BAP.LOG Object is locked skipped
C:\Windows\tracing\IpHlpSvc.LOG Object is locked skipped
C:\Windows\tracing\kerberos\MARCANDLAN_kerberos_1_6_0_6000_0_0__300_6_0_6000_16386__vista_rtm_061101_2205_.etl Object is locked skipped
C:\Windows\tracing\KMDDSP.LOG Object is locked skipped
C:\Windows\tracing\NDPTSP.LOG Object is locked skipped
C:\Windows\tracing\PPP.LOG Object is locked skipped
C:\Windows\tracing\RASAPI32.LOG Object is locked skipped
C:\Windows\tracing\RASBACP.LOG Object is locked skipped
C:\Windows\tracing\RASCCP.LOG Object is locked skipped
C:\Windows\tracing\RASDLG.LOG Object is locked skipped
C:\Windows\tracing\RASEAP.LOG Object is locked skipped
C:\Windows\tracing\RASIPCP.LOG Object is locked skipped
C:\Windows\tracing\RASIPHLP.LOG Object is locked skipped
C:\Windows\tracing\RASIPV6CP.LOG Object is locked skipped
C:\Windows\tracing\RASMAN.LOG Object is locked skipped
C:\Windows\tracing\RASPAP.LOG Object is locked skipped
C:\Windows\tracing\RASQEC.LOG Object is locked skipped
C:\Windows\tracing\RASTAPI.LOG Object is locked skipped
C:\Windows\tracing\svchost_RASCHAP.LOG Object is locked skipped
C:\Windows\tracing\svchost_RASTLS.LOG Object is locked skipped
C:\Windows\tracing\tapi32.LOG Object is locked skipped
C:\Windows\tracing\tapisrv.LOG Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\Desktop.ini Object is locked skipped
D:\System Volume Information\Folder.htt Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\Protect.ed Object is locked skipped

Scan process completed.
 
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You are infected, I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
This can be a tough infection to remove so do not expect fast or easy.

Download Trend Micro Hijack This™
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.

Thanks
 
HJT Log

Hi, Here is the HJT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:46 AM, on 4/23/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_HK&c=71&bd=PRESARIO&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_HK&c=71&bd=PRESARIO&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_HK&c=71&bd=PRESARIO&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.114.24.140:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {3055295A-CCDD-44B2-9F73-D8E8E626E5C1} - C:\Windows\system32\tusrr.dll
O2 - BHO: (no name) - {32F5E0DD-0DB6-443A-B64D-0CA0BCD67F1D} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: (no name) - {60E13232-8249-4F65-A9DF-8464F9658EEB} - C:\Windows\system32\cbxvs.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8094D36F-C649-451E-A9C4-FB554213EFA1} - (no file)
O2 - BHO: (no name) - {86D6F38A-0E44-4D34-ABEF-FC6ED48851B4} - C:\Windows\system32\pmnon.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D4C4978C-A45A-4233-80D8-293AD2F90119} - C:\Windows\system32\ddcyx.dll
O2 - BHO: (no name) - {EA5C4F10-5963-4728-891C-AF6D44390704} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15035/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcf_device - - C:\Windows\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10931 bytes
 
Thaks for returning your information, proceed like this:

1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)

2) Remove any old copies of combofix before you proceed.

Thanks to sUBs and anyone else who helped with this fix.

It is important that it is saved directly to your Desktop

Download ComboFix from Here to your Desktop
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the combofix log and a new HJT log.

Tutorial if needed:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Thanks
 
Combofix log

Hi - here is the combofix log:

ComboFix 08-04-20.5 - marc 2008-04-23 1:16:17.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.146 [GMT 8:00]
Running from: C:\Users\marc\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\marc\AppData\Roaming\inst.exe
C:\Users\marc\g2mdlhlpx.exe
C:\Windows\system32\ddcyx.dll
C:\Windows\System32\edfii.ini
C:\Windows\System32\edfii.ini2
C:\Windows\System32\ivenyecr.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mljjhgf.dll
C:\Windows\System32\nonmp.ini
C:\Windows\System32\nonmp.ini2
C:\Windows\system32\pmkhijh.dll
C:\Windows\system32\rceynevi.dll
C:\Windows\System32\rrrqr.ini
C:\Windows\System32\rrrqr.ini2
C:\Windows\System32\svxbc.ini
C:\Windows\System32\svxbc.ini2
C:\Windows\system32\tusrr.dll
C:\Windows\system32\vxvwihks.dll
C:\Windows\System32\wwxyb.ini
C:\Windows\System32\wwxyb.ini2
C:\Windows\system32\x64
C:\Windows\System32\xycdd.ini
C:\Windows\System32\xycdd.ini2

.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.

