Karl`s PC Help Forums Last active: Never
Not logged in [Login ]
Go To Bottom

In memory of Karl Davis, founder of this board, who made his final journey 12th June 2007

Post Reply
Who Can Post? All users can post new topics and all users can reply.
Username   Need to register?
Password:   Forgot password?
Subject: (optional)
Icon: [*]
Formatting Mode:
Normal
Advanced
Help

Insert Bold text Insert Italicised text Insert Underlined text Insert Centered text Insert a Hyperlink Insert E-mail Hyperlink Insert an Image Insert Code Formatted text Insert Quoted text Insert List
Message:
HTML is Off
Smilies are On
BB Code is On
[img] Code is On
:) :( :D ;)
:cool: :o shocked_yellow :P
confused2 smokin: waveysmiley waggyfinger
brshteeth nananana lips_sealed kewl_glasses
Show All Smilies

Disable Smilies?
Use signature?
Turn BBCode off?
Receive email on reply?
The file size of the attachment must be under 200K.
Do not preview if you have attached an image.
Attachment:
    

Topic Review
Pancake

[*] posted on 20-11-2008 at 00:37
Your welcome.
Pete Hill

[*] posted on 19-11-2008 at 22:27
Thanks Pancake. Much better now :) and thanks for the quick response.
Pete
Pancake

[*] posted on 19-11-2008 at 21:24
Ok.That looks like it fixed the malware so you should be fine now.

This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below into the box and click OK.



ComboFix /u

[bad img]http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png[/bad img]
Pete Hill

[*] posted on 19-11-2008 at 18:41
Thanks Pancake.
Here are the logs.
Malwarebytes' Anti-Malware 1.30
Database version: 1412
Windows 5.1.2600 Service Pack 3

19/11/2008 18:08:17
mbam-log-2008-11-19 (18-08-17).txt

Scan type: Quick Scan
Objects scanned: 97179
Time elapsed: 24 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
ComboFix 08-11-18.A2 - Pete Hill 2008-11-19 18:12:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.139 [GMT 0:00]
Running from: c:\documents and settings\Pete Hill\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\My Documents\AUTORUN.INF
c:\program files\Need2Find
c:\program files\Need2Find\bar\History\search
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\MSINET.oca

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OULTRAF
-------\Service_oUltraf


((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-17 18:05 . 2008-11-17 18:05 <DIR> d-------- c:\program files\Panda Security
2008-11-17 18:05 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-13 10:04 . 2008-11-13 10:04 1,393 --a------ c:\windows\imsins.BAK
2008-11-13 09:58 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 09:57 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-09 22:06 . 2008-11-09 22:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-09 22:05 . 2008-11-09 22:05 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-09 22:05 . 2008-11-09 22:05 <DIR> d-------- c:\documents and settings\Pete Hill\Application Data\SUPERAntiSpyware.com
2008-11-09 13:46 . 2008-11-09 13:46 <DIR> d-------- c:\documents and settings\Pete Hill\Saved Games
2008-11-07 17:58 . 2008-11-07 17:58 <DIR> d-------- c:\program files\Alwil Software
2008-11-07 17:45 . 2008-11-07 17:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-11-06 22:30 . 2008-11-06 22:30 <DIR> d-------- c:\documents and settings\Calla\Application Data\Malwarebytes
2008-11-02 15:58 . 2008-11-02 15:58 <DIR> d-------- c:\documents and settings\Ronaldinho\Saved Games
2008-11-02 15:49 . 2008-11-02 15:52 <DIR> d-------- c:\program files\Dream Day Wedding
2008-10-23 17:26 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d-------- c:\documents and settings\WINDOWS\system
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d-------- c:\documents and settings\WINDOWS
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d---s---- c:\documents and settings\UserData\KDM3016F
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d---s---- c:\documents and settings\UserData\KD678D2R
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d---s---- c:\documents and settings\UserData\GP6JOH2V
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d---s---- c:\documents and settings\UserData\[u]0[/u]5ARC9UR
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d--hs---- c:\documents and settings\UserData
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d--h----- c:\documents and settings\Templates
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> dr------- c:\documents and settings\Start Menu\Programs
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> dr------- c:\documents and settings\Start Menu
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> dr-h----- c:\documents and settings\SendTo
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d--hs---- c:\documents and settings\Recent
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d--h----- c:\documents and settings\PrintHood
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d-------- c:\documents and settings\Phone Browser\My Gallery
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d-------- c:\documents and settings\Phone Browser\My Contacts
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d-------- c:\documents and settings\Phone Browser\Fetched Files
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d-------- c:\documents and settings\Phone Browser
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d---s---- c:\documents and settings\NetHood\My Web Sites on MSN
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d--h----- c:\documents and settings\NetHood
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d-------- c:\documents and settings\My Documents\BitLord
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d-------- c:\documents and settings\My Documents\BBC radio 1 - live lounge
2008-10-23 15:01 . 2008-09-26 20:31 7,516,160 --a------ c:\documents and settings\pe_c_robbie.rrr
2008-10-23 15:01 . 2007-03-18 10:58 32,768 --a------ c:\documents and settings\UserData\index.dat
2008-10-23 15:01 . 2005-09-02 13:34 2,666 --a------ c:\documents and settings\.powerupdate.user.properties
2008-10-23 15:00 . 2008-10-23 15:00 <DIR> d-------- c:\documents and settings\My Documents\ConvertXtoDVD
2008-10-23 14:59 . 2008-10-23 14:59 <DIR> d-------- c:\documents and settings\My Documents\Justin Timberlake - Futuresex Lovesounds
2008-10-23 14:59 . 2008-10-23 14:59 <DIR> d---s---- c:\documents and settings\My Documents\InstantCDDVD
2008-10-23 14:59 . 2008-10-23 14:59 <DIR> d-------- c:\documents and settings\My Documents\Incomplete
2008-10-23 14:59 . 2008-10-23 14:59 <DIR> d-------- c:\documents and settings\My Documents\Hard-Fi - Stars Of CCTV [2005]
2008-10-23 14:59 . 2008-10-23 14:59 <DIR> d-------- c:\documents and settings\My Documents\FM Backup
2008-10-23 14:59 . 2008-10-23 14:59 <DIR> d-------- c:\documents and settings\My Documents\FILES
2008-10-23 14:59 . 2008-11-06 20:38 <DIR> d-------- c:\documents and settings\My Documents\Downloads
2008-10-23 14:58 . 2008-10-23 14:58 <DIR> d-------- c:\documents and settings\My Documents\My eBooks
2008-10-23 14:58 . 2008-10-23 14:58 <DIR> dr------- c:\documents and settings\My Documents\My Archives
2008-10-23 14:58 . 2008-10-23 14:58 <DIR> d-------- c:\documents and settings\My Documents\MSDE2000
2008-10-23 14:58 . 2008-10-23 14:58 <DIR> d-------- c:\documents and settings\My Documents\MNE Presents The Essential Bands - 2cd's
2008-10-23 14:54 . 2008-11-06 20:45 <DIR> d---s---- c:\documents and settings\My Documents\My Music
2008-10-23 14:53 . 2008-11-06 20:40 <DIR> d-------- c:\documents and settings\My Documents\My Received Files
2008-10-23 14:53 . 2008-10-23 14:53 <DIR> d---s---- c:\documents and settings\My Documents\My Pictures
2008-10-23 14:50 . 2008-10-23 14:50 <DIR> d-------- c:\documents and settings\My Documents\Oasis - Stop The Clocks [2006][2CD+2SkidVids+Cov]
2008-10-23 14:50 . 2008-10-23 14:50 <DIR> d-------- c:\documents and settings\My Documents\Nero 7.0.1.2 HUN
2008-10-23 14:50 . 2008-10-23 14:50 <DIR> d-------- c:\documents and settings\My Documents\Nero 7
2008-10-23 14:50 . 2008-10-23 14:50 <DIR> dr------- c:\documents and settings\My Documents\My Widgets
2008-10-23 14:50 . 2008-10-23 14:50 <DIR> d---s---- c:\documents and settings\My Documents\My Webs
2008-10-23 14:50 . 2008-11-06 20:43 <DIR> dr------- c:\documents and settings\My Documents\My Videos
2008-10-23 14:49 . 2008-10-23 14:49 <DIR> d-------- c:\documents and settings\My Documents\Soulseek