2008-04-22 14:14 . 2008-04-22 14:14 <DIR> d-------- C:\Program Files\Callum Haywood
2008-04-21 22:14 . 2008-04-21 22:14 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-04-21 22:14 . 2008-04-21 22:14 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-21 19:56 . 2008-04-21 20:01 354 ---hs---- C:\Windows\System32\vwbtmugb.ini
2008-04-21 14:16 . 2008-04-21 14:16 294 ---hs---- C:\Windows\System32\lcnnnbiw.ini
2008-04-21 11:00 . 2008-04-21 11:00 114,261,565 --a------ C:\Windows\MEMORY.DMP
2008-04-21 04:24 . 2008-04-21 10:03 294 ---hs---- C:\Windows\System32\bnpygcaq.ini
2008-04-21 02:51 . 2008-04-21 03:04 294 ---hs---- C:\Windows\System32\wntodcts.ini
2008-04-21 01:34 . 2008-04-21 01:40 524,288 --ahs---- C:\ntuser.dat{1a5feb16-0eff-11dd-8801-0016d39ac21f}.TMContainer00000000000000000002.regtrans-ms
2008-04-21 01:34 . 2008-04-21 01:40 524,288 --ahs---- C:\ntuser.dat{1a5feb16-0eff-11dd-8801-0016d39ac21f}.TMContainer00000000000000000001.regtrans-ms
2008-04-21 01:34 . 2008-04-21 01:40 65,536 --ahs---- C:\ntuser.dat{1a5feb16-0eff-11dd-8801-0016d39ac21f}.TM.blf
2008-04-21 01:07 . 2008-04-21 01:23 524,288 --ahs---- C:\ntuser.dat{fbe136f2-0ed6-11dd-9e40-0016d39ac21f}.TMContainer00000000000000000002.regtrans-ms
2008-04-21 01:07 . 2008-04-21 01:23 524,288 --ahs---- C:\ntuser.dat{fbe136f2-0ed6-11dd-9e40-0016d39ac21f}.TMContainer00000000000000000001.regtrans-ms
2008-04-21 01:07 . 2008-04-21 01:23 65,536 --ahs---- C:\ntuser.dat{fbe136f2-0ed6-11dd-9e40-0016d39ac21f}.TM.blf
2008-04-20 22:44 . 2008-04-23 01:10 262,144 --a------ C:\ntuser.dat
2008-04-20 22:44 . 2008-04-23 01:10 5,120 --ah----- C:\ntuser.dat.LOG1
2008-04-20 22:44 . 2008-04-21 01:07 0 --ah----- C:\ntuser.dat.LOG2
2008-04-20 19:57 . 2008-04-21 02:37 <DIR> d-------- C:\ProgramData\Avira
2008-04-20 18:49 . 2008-04-20 19:44 294 ---hs---- C:\Windows\System32\esupnkkv.ini
2008-04-20 16:31 . 2008-04-20 16:31 294 ---hs---- C:\Windows\System32\oggpsmtc.ini
2008-04-20 16:06 . 2008-04-20 16:06 354 ---hs---- C:\Windows\System32\jaxxgeuc.ini
2008-04-20 15:33 . 2008-04-20 15:49 294 ---hs---- C:\Windows\System32\xkomnaho.ini
2008-04-20 14:17 . 2008-04-20 14:45 294 ---hs---- C:\Windows\System32\akvarykn.ini
2008-04-20 09:59 . 2008-04-20 09:59 294 ---hs---- C:\Windows\System32\pgenjlnr.ini
2008-04-20 09:14 . 2008-04-20 09:14 294 ---hs---- C:\Windows\System32\lduiglfn.ini
2008-04-20 08:20 . 2008-04-22 12:56 <DIR> d-------- C:\Program Files\AVIConverter
2008-04-19 22:43 . 2008-04-19 22:43 <DIR> d-------- C:\Users\marc\AppData\Roaming\dvdcss
2008-04-19 22:41 . 2008-04-19 22:41 <DIR> d-------- C:\Program Files\Xilisoft
2008-04-19 18:06 . 2008-04-19 18:06 <DIR> d-------- C:\Program Files\Xvid
2008-04-19 18:06 . 2008-04-12 07:30 765,952 --a------ C:\Windows\System32\xvidcore.dll
2008-04-19 18:06 . 2008-04-12 07:41 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-04-19 18:06 . 2007-06-28 18:55 77,824 --a------ C:\Windows\System32\xvid.ax
2008-04-19 10:34 . 2008-04-22 11:54 1,607 --a------ C:\Windows\wininit.ini
2008-04-19 10:03 . 2008-04-20 07:38 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-19 10:03 . 2008-04-19 10:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-19 05:10 . 2008-04-19 09:07 354 ---hs---- C:\Windows\System32\nyclmjem.ini
2008-04-19 05:05 . 2008-04-19 01:33 594 --ahs---- C:\Windows\System32\hptgbujr.ini
2008-04-19 04:18 . 2008-04-19 04:19 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-19 04:18 . 2008-04-19 04:18 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-19 04:15 . 2008-04-19 04:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 04:10 . 2008-04-19 04:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-19 01:33 . 2008-04-19 01:33 594 ---hs---- C:\Windows\System32\vblmhuhj.ini
2008-04-18 17:22 . 2008-04-19 01:16 534 ---hs---- C:\Windows\System32\xrabaljg.ini
2008-04-18 16:56 . 2008-04-18 17:08 354 ---hs---- C:\Windows\System32\dcuivhiy.ini
2008-04-18 10:29 . 2008-04-18 10:29 <DIR> d-------- C:\Program Files\BadgerIT
2008-04-18 00:53 . 2008-04-18 00:53 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-17 16:54 . 2008-04-17 23:30 714 ---hs---- C:\Windows\System32\lrftptws.ini
2008-04-17 11:43 . 2008-04-17 11:43 139,220 --ah----- C:\Windows\System32\mlfcache.dat
2008-04-17 09:06 . 2008-04-19 23:34 <DIR> d-------- C:\Program Files\Handbrake
2008-04-17 08:18 . 2008-04-17 16:53 534 ---hs---- C:\Windows\System32\ettbhiwp.ini
2008-04-17 01:10 . 2008-04-17 01:10 923 --a------ C:\Users\Public\web design (comhkgsr001) (Z) - Shortcut.lnk
2008-04-16 08:08 . 2008-04-16 08:08 <DIR> d-------- C:\ProgramData\FLEXnet
2008-04-14 23:43 . 2008-04-14 23:47 <DIR> d-------- C:\Users\marc\AppData\Roaming\REAPER
2008-04-14 23:42 . 2008-04-14 23:43 <DIR> d-------- C:\Program Files\REAPER
2008-04-10 02:33 . 2008-04-10 02:33 <DIR> d-------- C:\Users\marc\AppData\Roaming\Symantec
2008-04-10 02:27 . 2008-04-10 02:31 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-04-10 02:25 . 2008-04-10 02:30 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-04-10 02:25 . 2008-04-10 02:30 10,563 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-04-10 02:25 . 2008-04-10 02:30 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-04-10 01:58 . 2008-04-10 02:24 14,992 --a------ C:\ProgramData\LUUnInstall.LiveUpdate
2008-04-09 11:07 . 2008-02-15 07:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 11:07 . 2008-02-19 13:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 11:07 . 2008-02-29 14:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 11:07 . 2008-02-29 14:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 11:07 . 2008-02-29 14:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 11:07 . 2008-02-29 14:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 11:07 . 2008-02-29 14:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 11:07 . 2008-02-29 14:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-09 11:07 . 2008-02-29 14:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 11:01 . 2008-02-29 12:16 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-07 09:43 . 2008-04-20 15:14 <DIR> d-------- C:\Program Files\Safari
2008-04-07 09:41 . 2008-04-07 09:41 <DIR> d-------- C:\Program Files\iTunes
2008-04-07 09:41 . 2008-04-07 09:41 <DIR> d-------- C:\Program Files\iPod
2008-04-07 09:09 . 2008-04-07 09:09 <DIR> d-------- C:\ProgramData\Symantec Temporary Files
2008-04-02 01:20 . 2008-04-02 01:21 <DIR> d-------- C:\Program Files\SPMP3050 Transcoding Tool
2008-04-02 01:19 . 2008-04-02 01:19 <DIR> d-------- C:\Program Files\QuickTime Alternative
2008-04-02 01:19 . 2008-04-02 01:19 <DIR> d-------- C:\Program Files\Media Player Classic
2008-03-31 15:47 . 2006-06-12 16:36 241,664 --a------ C:\Windows\System32\hppapr04.dll
2008-03-31 15:47 . 2006-06-12 16:36 526 --a------ C:\Windows\System32\hppapr04.dat
2008-03-30 17:37 . 2008-03-30 17:56 948,338,688 --a------ C:\image.iso
2008-03-30 14:57 . 2008-03-30 16:01 <DIR> d-------- C:\Users\marc\AppData\Roaming\muvee Technologies
2008-03-30 14:57 . 2008-03-30 14:57 <DIR> d-------- C:\ProgramData\muvee Technologies
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-03-28 14:08 . 2008-03-28 14:08 <DIR> d-------- C:\Users\marc\AppData\Roaming\AdobeUM
2008-03-27 18:33 . 2008-03-27 18:33 <DIR> d-------- C:\ProgramData\Macrovision
2008-03-27 18:33 . 2008-03-27 18:33 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-27 18:14 . 2008-03-27 18:14 <DIR> d-------- C:\Windows\System32\Adobe
2008-03-27 18:14 . 2001-10-27 05:16 16,384 --a------ C:\Windows\System32\FileOps.exe
2008-03-27 11:36 . 2008-03-27 11:36 <DIR> d-------- C:\Program Files\SAMSUNG
2008-03-25 16:59 . 2008-03-25 18:11 <DIR> d-------- C:\Users\marc\AppData\Roaming\PSpad
2008-03-25 16:59 . 2008-03-25 16:59 <DIR> d-------- C:\Program Files\PSPad editor
2008-03-25 01:32 . 2008-03-25 01:32 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-03-22 11:42 . 2008-03-22 11:42 <DIR> d-------- C:\Users\Public\Pimsleur