2008-10-23 14:49 . 2008-10-23 14:49 <DIR> d-------- c:\documents and settings\My Documents\Snow_Patrol-Eyes_Open-2006-FM
2008-10-23 14:49 . 2008-10-23 14:49 <DIR> d-------- c:\documents and settings\My Documents\Pinnacle Expression
2008-10-23 14:49 . 2008-10-23 14:49 <DIR> d-------- c:\documents and settings\My Documents\PcSetup
2008-10-23 14:49 . 2008-10-23 14:49 <DIR> d-------- c:\documents and settings\My Documents\ORK
2008-10-23 14:46 . 2008-10-23 14:46 <DIR> d-------- c:\documents and settings\My Documents\VA - Essential Songs (2006)
2008-10-23 14:46 . 2008-10-23 14:46 <DIR> d-------- c:\documents and settings\My Documents\The Kooks - Inside in, Inside out
2008-10-23 14:46 . 2008-10-23 14:46 <DIR> d-------- c:\documents and settings\My Documents\Super.DVD.Creator.v9.5.Multilingual.Incl.Keymaker-CORE
2008-10-23 14:46 . 2008-10-23 14:49 <DIR> d-------- c:\documents and settings\My Documents\Sports Interactive
2008-10-23 14:45 . 2008-10-23 14:45 <DIR> d-------- c:\documents and settings\My Documents\VA-NME Presents The Essential Bands 2006(with covers) a DHZ.Inc
2008-10-23 14:45 . 2007-10-17 16:55 693,633,024 --a------ c:\documents and settings\My Documents\htd-fm08.bin
2008-10-23 14:45 . 2005-01-10 23:25 21,778,872 --a------ c:\documents and settings\My Documents\iTunesSetup.exe
2008-10-23 14:45 . 2005-03-10 11:30 15,814,200 --a------ c:\documents and settings\My Documents\Java Runtime Environment.exe
2008-10-23 14:45 . 2006-01-15 01:55 9,692,886 --a------ c:\documents and settings\My Documents\vlc-0.8.4a-win32.exe
2008-10-23 14:45 . 2005-08-08 18:51 4,825,672 --a------ c:\documents and settings\My Documents\Firefox.exe
2008-10-23 14:45 . 2006-01-03 12:48 4,042,280 --a------ c:\documents and settings\My Documents\LWP.exe
2008-10-23 14:45 . 2001-04-04 18:11 1,499,904 -ra------ c:\documents and settings\My Documents\INSTMSIW.EXE
2008-10-23 14:45 . 2001-04-04 18:11 1,489,152 -ra------ c:\documents and settings\My Documents\INSTMSI.EXE
2008-10-23 14:45 . 2001-02-28 13:14 476,576 -ra------ c:\documents and settings\My Documents\SETUP.EXE
2008-10-23 14:44 . 2008-11-19 18:14 <DIR> d---s---- c:\documents and settings\My Documents
2008-10-23 14:38 . 2008-10-23 14:38 <DIR> d-------- c:\documents and settings\Local Settings\temp
2008-10-23 14:38 . 2008-10-23 14:38 <DIR> d--hs---- c:\documents and settings\Local Settings\History
2008-10-23 14:38 . 2008-10-23 14:38 <DIR> d-------- c:\documents and settings\Local Settings\Apps
2008-10-23 14:37 . 2008-10-23 14:38 <DIR> d--hs---- c:\documents and settings\Local Settings\Temporary Internet Files
2008-10-23 14:37 . 2008-10-23 14:38 <DIR> d--h----- c:\documents and settings\Local Settings
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d--h----- c:\documents and settings\InstallAnywhere
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d-------- c:\documents and settings\Incomplete
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d-------- c:\documents and settings\Favorites\Microsoft Websites
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d-------- c:\documents and settings\Favorites\Microsoft Web Sites
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d-------- c:\documents and settings\Favorites\Links
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> dr------- c:\documents and settings\Favorites
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d-------- c:\documents and settings\DoctorWeb\Quarantine
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d-------- c:\documents and settings\DoctorWeb
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d-------- c:\documents and settings\Desktop\Massive R&B-Spring Collection - 2008.(http://www.lokotorrents.com)
2008-10-23 14:37 . 2008-11-18 17:42 <DIR> d-------- c:\documents and settings\Desktop\hijackthis
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d-------- c:\documents and settings\Desktop\David Gray - Greatest Hits (256Kbps)
2008-10-23 14:37 . 2007-05-29 11:20 37,873,216 --a------ c:\documents and settings\Desktop\iTunesSetup.exe
2008-10-23 14:37 . 2008-01-21 18:32 9,733,451 --a------ c:\documents and settings\Desktop\vlc-0.8.6d-win32.exe
2008-10-23 14:37 . 2007-09-06 14:47 7,346,072 --a------ c:\documents and settings\Desktop\cureit.exe
2008-10-23 14:37 . 2007-11-13 09:21 7,014,634 --a------ c:\documents and settings\Desktop\FOOTBALL.MANAGER.07.V7.02.ENG.RAZOR1911.NOCD.ZIP
2008-10-23 14:37 . 2007-01-20 13:03 6,175,304 --a------ c:\documents and settings\Desktop\frostwire-4.13.1.4.windows.exe
2008-10-23 14:37 . 2006-02-14 20:46 5,179,432 --a------ c:\documents and settings\Desktop\Firefox Setup 1.5.0.1.exe
2008-10-23 14:37 . 2006-10-01 18:12 5,014,254 --a------ c:\documents and settings\Desktop\drweb-cureit.exe
2008-10-23 14:37 . 2008-07-12 16:57 4,891,216 --a------ c:\documents and settings\Desktop\Silverlight.2.0.exe
2008-10-23 14:37 . 2005-09-21 14:08 4,827,288 --a------ c:\documents and settings\Desktop\Firefox Setup 1.0.7.exe
2008-10-23 14:37 . 2007-11-13 09:10 3,003,113 --a------ c:\documents and settings\Desktop\Setup_MagicISO.exe
2008-10-23 14:37 . 2008-02-21 15:59 2,733,520 --a------ c:\documents and settings\Desktop\ccsetup205.exe
2008-10-23 14:37 . 2008-01-17 14:18 760,661 --a------ c:\documents and settings\Desktop\DI-514_fw_v1-05.zip
2008-10-23 14:37 . 2007-12-15 01:13 8,833 --a------ c:\documents and settings\Desktop\GTA San Andreas.zip
2008-10-23 14:34 . 2008-10-23 14:37 <DIR> d---s---- c:\documents and settings\Desktop
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d--h----- c:\documents and settings\Copy of Contacts\robbiehill2001@hotmail.com
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d--h----- c:\documents and settings\Copy of Contacts\groovykat567@msn.com
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:\documents and settings\Copy of Contacts
2008-10-23 14:34 . 2008-11-10 00:51 <DIR> d--hs---- c:\documents and settings\Cookies
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d--h----- c:\documents and settings\Contacts\robbiehill2001@hotmail.com
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d--h----- c:\documents and settings\Contacts\groovykat567@msn.com
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:\documents and settings\Contacts
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:\documents and settings\Application Data\FrostWire
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:\documents and settings\Application Data\FaxCtr
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:\documents and settings\Application Data\DivX
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:\documents and settings\Application Data\Creative
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:\documents and settings\Application Data\Corel
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:\documents and settings\Application Data\BitTorrent
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:\documents and settings\Application Data\Apple Computer
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:\documents and settings\Application Data\amenelseaudio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 18:27 --------- d-----w c:\program files\lx_cats
2008-11-19 17:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-10 22:19 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 00:28 --------- d-----w c:\program files\Creative
2008-11-10 00:09 --------- d-----w c:\program files\Lavasoft
2008-11-10 00:09 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-09 16:48 --------- d-----w c:\program files\SpywareBlaster
2008-11-09 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-06 22:28 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-06 16:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 16:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 16:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-21 15:45 83,216 ----a-w c:\documents and settings\Pete Hill\Application Data\GDIPFONTCACHEV1.DAT
2008-10-07 18:28 --------- d-----w c:\program files\Mystery of Shark Island
2008-10-07 18:28 --------- d-----w c:\documents and settings\Pete Hill\Application Data\PlayFirst
2008-10-01 20:21 --------- d-----w c:\program files\iTunes
2008-10-01 20:21 --------- d-----w c:\program files\iPod
2008-10-01 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-01 20:20 --------- d-----w c:\program files\Bonjour
2008-10-01 20:19 --------- d-----w c:\program files\QuickTime
2008-09-27 23:58 --------- d-----w c:\documents and settings\Pete Hill\Application Data\Malwarebytes
2008-09-27 23:58 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-09-27 23:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-27 23:29 --------- d-----w c:\program files\THQ
2008-09-27 20:44 --------- d-----w c:\program files\Shockwave.com
2008-09-27 20:43 --------- d-----w c:\program files\DivX
2008-09-27 20:42 --------- d-----w c:\program files\Disney Interactive
2008-09-27 15:15 --------- d-----w c:\program files\LEGO Company
2008-09-27 15:13 --------- d-----w c:\program files\Mindscape
2008-09-27 15:08 --------- d-----w c:\program files\McDonaldsFairies
2008-08-20 10:38 83,216 ----a-w c:\documents and settings\Calla\Application Data\GDIPFONTCACHEV1.DAT
2007-11-23 21:14 67,896 ----a-w c:\documents and settings\Ronaldinho\Application Data\GDIPFONTCACHEV1.DAT
2006-07-22 18:37 32 ----a-r c:\documents and settings\All Users\hash.dat
2005-04-25 22:24 48,264 -csh--w c:\windows\inf\cmpa.bak1
2005-05-03 17:27 375,023 -csh--w c:\windows\inf\cmpa.bak2
2005-05-03 21:29 375,710 -csh--w c:\windows\inf\cmpa.ini2
2007-09-10 09:47 0 -csha-w c:\windows\SMINST\HPCD.sys
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-05-16 14:44 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051620080517\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-13 4112384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
-ra------ 2006-07-26 06:19 540672 c:\program files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2006-02-07 05:10 98304 c:\program files\Lexmark 2400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2006-02-02 08:11 290816 c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
--a------ 2006-01-22 17:45 286720 c:\program files\Lexmark 2400 Series\lxcrmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a--c--- 2003-06-10 14:11 50688 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-07-13 20:50 4112384 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2004-07-13 20:50 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2003-11-11 20:06 406016 c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 11:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMAAD]
--a------ 2007-02-16 18:41 110592 c:\program files\Sony\WALKMAN Launcher\WMAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-07-13 20:50 843776 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-02-10 05:54 65024 c:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-17 28544]
R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2007-09-17 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2007-09-17 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-07 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-07 20560]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2006-07-30 2368]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-09-27 38496]
S3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\H10USB.sys [2004-06-24 7552]
S3 RiotDrv;Rio Riot driver;c:\windows\system32\Drivers\RiotDrv.sys [2005-02-28 12610]
S3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2008-07-02 513152]
.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7C631929-7540-4414-9DE2-742A572EAE76} - (no file)
HKU-Default-Run-ITWSS6_Suite - c:\program files\IT Works Security Suite 6\itwss.exe
HKU-Default-Run-ITWSS6_SAFE - c:\program files\IT Works Security Suite 6\safe.exe
HKU-Default-Run-ITWSS6_SPM - c:\program files\IT Works Security Suite 6\spm.exe
Notify-apmc - (no file)
Notify-geeba - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Pete Hill\Application Data\Mozilla\Firefox\Profiles\xr0ymn7g.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&lc=2057&_lang=EN FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 18:26:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\lxcrcoms.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-19 18:33:25 - machine was rebooted [Pete Hill]
ComboFix-quarantined-files.txt 2008-11-19 18:33:11