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 07:10 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 03:16 --------- d-----w C:\ProgramData\Roxio
2008-04-17 17:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-17 03:20 --------- d-----w C:\Users\marc\AppData\Roaming\Apple Computer
2008-04-15 11:55 --------- d-----w C:\Users\marc\AppData\Roaming\Roxio
2008-04-15 10:23 --------- d-----w C:\Users\marc\AppData\Roaming\Orbit
2008-04-09 19:13 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 18:51 --------- d-----w C:\ProgramData\Symantec
2008-04-09 18:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-09 18:30 --------- d-----w C:\Program Files\Symantec
2008-04-08 15:42 --------- d-----w C:\Users\marc\AppData\Roaming\.BitTornado
2008-04-07 01:37 --------- d-----w C:\Program Files\QuickTime
2008-04-01 17:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 03:02 80,224 ----a-w C:\Users\marc\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-03-20 10:00 --------- d-----w C:\Program Files\WhosOnV4
2008-03-19 10:51 --------- d-----w C:\Users\marc\AppData\Roaming\Canon
2008-03-14 01:59 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-14 01:59 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-11 06:44 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-11 06:39 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-03-11 06:39 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-03-11 06:39 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-03-11 06:39 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-03-11 06:39 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-03-11 06:39 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-03-11 06:39 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-03-11 06:39 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-03-11 06:35 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-11 06:35 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-03-11 06:35 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-11 06:35 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-11 06:35 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-03-11 06:35 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-11 06:34 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-11 06:34 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-11 06:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-11 06:33 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-11 06:33 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-11 06:33 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-11 06:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-06 15:14 --------- d-----w C:\ProgramData\Apple Computer
2008-03-06 15:13 --------- d-----w C:\Program Files\Bonjour
2008-03-06 15:05 --------- d-----w C:\ProgramData\Apple
2008-03-06 15:05 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-06 13:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 13:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 13:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-03-06 08:57 --------- d-----w C:\Program Files\Creative
2008-03-06 05:43 --------- d-----w C:\Users\marc\AppData\Roaming\AccurateRip
2008-03-06 05:42 --------- d-----w C:\Program Files\Illustrate
2008-03-06 05:19 --------- d-----w C:\Users\marc\AppData\Roaming\Creative
2008-03-05 07:02 --------- d-----w C:\Program Files\Citrix
2008-03-05 05:42 --------- d-----w C:\Program Files\TryMedia
2008-03-05 05:36 --------- d-----w C:\Program Files\Ubisoft
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-08-30 19:13 174 --sha-w C:\Program Files\desktop.ini
2007-05-31 09:12 47,360 ----a-w C:\Users\marc\AppData\Roaming\pcouffin.sys
2007-07-30 03:54 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-07-30 03:54 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-07-30 03:54 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-05-24 07:30 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-07 12:05 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60E13232-8249-4F65-A9DF-8464F9658EEB}]
C:\Windows\system32\cbxvs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-10 02:29 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86D6F38A-0E44-4D34-ABEF-FC6ED48851B4}]
C:\Windows\system32\pmnon.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll" [2008-02-07 12:05 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-02-07 12:05 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 03:03 1232896]
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [2007-09-27 02:14 1629184]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-23 03:05 1006264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-27 18:07:53 110592]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM5cd467e3"=Rundll32.exe "C:\Windows\system32\imtkjiyd.dll",s
"MSServer"=rundll32.exe C:\Windows\system32\tusrr.dll,#1
"5fe7547f"=rundll32.exe "C:\Windows\system32\qacgypnb.dll",b
"Persistence"=C:\Windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8CBA5C89-719E-478F-9408-CFB560C2AB90}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{F04927A9-D2BB-46A6-B4EC-FCC01AA24839}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{FB1D52C0-4BEE-4A01-B1D4-4D8BC021DA9F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2DD0BD0E-575F-45D5-838B-A222E03F6AA2}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7BD66417-EF4F-4448-9BB4-9DFFC0E2F24D}"= UDP:C:\Windows\System32\dlcfcoms.exe:Lexmark Communications System
"{247F1543-601F-4C37-8E47-5CD13D9622FD}"= TCP:C:\Windows\System32\dlcfcoms.exe:Lexmark Communications System
"{2FEA220B-D0C8-41A2-96EB-F2E3FF9B4B71}"= UDP:3306:MySQL Port (Marc)
"{3E2577B6-5A8C-4B32-BE95-DE034E08D3A6}"= UDP:F:\Program Files\Real\RealPlayer\realplay.exe:RealPlayer
"{1A7A1B7D-9EAE-403C-8CBA-51C21D3BBAE5}"= TCP:F:\Program Files\Real\RealPlayer\realplay.exe:RealPlayer
"{806FB5F3-2E36-4786-AF2F-3888CAE08B46}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{9A91845D-730A-4D7E-ADA0-E83E3E483ADA}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{25773243-D712-4848-9C98-B7E606EFF9D1}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{9C887C07-CE19-41A1-B084-A0CD0699D217}"= UDP:990:LocalSubnet:LocalSubnet|IF={ABC4C6D1-8C06-455C-9D30-C8718653D291}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{8D878A77-CF27-4366-ABD5-DAF4FC736937}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{C2E9A0BC-E07E-4760-B360-262C411431B3}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{00895AE0-402C-464E-A37D-5D8A029928E6}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E683384E-5A83-4693-81BC-7EE9D9458694}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{476C7379-63CC-4A02-9F2F-A77BA0AEAC3A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{908FD1CE-5251-4E01-A5F1-6FB1A8628C99}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080421.001\IDSvix86.sys [2008-03-21 04:37]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 17:45]
R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2006-11-22 09:52]
R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 17:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 00:44]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-02-06 03:34]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-02-07 17:16]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 15:30]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36c368e7-8795-11dc-b634-0019d2593fe3}]
\shell\1\Command - autorun.pif
\shell\2\Command - autorun.pif
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e51882d-2a11-11dc-88d8-0016d39ac21f}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57cc384d-b1e9-11dc-85e1-0016d39ac21f}]
\shell\1\Command - G:\autorun.pif
\shell\2\Command - G:\autorun.pif
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\autorun.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcc7763e-ef5d-11dc-938e-0016d39ac21f}]
\shell\1\Command - I:\autorun.pif
\shell\2\Command - I:\autorun.pif
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\autorun.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b5c80f-4151-11dc-980d-0016d39ac21f}]
\shell\1\Command - G:\autorun.pif
\shell\2\Command - G:\autorun.pif
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\autorun.pif

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-20 09:22:45 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - marc.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-04-22 00:25:06 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK /AUTOFIX /AUTOCLOSE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 01:33:24
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\dlcfcoms.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-04-23 1:41:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 17:40:50

Pre-Run: 4,528,734,208 bytes free
Post-Run: 7,312,084,992 bytes free

349 --- E O F --- 2008-04-09 19:06:40
 
Hijack This log

Here is the HJT log. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:29 AM, on 4/23/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NetZero\exec.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_HK&c=71&bd=PRESARIO&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_HK&c=71&bd=PRESARIO&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: (no name) - {60E13232-8249-4F65-A9DF-8464F9658EEB} - C:\Windows\system32\cbxvs.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {86D6F38A-0E44-4D34-ABEF-FC6ED48851B4} - C:\Windows\system32\pmnon.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15035/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcf_device - - C:\Windows\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9662 bytes
 
Thanks for returning your information proceed like this:

1) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.
Notes for Windows Vista users from the tool creator:
On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"
Prefetch has been disabled on Windows Vista. As I'm not sure the effects that emptying prefetch on Windows Vista will have for the time being it I won't enable that function.
Click to expand...

2) Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
C:\Windows\System32\vwbtmugb.ini
C:\Windows\System32\lcnnnbiw.ini
C:\Windows\System32\bnpygcaq.ini
C:\Windows\System32\wntodcts.ini
C:\Windows\System32\esupnkkv.ini
C:\Windows\System32\oggpsmtc.ini
C:\Windows\System32\jaxxgeuc.ini
C:\Windows\System32\xkomnaho.ini
C:\Windows\System32\akvarykn.ini
C:\Windows\System32\pgenjlnr.ini
C:\Windows\System32\lduiglfn.ini
C:\Windows\System32\nyclmjem.ini
C:\Windows\System32\hptgbujr.ini
C:\Windows\System32\vblmhuhj.ini
C:\Windows\System32\xrabaljg.ini
C:\Windows\System32\dcuivhiy.ini
C:\Windows\System32\lrftptws.ini
C:\Windows\System32\ettbhiwp.ini

Save this as CFScript

CFScript.gif


Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(you may leave the first two HP redirects if you need them)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ARIO&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ARIO&pf=laptop

O2 - BHO: (no name) - {60E13232-8249-4F65-A9DF-8464F9658EEB} - C:\Windows\system32\cbxvs.dll (file missing)
O2 - BHO: (no name) - {86D6F38A-0E44-4D34-ABEF-FC6ED48851B4} - C:\Windows\system32\pmnon.dll (file missing)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

4) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart and post the combofix log, a new HJT log and tell me how the computer is running now.

Thanks
 
Combofix log

Hi, here is the Combofix log:

ComboFix 08-04-20.5 - marc 2008-04-23 8:08:17.2 - NTFSx86
Running from: C:\Users\marc\Desktop\ComboFix.exe
Command switches used :: C:\Users\marc\Desktop\CFScript.txt

FILE ::
C:\Windows\System32\akvarykn.ini
C:\Windows\System32\bnpygcaq.ini
C:\Windows\System32\dcuivhiy.ini
C:\Windows\System32\esupnkkv.ini
C:\Windows\System32\ettbhiwp.ini
C:\Windows\System32\hptgbujr.ini
C:\Windows\System32\jaxxgeuc.ini
C:\Windows\System32\lcnnnbiw.ini
C:\Windows\System32\lduiglfn.ini
C:\Windows\System32\lrftptws.ini
C:\Windows\System32\nyclmjem.ini
C:\Windows\System32\oggpsmtc.ini
C:\Windows\System32\pgenjlnr.ini
C:\Windows\System32\vblmhuhj.ini
C:\Windows\System32\vwbtmugb.ini
C:\Windows\System32\wntodcts.ini
C:\Windows\System32\xkomnaho.ini
C:\Windows\System32\xrabaljg.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\akvarykn.ini
C:\Windows\System32\bnpygcaq.ini
C:\Windows\System32\dcuivhiy.ini
C:\Windows\System32\esupnkkv.ini
C:\Windows\System32\ettbhiwp.ini
C:\Windows\System32\hptgbujr.ini
C:\Windows\System32\jaxxgeuc.ini
C:\Windows\System32\lcnnnbiw.ini
C:\Windows\System32\lduiglfn.ini
C:\Windows\System32\lrftptws.ini
C:\Windows\System32\nyclmjem.ini
C:\Windows\System32\oggpsmtc.ini
C:\Windows\System32\pgenjlnr.ini
C:\Windows\System32\vblmhuhj.ini
C:\Windows\System32\vwbtmugb.ini
C:\Windows\System32\wntodcts.ini
C:\Windows\System32\xkomnaho.ini
C:\Windows\System32\xrabaljg.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-22 14:14 . 2008-04-22 14:14 <DIR> d-------- C:\Program Files\Callum Haywood
2008-04-21 22:14 . 2008-04-21 22:14 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-04-21 22:14 . 2008-04-21 22:14 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-21 11:00 . 2008-04-21 11:00 114,261,565 --a------ C:\Windows\MEMORY.DMP
2008-04-21 01:34 . 2008-04-21 01:40 524,288 --ahs---- C:\ntuser.dat{1a5feb16-0eff-11dd-8801-0016d39ac21f}.TMContainer00000000000000000002.regtrans-ms
2008-04-21 01:34 . 2008-04-21 01:40 524,288 --ahs---- C:\ntuser.dat{1a5feb16-0eff-11dd-8801-0016d39ac21f}.TMContainer00000000000000000001.regtrans-ms
2008-04-21 01:34 . 2008-04-21 01:40 65,536 --ahs---- C:\ntuser.dat{1a5feb16-0eff-11dd-8801-0016d39ac21f}.TM.blf
2008-04-21 01:07 . 2008-04-21 01:23 524,288 --ahs---- C:\ntuser.dat{fbe136f2-0ed6-11dd-9e40-0016d39ac21f}.TMContainer00000000000000000002.regtrans-ms
2008-04-21 01:07 . 2008-04-21 01:23 524,288 --ahs---- C:\ntuser.dat{fbe136f2-0ed6-11dd-9e40-0016d39ac21f}.TMContainer00000000000000000001.regtrans-ms
2008-04-21 01:07 . 2008-04-21 01:23 65,536 --ahs---- C:\ntuser.dat{fbe136f2-0ed6-11dd-9e40-0016d39ac21f}.TM.blf
2008-04-20 22:44 . 2008-04-23 08:00 262,144 --a------ C:\ntuser.dat
2008-04-20 22:44 . 2008-04-23 08:00 5,120 --ah----- C:\ntuser.dat.LOG1
2008-04-20 22:44 . 2008-04-21 01:07 0 --ah----- C:\ntuser.dat.LOG2
2008-04-20 19:57 . 2008-04-21 02:37 <DIR> d-------- C:\ProgramData\Avira
2008-04-20 08:20 . 2008-04-22 12:56 <DIR> d-------- C:\Program Files\AVIConverter
2008-04-19 22:43 . 2008-04-19 22:43 <DIR> d-------- C:\Users\marc\AppData\Roaming\dvdcss
2008-04-19 22:41 . 2008-04-19 22:41 <DIR> d-------- C:\Program Files\Xilisoft
2008-04-19 18:06 . 2008-04-19 18:06 <DIR> d-------- C:\Program Files\Xvid
2008-04-19 18:06 . 2008-04-12 07:30 765,952 --a------ C:\Windows\System32\xvidcore.dll
2008-04-19 18:06 . 2008-04-12 07:41 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-04-19 18:06 . 2007-06-28 18:55 77,824 --a------ C:\Windows\System32\xvid.ax
2008-04-19 10:34 . 2008-04-22 11:54 1,607 --a------ C:\Windows\wininit.ini
2008-04-19 10:03 . 2008-04-20 07:38 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-19 10:03 . 2008-04-19 10:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-19 04:18 . 2008-04-19 04:19 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-19 04:18 . 2008-04-19 04:18 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-19 04:15 . 2008-04-19 04:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 04:10 . 2008-04-19 04:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-18 10:29 . 2008-04-18 10:29 <DIR> d-------- C:\Program Files\BadgerIT
2008-04-18 00:53 . 2008-04-18 00:53 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-17 11:43 . 2008-04-17 11:43 139,220 --ah----- C:\Windows\System32\mlfcache.dat
2008-04-17 09:06 . 2008-04-19 23:34 <DIR> d-------- C:\Program Files\Handbrake
2008-04-17 01:10 . 2008-04-17 01:10 923 --a------ C:\Users\Public\web design (comhkgsr001) (Z) - Shortcut.lnk
2008-04-16 08:08 . 2008-04-16 08:08 <DIR> d-------- C:\ProgramData\FLEXnet
2008-04-14 23:43 . 2008-04-14 23:47 <DIR> d-------- C:\Users\marc\AppData\Roaming\REAPER
2008-04-14 23:42 . 2008-04-14 23:43 <DIR> d-------- C:\Program Files\REAPER
2008-04-10 02:33 . 2008-04-10 02:33 <DIR> d-------- C:\Users\marc\AppData\Roaming\Symantec
2008-04-10 02:27 . 2008-04-10 02:31 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-04-10 02:25 . 2008-04-10 02:30 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-04-10 02:25 . 2008-04-10 02:30 10,563 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-04-10 02:25 . 2008-04-10 02:30 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-04-10 01:58 . 2008-04-10 02:24 14,992 --a------ C:\ProgramData\LUUnInstall.LiveUpdate
2008-04-09 11:07 . 2008-02-15 07:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 11:07 . 2008-02-19 13:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 11:07 . 2008-02-29 14:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 11:07 . 2008-02-29 14:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 11:07 . 2008-02-29 14:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 11:07 . 2008-02-29 14:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 11:07 . 2008-02-29 14:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 11:07 . 2008-02-29 14:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-09 11:07 . 2008-02-29 14:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 11:01 . 2008-02-29 12:16 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-07 09:43 . 2008-04-20 15:14 <DIR> d-------- C:\Program Files\Safari
2008-04-07 09:41 . 2008-04-07 09:41 <DIR> d-------- C:\Program Files\iTunes
2008-04-07 09:41 . 2008-04-07 09:41 <DIR> d-------- C:\Program Files\iPod
2008-04-07 09:09 . 2008-04-07 09:09 <DIR> d-------- C:\ProgramData\Symantec Temporary Files
2008-04-02 01:20 . 2008-04-02 01:21 <DIR> d-------- C:\Program Files\SPMP3050 Transcoding Tool
2008-04-02 01:19 . 2008-04-02 01:19 <DIR> d-------- C:\Program Files\QuickTime Alternative
2008-04-02 01:19 . 2008-04-02 01:19 <DIR> d-------- C:\Program Files\Media Player Classic
2008-03-31 15:47 . 2006-06-12 16:36 241,664 --a------ C:\Windows\System32\hppapr04.dll
2008-03-31 15:47 . 2006-06-12 16:36 526 --a------ C:\Windows\System32\hppapr04.dat
2008-03-30 17:37 . 2008-03-30 17:56 948,338,688 --a------ C:\image.iso
2008-03-30 14:57 . 2008-03-30 16:01 <DIR> d-------- C:\Users\marc\AppData\Roaming\muvee Technologies
2008-03-30 14:57 . 2008-03-30 14:57 <DIR> d-------- C:\ProgramData\muvee Technologies
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-03-28 14:08 . 2008-03-28 14:08 <DIR> d-------- C:\Users\marc\AppData\Roaming\AdobeUM
2008-03-27 18:33 . 2008-03-27 18:33 <DIR> d-------- C:\ProgramData\Macrovision
2008-03-27 18:33 . 2008-03-27 18:33 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-27 18:14 . 2008-03-27 18:14 <DIR> d-------- C:\Windows\System32\Adobe
2008-03-27 18:14 . 2001-10-27 05:16 16,384 --a------ C:\Windows\System32\FileOps.exe
2008-03-27 11:36 . 2008-03-27 11:36 <DIR> d-------- C:\Program Files\SAMSUNG
2008-03-25 16:59 . 2008-03-25 18:11 <DIR> d-------- C:\Users\marc\AppData\Roaming\PSpad
2008-03-25 16:59 . 2008-03-25 16:59 <DIR> d-------- C:\Program Files\PSPad editor
2008-03-25 01:32 . 2008-03-25 01:32 <DIR> d-------- C:\Program Files\AviSynth 2.5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 07:10 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 03:16 --------- d-----w C:\ProgramData\Roxio
2008-04-17 17:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-17 03:20 --------- d-----w C:\Users\marc\AppData\Roaming\Apple Computer
2008-04-15 11:55 --------- d-----w C:\Users\marc\AppData\Roaming\Roxio
2008-04-15 10:23 --------- d-----w C:\Users\marc\AppData\Roaming\Orbit
2008-04-09 19:13 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 18:51 --------- d-----w C:\ProgramData\Symantec
2008-04-09 18:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-09 18:30 --------- d-----w C:\Program Files\Symantec
2008-04-08 15:42 --------- d-----w C:\Users\marc\AppData\Roaming\.BitTornado
2008-04-07 01:37 --------- d-----w C:\Program Files\QuickTime
2008-04-01 17:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 03:02 80,224 ----a-w C:\Users\marc\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-03-20 10:00 --------- d-----w C:\Program Files\WhosOnV4
2008-03-19 10:51 --------- d-----w C:\Users\marc\AppData\Roaming\Canon
2008-03-14 01:59 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-14 01:59 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-11 06:44 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-11 06:39 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-03-11 06:39 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-03-11 06:39 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-03-11 06:39 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-03-11 06:39 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-03-11 06:39 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-03-11 06:39 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-03-11 06:39 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-03-11 06:35 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-11 06:35 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-03-11 06:35 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-11 06:35 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-11 06:35 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-03-11 06:35 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-11 06:34 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-11 06:34 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-11 06:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-11 06:33 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-11 06:33 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-11 06:33 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-11 06:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-06 15:14 --------- d-----w C:\ProgramData\Apple Computer
2008-03-06 15:13 --------- d-----w C:\Program Files\Bonjour
2008-03-06 15:05 --------- d-----w C:\ProgramData\Apple
2008-03-06 15:05 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-06 13:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 13:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 13:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-03-06 08:57 --------- d-----w C:\Program Files\Creative
2008-03-06 05:43 --------- d-----w C:\Users\marc\AppData\Roaming\AccurateRip
2008-03-06 05:42 --------- d-----w C:\Program Files\Illustrate
2008-03-06 05:19 --------- d-----w C:\Users\marc\AppData\Roaming\Creative
2008-03-05 07:02 --------- d-----w C:\Program Files\Citrix
2008-03-05 05:42 --------- d-----w C:\Program Files\TryMedia
2008-03-05 05:36 --------- d-----w C:\Program Files\Ubisoft
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-08-30 19:13 174 --sha-w C:\Program Files\desktop.ini
2007-05-31 09:12 47,360 ----a-w C:\Users\marc\AppData\Roaming\pcouffin.sys
2007-07-30 03:54 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-07-30 03:54 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-07-30 03:54 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-05-24 07:30 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-23_ 1.40.14.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-22 17:33:07 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-23 00:14:37 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-04-22 17:14:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-23 00:00:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-22 17:14:26 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-23 00:00:39 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-22 17:14:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-23 00:00:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-22 13:39:34 68,890 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-22 17:35:07 68,960 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-07 12:05 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60E13232-8249-4F65-A9DF-8464F9658EEB}]
C:\Windows\system32\cbxvs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-10 02:29 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86D6F38A-0E44-4D34-ABEF-FC6ED48851B4}]
C:\Windows\system32\pmnon.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll" [2008-02-07 12:05 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-02-07 12:05 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 03:03 1232896]
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [2007-09-27 02:14 1629184]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-23 03:05 1006264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-27 18:07:53 110592]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM5cd467e3"=Rundll32.exe "C:\Windows\system32\imtkjiyd.dll",s
"MSServer"=rundll32.exe C:\Windows\system32\tusrr.dll,#1
"5fe7547f"=rundll32.exe "C:\Windows\system32\qacgypnb.dll",b
"Persistence"=C:\Windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8CBA5C89-719E-478F-9408-CFB560C2AB90}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{F04927A9-D2BB-46A6-B4EC-FCC01AA24839}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{FB1D52C0-4BEE-4A01-B1D4-4D8BC021DA9F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2DD0BD0E-575F-45D5-838B-A222E03F6AA2}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7BD66417-EF4F-4448-9BB4-9DFFC0E2F24D}"= UDP:C:\Windows\System32\dlcfcoms.exe:Lexmark Communications System
"{247F1543-601F-4C37-8E47-5CD13D9622FD}"= TCP:C:\Windows\System32\dlcfcoms.exe:Lexmark Communications System
"{2FEA220B-D0C8-41A2-96EB-F2E3FF9B4B71}"= UDP:3306:MySQL Port (Marc)
"{3E2577B6-5A8C-4B32-BE95-DE034E08D3A6}"= UDP:F:\Program Files\Real\RealPlayer\realplay.exe:RealPlayer
"{1A7A1B7D-9EAE-403C-8CBA-51C21D3BBAE5}"= TCP:F:\Program Files\Real\RealPlayer\realplay.exe:RealPlayer
"{806FB5F3-2E36-4786-AF2F-3888CAE08B46}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{9A91845D-730A-4D7E-ADA0-E83E3E483ADA}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{25773243-D712-4848-9C98-B7E606EFF9D1}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{9C887C07-CE19-41A1-B084-A0CD0699D217}"= UDP:990:LocalSubnet:LocalSubnet|IF={ABC4C6D1-8C06-455C-9D30-C8718653D291}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{8D878A77-CF27-4366-ABD5-DAF4FC736937}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{C2E9A0BC-E07E-4760-B360-262C411431B3}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{00895AE0-402C-464E-A37D-5D8A029928E6}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E683384E-5A83-4693-81BC-7EE9D9458694}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{476C7379-63CC-4A02-9F2F-A77BA0AEAC3A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{908FD1CE-5251-4E01-A5F1-6FB1A8628C99}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080421.001\IDSvix86.sys [2008-03-21 04:37]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 17:45]
R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2006-11-22 09:52]
R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 17:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 00:44]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-02-06 03:34]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-02-07 17:16]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 15:30]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36c368e7-8795-11dc-b634-0019d2593fe3}]
\shell\1\Command - autorun.pif
\shell\2\Command - autorun.pif
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e51882d-2a11-11dc-88d8-0016d39ac21f}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57cc384d-b1e9-11dc-85e1-0016d39ac21f}]
\shell\1\Command - G:\autorun.pif
\shell\2\Command - G:\autorun.pif
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\autorun.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcc7763e-ef5d-11dc-938e-0016d39ac21f}]
\shell\1\Command - I:\autorun.pif
\shell\2\Command - I:\autorun.pif
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\autorun.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b5c80f-4151-11dc-980d-0016d39ac21f}]
\shell\1\Command - G:\autorun.pif
\shell\2\Command - G:\autorun.pif
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\autorun.pif

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-20 09:22:45 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - marc.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
"2008-04-23 00:00:57 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK /AUTOFIX /AUTOCLOSE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 08:14:55
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-23 8:20:56
ComboFix-quarantined-files.txt 2008-04-23 00:20:34
ComboFix2.txt 2008-04-22 17:41:28

Pre-Run: 6,916,960,256 bytes free
Post-Run: 6,783,188,992 bytes free

338 --- E O F --- 2008-04-09 19:06:40
 
New HijackThis Log

And here is the new HJT log. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:15 AM, on 4/23/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NetZero\exec.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_HK&c=71&bd=PRESARIO&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_HK&c=71&bd=PRESARIO&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.114.24.140:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15035/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcf_device - - C:\Windows\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9556 bytes
 
and tell me how the computer is running now
Click to expand...
Remove combofix and the C:\Qoobox\Quarantine folder.

KASPERSKY ONLINE SCANNER REPORT Tuesday, April 22, 2008 8:21:49 AM

Check these areas before we run a new scan.

1) C:\is151942.exe <<< delete if there

2) C:\Program Files\Vonage\EasySetupGuide\Xtras\regxtra121.x32 ------> Backdoor.Win32.RAdmin.ag

3) C:\Users\marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\ <<< delete the contents

4) C:\Users\marc\AppData\Local\Temp\ <<< delete the contents

5) C:\Users\marc\Documents\personal_folder.pst/Archive Folders/Inbox/Personal/03 Sep 2005 06:35 from Marc Edwards:Text info/Windows_XP_Service_Pack_2_by_Unknown_www.crack.cd_.zip/WinXP keyChanger.exe/data.rar/xpkey.exe ------> PSWTool.Win32.RAS.a skipped
(not sure what this is? Is it legal? You can scan it here: http://virusscan.jotti.org/ I will highlite in red what is supposed to be infected)

Empty the Recycle Bin and restart the computer, the run a Kaspersky Online Scan using these settings.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

Then post it here.

Thanks
 
New Kaspersky log

Hi. OK, here's the new scan result:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, April 24, 2008 8:01:40 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/04/2008
Kaspersky Anti-Virus database records: 646304
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 191996
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 02:28:39

Infected Object Name / Virus Name / Last Action
C:\boot\bcd Object is locked skipped
C:\boot\BCD.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1f06bdd465de983deb2273bf05d5d29e_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2b2effc925a836fafbfe6ab5b73fae7b_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2f14738406d1415380d61821ec9690e7_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4c06ac1796db8b2972548b9a5368701e_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4dd74855cd590dfeda3872e7da814677_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5c1a56bd2a1df4f7487a9fa7ce2cb3fd_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae469a39d43a8078b98963b014bf74c3_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c382082bbce79ebf4231939807966e21_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c571eabdf318f6b8af646d6d7e8e7f17_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f2c43cfb16d18beb675c2fa850972067_cbfecabc-f6dc-4cf1-abca-86c5dae1869f Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\NetZero\Isp\BootExceptions.log Object is locked skipped
C:\ProgramData\NetZero\Isp\ExecExceptions.log Object is locked skipped
C:\ProgramData\NetZero\Isp\IspDblog.txt Object is locked skipped
C:\ProgramData\NetZero\Isp\MainExceptions.log Object is locked skipped
C:\ProgramData\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{39A54873-9EA7-4304-9210-7081DBFAAC48}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{947A8B7D-044A-491F-B186-1B67E25659CA}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F5E9B649-CB3E-419D-A498-75E0CA3371BF}.DAT Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2008-04-24_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\Shl_{C9AAC4A7-5CAA-49AB-BA08-1CDCBA97E206}.ldb Object is locked skipped
C:\ProgramData\Symantec\SPBBC\Shl_{C9AAC4A7-5CAA-49AB-BA08-1CDCBA97E206}.sds Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\9D440A02.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\B6367E81.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\marc\AppData\Local\Apple Computer\Safari\Cache.db Object is locked skipped
C:\Users\marc\AppData\Local\Apple Computer\Safari\WebpageIcons.db Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008042420080425\index.dat Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\UsrClass.dat{b7aad9ac-0835-11dc-98d2-0019d2593fe3}.TM.blf Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\UsrClass.dat{b7aad9ac-0835-11dc-98d2-0019d2593fe3}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows\UsrClass.dat{b7aad9ac-0835-11dc-98d2-0019d2593fe3}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\marc\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\marc\AppData\Roaming\Apple Computer\Safari\PubSub\Database\Database.sqlite3 Object is locked skipped
C:\Users\marc\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\marc\ntuser.dat Object is locked skipped
C:\Users\marc\ntuser.dat.LOG1 Object is locked skipped
C:\Users\marc\ntuser.dat.LOG2 Object is locked skipped
C:\Users\marc\ntuser.dat{9c53bf42-d22f-11dc-b3ed-0016d39ac21f}.TM.blf Object is locked skipped
C:\Users\marc\ntuser.dat{9c53bf42-d22f-11dc-b3ed-0016d39ac21f}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\marc\ntuser.dat{9c53bf42-d22f-11dc-b3ed-0016d39ac21f}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{9c53bf27-d22f-11dc-b3ed-0016d39ac21f}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{9c53bf27-d22f-11dc-b3ed-0016d39ac21f}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{9c53bf27-d22f-11dc-b3ed-0016d39ac21f}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{9c53bf27-d22f-11dc-b3ed-0016d39ac21f}.TxR.blf Object is locked skipped
C:\Windows\System32\Ikeext.etl Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\JET97AC.tmp Object is locked skipped
C:\Windows\tracing\BAP.LOG Object is locked skipped
C:\Windows\tracing\IpHlpSvc.LOG Object is locked skipped
C:\Windows\tracing\kerberos\MARCANDLAN_kerberos_1_6_0_6000_0_0__300_6_0_6000_16386__vista_rtm_061101_2205_.etl Object is locked skipped
C:\Windows\tracing\KMDDSP.LOG Object is locked skipped
C:\Windows\tracing\NDPTSP.LOG Object is locked skipped
C:\Windows\tracing\PPP.LOG Object is locked skipped
C:\Windows\tracing\RASAPI32.LOG Object is locked skipped
C:\Windows\tracing\RASBACP.LOG Object is locked skipped
C:\Windows\tracing\RASCCP.LOG Object is locked skipped
C:\Windows\tracing\RASDLG.LOG Object is locked skipped
C:\Windows\tracing\RASEAP.LOG Object is locked skipped
C:\Windows\tracing\RASIPCP.LOG Object is locked skipped
C:\Windows\tracing\RASIPHLP.LOG Object is locked skipped
C:\Windows\tracing\RASIPV6CP.LOG Object is locked skipped
C:\Windows\tracing\RASMAN.LOG Object is locked skipped
C:\Windows\tracing\RASPAP.LOG Object is locked skipped
C:\Windows\tracing\RASQEC.LOG Object is locked skipped
C:\Windows\tracing\RASTAPI.LOG Object is locked skipped
C:\Windows\tracing\svchost_RASCHAP.LOG Object is locked skipped
C:\Windows\tracing\svchost_RASTLS.LOG Object is locked skipped
C:\Windows\tracing\tapi32.LOG Object is locked skipped
C:\Windows\tracing\tapisrv.LOG Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\Desktop.ini Object is locked skipped
D:\System Volume Information\Folder.htt Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\Protect.ed Object is locked skipped

Scan process completed.
 
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
 
You must log in or register to reply here.
Back
Top