Pre-Run: 49,128,198,144 bytes free
Post-Run: 49,957,208,064 bytes free

321 --- E O F --- 2008-11-13 10:08:58
Logfile of HijackThis v1.99.1
Scan saved at 18:39:25, on 19/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.passport.net/uilogin.srf?lc=2057&id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/client/uploader/ImageUploader3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189266177140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132643161656
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailmail/sis/slgwebinstall.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfrenzy/SproutLauncher.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://www.shockwave.com/content/sweetopia/sis/Sweetopia.1.0.0.22.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEF25E6D-22B3-4345-ACB5-D7BD537111A4}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
Pancake

[*] posted on 19-11-2008 at 00:22
I can see a Vundo infection....

Run both these programs


Please download Malwarebytes' Anti-Malware from one of these places:

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


=====================================================================================

=====================================================================================


Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.

Double-click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

[bad img]http://i254.photobucket.com/albums/hh103/velta911/RcAuto1.gif[/bad img]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

[bad img]http://i254.photobucket.com/albums/hh103/velta911/whatnext.png[/bad img]


Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Pete Hill

[*] posted on 18-11-2008 at 18:19
Thank you DW
Dreamweaver

[*] posted on 18-11-2008 at 18:06
I should point out to Pancake and crew, Pete had already posted .......

Quote:
Originally posted by Pete Hill
Hi.
My pc is very slow to boot up and after running all my anti- virus and anti scum-ware the problem is still there.
Have tried to run the Panda AV as advised in the sticky but the scan gets to 20% and then stays there (even ran it overnight).
Should I follow the rest of the sticky to post a HJ log or should I try something else?
Thanks
Pete

Pete Hill

[*] posted on 18-11-2008 at 17:47
An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=load)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 7.0.5730.11
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.Logfile of HijackThis v1.99.1
Scan saved at 17:43:09, on 18/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.passport.net/uilogin.srf?lc=2057&id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7C631929-7540-4414-9DE2-742A572EAE76} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/client/uploader/ImageUploader3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189266177140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132643161656
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailmail/sis/slgwebinstall.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfrenzy/SproutLauncher.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://www.shockwave.com/content/sweetopia/sis/Sweetopia.1.0.0.22.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEF25E6D-22B3-4345-ACB5-D7BD537111A4}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: apmc - C:\WINDOWS\
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: geeba - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe