BleepingComputer.com: infected with trojan proxy agent nci

here it is

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-05-15 19:27:13
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 111 GB (75%) free of 149 GB
Total RAM: 2558 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:18, on 15/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Broadcom\BACS\BPowMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BACS\BPowMon.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: VMwareService - Unknown owner - C:\WINDOWS\system\VMwareService.exe (file missing)

--
End of file - 6267 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-17 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-15 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-29 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-18 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-03-08 921600]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-07-26 13570048]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-08-21 487424]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-18 148888]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2008-07-26 86016]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-10-06 122940]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-07 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-07-07 233472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Disabled:BitLord"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-05-10 15:43:53 ----SHD---- C:\RECYCLER
2009-05-10 15:25:12 ----D---- C:\WINDOWS\temp
2009-05-10 15:25:11 ----A---- C:\ComboFix.txt
2009-05-10 15:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-10 15:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-10 15:07:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-10 15:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-10 15:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-10 15:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-10 15:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-10 15:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-10 15:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-05-10 15:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-05-10 15:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-10 14:32:32 ----D---- C:\xpcd
2009-05-10 12:50:30 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-01 19:07:29 ----A---- C:\WINDOWS\zip.exe
2009-05-01 19:07:29 ----A---- C:\WINDOWS\vFind.exe
2009-05-01 19:07:29 ----A---- C:\WINDOWS\SWREG.exe
2009-05-01 19:07:29 ----A---- C:\WINDOWS\sed.exe
2009-05-01 19:07:29 ----A---- C:\WINDOWS\grep.exe
2009-05-01 19:07:28 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-01 19:07:28 ----A---- C:\WINDOWS\SWSC.exe
2009-05-01 19:07:19 ----D---- C:\WINDOWS\ERDNT
2009-05-01 19:06:32 ----D---- C:\Qoobox
2009-04-30 19:37:57 ----D---- C:\rsit
2009-04-30 19:37:57 ----D---- C:\Program Files\trend micro
2009-04-20 20:29:40 ----A---- C:\WINDOWS\imsins.BAK
2009-04-20 19:17:56 ----D---- C:\Documents and Settings\Owner\Application Data\DivX
2009-04-19 20:27:56 ----D---- C:\Program Files\microsoft money 2005
2009-04-19 20:09:18 ----D---- C:\Program Files\WinAVIVideoConverter
2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-04-19 20:04:33 ----D---- C:\Program Files\Common Files\DivX Shared
2009-04-18 09:59:07 ----D---- C:\Program Files\JavaFX
2009-04-18 09:58:23 ----D---- C:\Program Files\Sun
2009-04-18 09:58:11 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-18 09:58:11 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-18 09:58:11 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-18 09:58:10 ----A---- C:\WINDOWS\system32\java.exe
2009-04-18 09:55:44 ----D---- C:\Documents and Settings\Owner\Application Data\Sun

======List of files/folders modified in the last 1 months======

2009-05-15 19:27:18 ----D---- C:\WINDOWS\Prefetch
2009-05-15 19:26:22 ----D---- C:\Program Files\Mozilla Firefox
2009-05-14 23:55:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-14 07:22:22 ----D---- C:\WINDOWS
2009-05-13 21:06:52 ----HD---- C:\WINDOWS\inf
2009-05-13 21:06:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-13 20:57:03 ----SHD---- C:\WINDOWS\Installer
2009-05-11 20:19:53 ----A---- C:\WINDOWS\win.ini
2009-05-10 17:01:25 ----D---- C:\WINDOWS\AppPatch
2009-05-10 17:00:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-10 17:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-05-10 16:58:42 ----D---- C:\2c2594450c9c67bac7dc565487
2009-05-10 15:30:00 ----D---- C:\WINDOWS\system32
2009-05-10 15:29:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-10 15:23:03 ----A---- C:\WINDOWS\system.ini
2009-05-10 15:23:00 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-10 15:21:19 ----D---- C:\WINDOWS\system32\drivers
2009-05-10 15:21:11 ----D---- C:\Program Files\Common Files
2009-05-10 15:10:02 ----D---- C:\WINDOWS\system32\wbem
2009-05-10 15:05:53 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-10 15:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-05-10 15:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-05-10 15:01:02 ----D---- C:\Program Files\Internet Explorer
2009-05-10 12:56:23 ----D---- C:\WINDOWS\security
2009-05-10 12:56:05 ----D---- C:\WINDOWS\system32\config
2009-05-05 21:37:34 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-04 21:49:22 ----D---- C:\WINDOWS\SoftwareDistribution
2009-05-04 21:46:32 ----SHD---- C:\System Volume Information
2009-05-04 21:46:32 ----D---- C:\WINDOWS\system32\Restore
2009-05-04 21:10:15 ----RASH---- C:\boot.ini
2009-05-04 20:57:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-05-01 19:39:58 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-01 19:39:33 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-05-01 15:31:07 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-04-30 19:37:57 ----RD---- C:\Program Files
2009-04-29 21:59:57 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-20 19:45:51 ----D---- C:\Documents and Settings
2009-04-19 20:05:26 ----D---- C:\Program Files\DivX
2009-04-19 19:52:40 ----D---- C:\Program Files\Xvid
2009-04-18 12:33:02 ----RSD---- C:\WINDOWS\Fonts
2009-04-18 09:56:26 ----D---- C:\Program Files\Java
2009-04-18 09:31:27 ----A---- C:\avenger.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-08 35840]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2009-03-07 17801]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\BACS\BASFND.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2006-05-11 156160]
R3 cmpci;TerraTec Aureon 5.1 (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-08-29 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-07-26 6097536]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-29 47360]
R3 portio;TPM Service; C:\WINDOWS\System32\DRIVERS\NscTpmDD.sys [2004-05-19 13757]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\System32\DRIVERS\psadd.sys [2009-03-07 30144]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 gaopdxserv.sys;gaopdxserv.sys; C:\WINDOWS\system32\drivers\gaopdxbrxowbitudotpogkoltmxvnklyapqqji.sys []
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
S2 amd64si;amd64si; \??\C:\WINDOWS\system32\drivers\amd64si.sys []
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-08-11 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-08-11 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-08-11 21488]
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BPowMon;Broadcom Power monitoring service; C:\Program Files\Broadcom\BACS\BPowMon.exe [2005-04-13 65536]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-18 152984]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-03-08 507904]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2008-07-26 159812]
R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2008-10-20 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-08-21 1155072]
S2 VMwareService;VMwareService; C:\WINDOWS\system\VMwareService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-29 19456]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-08-11 65795]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-04-12 17408]

-----------------EOF-----------------

We would like you to download another Anti-virus because the Nod32 that is on your system is a cracked version. There are a lot of problems which can arise with these versions of programs and it could possibly part of the problem with the RC not installing properly. Just hard to tell but you would be better off with one of the free versions anyway. You of course don't have to do this but it would be highly advisable in light of what we know about them.

The order of how you carry this out is important so what we would like you to do is to download the anti-virus of your choice but do not install it yet. When you have done so move on to the instructions below the anti-virus list.



For a free anti-virus please follow these instructions:
Click on this link: AVG

• Underneath AVG Anti-Virus Free click on Download
  
• Click on AVG 8.0 Free for Windows
  
• Click on Download
  
• A window will open. Click on Save File-A window will open. Click on Next
  
• Click on Accept
  
• Make sure standard install is checked and click Next
  
• You can enter your name and click Next
  
• click Finish After install is complete click OK
  
• Follow prompters to update and check for viruses

Some more links to free anti-virus programs(Note. Choose only one)

Avira

Avast(Mouse over Free Software in the upper right corner)



After you have downloaded one of the anti-virus from the list then disconnect from the Internet(this is very important). Once disconnected follow the instructions below for removing your Nod32. When that is completed go ahead with the installation of your new anti-virus then reconnect to the Internet and immediately update it.


Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

NOD32 antivirus system
NOD32 FiX v2.1

Additional instructions can be found here if needed





When you have completed this please let us know and we will continue.

right done everything you said and it went well. a couple of things i should tell you, a warning came up saying "local machine installed succesfully warning action failed for regitery key hkcu\software\avg (ADMINISTRATER) creating registery key error 0x80070005,
the exact same message but for avg8 followed by internal error registery handle has not been opened.
there is also a threat detected warning coming up for windows\system32\winlogon.exe trojan horse win32/pepatchao
hope this helps,
do you want me to now run a scan?

I'm glad you were able to get that accomplished and I'll check out the errors.
Hang on before you do another scan. I need to talk to my coach again and I might not get an answer back today

Now that is accomplished we want to try once again for the Recovery Console install so this is basically a repeat of what I wrote in post #17. However the difference is even if you fail to install the RC go ahead with the ComboFix run in Safe Mode once again.


We are going to try to install the Recovery Console again through a manual install.

Please go HERE and follow the instructions on Manual installation. When you get to the part I have quoted below which comes from the instructions do not click on "Yes" Choose "No" instead.

Quote

After doing the above I want you to restart your computer in Safe Mode and then run ComboFix from there and post the log it produces in your next reply. If you encounter any problems please let me know.

still getting the application failed to initialise error and the avg scanner is still active even though i closed it. really sorry for all this hassle and appreciate all your help. As i said earlier would uninstalling service pack 2 and installing the rc from my original xp disk help in any way. do you still want me to run a combofix in safe mode

It's no hassle, that's what we're here for.

I do want you to go ahead with the ComboFix run in Safe Mode but I don't think it would be a good idea to uninstall a service pack you already have on the machine. Could leave it open to more problems.

ComboFix 09-05-17.08 - Owner 18/05/2009 20:33.7 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2558.2299 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Essentials Codec Pack
c:\program files\Essentials Codec Pack\ac3filter.ax
c:\program files\Essentials Codec Pack\AviSplitter.ax
c:\program files\Essentials Codec Pack\cddareader.ax
c:\program files\Essentials Codec Pack\cdxareader.ax
c:\program files\Essentials Codec Pack\CLVSD.AX
c:\program files\Essentials Codec Pack\CoreAAC.ax
c:\program files\Essentials Codec Pack\CoreFLACDecoder.ax
c:\program files\Essentials Codec Pack\CoreVorbis.ax
c:\program files\Essentials Codec Pack\FLVSplitter.ax
c:\program files\Essentials Codec Pack\iccvid.dll
c:\program files\Essentials Codec Pack\l3codecp.acm
c:\program files\Essentials Codec Pack\l3codecx.ax
c:\program files\Essentials Codec Pack\lame.ax
c:\program files\Essentials Codec Pack\MatroskaSplitter.ax
c:\program files\Essentials Codec Pack\MonkeySource.ax
c:\program files\Essentials Codec Pack\MP4Splitter.ax
c:\program files\Essentials Codec Pack\MpaSplitter.ax
c:\program files\Essentials Codec Pack\Mpeg2DecFilter.ax
c:\program files\Essentials Codec Pack\MpegSplitter.ax
c:\program files\Essentials Codec Pack\mplayerc.exe
c:\program files\Essentials Codec Pack\OggSplitter.ax
c:\program files\Essentials Codec Pack\RealMediaSplitter.ax
c:\program files\Essentials Codec Pack\RLMPCDec.ax
c:\program files\Essentials Codec Pack\RLOFRDec.ax
c:\program files\Essentials Codec Pack\shoutcastsource.ax
c:\program files\Essentials Codec Pack\uninst.exe
c:\program files\Essentials Codec Pack\update.exe
c:\program files\Essentials Codec Pack\vorbis.acm
c:\program files\Essentials Codec Pack\VSFilter.dll
c:\program files\Essentials Codec Pack\WavPackDSDecoder.ax
c:\program files\Essentials Codec Pack\WavPackDSSplitter.ax
c:\program files\Essentials Codec Pack\Windows Essentials Media Codec Pack.url
c:\program files\Essentials Codec Pack\xvid.ax
c:\program files\Essentials Codec Pack\xvidcore.dll
c:\program files\Essentials Codec Pack\xvidvfw.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-18 19:17 . 2009-05-18 19:27 -------- d-----w C:\ComboFix
2009-05-16 18:17 . 2009-05-16 18:17 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-16 18:17 . 2009-05-16 18:17 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-16 18:17 . 2009-05-16 18:17 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-16 18:17 . 2009-05-18 08:44 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-16 18:17 . 2009-05-17 11:41 -------- d-----w c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-05-16 18:17 . 2009-05-16 18:17 -------- d-----w c:\program files\AVG
2009-05-16 18:17 . 2009-05-16 18:17 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-10 13:32 . 2009-05-10 13:33 -------- d-----w C:\xpcd
2009-05-01 18:24 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-01 18:23 . 2008-04-11 18:50 683520 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-05-01 18:21 . 2008-05-01 14:30 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-05-01 18:19 . 2008-10-03 10:15 247326 -c----w c:\windows\system32\dllcache\strmdll.dll
2009-05-01 18:17 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-30 18:37 . 2009-05-01 18:24 -------- d-----w c:\program files\trend micro
2009-04-30 18:37 . 2009-04-30 18:38 -------- d-----w C:\rsit
2009-04-29 21:00 . 2009-04-29 21:00 59056 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 19:46 . 2009-04-28 19:45 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-28 19:44 . 2009-04-28 19:46 -------- d-----w c:\documents and settings\Owner\.housecall6.6
2009-04-20 18:17 . 2009-04-20 18:17 -------- d-----w c:\documents and settings\Owner\Application Data\DivX
2009-04-19 19:27 . 2009-04-19 19:27 -------- d-----w c:\program files\microsoft money 2005
2009-04-19 19:09 . 2009-04-19 19:09 -------- d-----w c:\program files\WinAVIVideoConverter
2009-04-19 19:05 . 2009-04-15 20:25 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-04-19 19:05 . 2009-04-15 20:25 9464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-04-19 19:05 . 2009-04-15 20:25 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-04-19 19:05 . 2009-04-15 20:25 118520 ------w c:\windows\system32\pxinsi64.exe
2009-04-19 19:05 . 2009-04-15 20:25 129784 ------w c:\windows\system32\pxafs.dll
2009-04-19 19:04 . 2009-04-19 19:04 -------- d-----w c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 18:34 . 2008-01-21 20:27 -------- d-----w c:\program files\Eset
2009-05-13 19:57 . 2009-03-07 07:45 1272 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-05-10 12:31 . 2009-03-10 12:49 1324 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-04 19:57 . 2008-01-22 00:01 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-19 19:05 . 2008-01-27 19:22 -------- d-----w c:\program files\DivX
2009-04-19 18:52 . 2009-01-20 21:48 -------- d-----w c:\program files\Xvid
2009-04-18 08:59 . 2009-04-18 08:59 -------- d-----w c:\program files\JavaFX
2009-04-18 08:58 . 2009-04-18 08:58 -------- d-----w c:\program files\Sun
2009-04-18 08:57 . 2009-04-18 08:58 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-18 08:56 . 2008-06-23 20:50 -------- d-----w c:\program files\Java
2009-04-15 20:25 . 2005-04-25 10:03 43528 ------w c:\windows\system32\drivers\pxhelp20.sys
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll
2009-04-12 15:21 . 2002-08-29 12:00 506368 ----a-w c:\windows\system32\winlogon.exe
2009-04-12 15:21 . 2002-08-29 12:00 17408 ----a-w c:\windows\system32\svchost.exe
2009-04-12 14:45 . 2002-08-29 12:00 1034752 ----a-w c:\windows\explorer.exe
2009-04-11 18:03 . 2009-04-11 18:03 -------- d-----w c:\program files\CCleaner
2009-04-11 10:58 . 2009-04-11 10:58 563 ----a-w c:\program files\Shortcut to Malwarebytes' Anti-Malware.lnk
2009-04-07 09:04 . 2009-04-07 08:52 28725 ------w c:\windows\hpoins03.dat
2009-04-07 08:27 . 2009-04-07 08:27 -------- d-----w c:\program files\SonicWallES
2009-04-06 09:21 . 2009-04-06 09:15 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-06 09:08 . 2009-04-06 09:08 -------- d-----w c:\program files\Zone Labs
2009-04-02 19:48 . 2009-03-26 21:24 -------- d-----w c:\program files\SpywareBlaster
2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
2009-03-29 16:20 . 2008-01-26 17:58 -------- d-----w c:\program files\VSO
2009-03-24 21:13 . 2008-01-24 22:29 -------- d-----w c:\program files\PCDR5
2009-03-22 19:32 . 2009-03-22 19:32 -------- d-----w c:\program files\GrabIt
2009-03-22 16:46 . 2009-03-22 16:46 0 ----atw c:\windows\001008_.tmp
2009-03-22 15:53 . 2009-03-22 15:53 0 ----atw c:\windows\003325_.tmp
2009-03-22 15:42 . 2009-03-22 15:42 -------- d-----w c:\program files\Bit Che
2009-03-22 15:20 . 2009-03-07 08:05 59056 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-22 15:18 . 2009-03-22 15:16 -------- d-----w c:\program files\Common Files\Ahead
2009-03-22 15:16 . 2009-03-21 18:27 -------- d-----w c:\program files\Nero
2009-03-11 21:06 . 2009-03-11 21:06 0 ----a-w c:\windows\nsreg.dat
2009-03-10 21:50 . 2009-03-10 21:50 128 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2009-03-09 20:41 . 2009-03-07 04:37 23388 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-07 19:30 . 2009-03-07 19:30 17801 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-07 13:18 . 2009-03-07 13:18 30144 ----a-w c:\windows\system32\drivers\psadd.sys
2009-03-06 14:44 . 2002-08-29 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-05 23:59 . 2009-03-18 23:05 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-05 23:59 . 2009-03-18 23:05 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-02-20 08:30 . 2009-03-10 12:41 81920 ------w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2002-08-29 12:00 659456 ----a-w c:\windows\system32\wininet.dll
2001-06-20 16:21 . 2008-01-13 13:09 1536 ----a-w c:\program files\boot.bin
2001-06-20 16:21 . 2008-01-13 13:08 22507 ----a-w c:\program files\bmgr.exe
2001-06-20 16:21 . 2008-01-13 13:09 168 ----a-w c:\program files\bmgr.scr
1998-05-11 20:01 . 2008-01-13 13:10 18967 ----a-w c:\program files\SYS.COM
1998-05-11 20:01 . 2008-01-13 13:10 7 ----a-w c:\program files\MSDOS.SYS
1998-05-11 20:01 . 2008-01-13 13:09 93880 ----a-w c:\program files\command.com
1998-05-11 20:01 . 2008-01-13 13:09 222390 ----a-w c:\program files\io.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2004-08-04 00:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe
[-] 2009-04-12 15:21 17408 F9304809C3CA8F45153674A253DC670C c:\windows\system32\svchost.exe

[-] 2004-08-04 00:56 502272 50DF290E01181F57562BCFC2E93E79BE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2004-08-04 00:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[-] 2009-04-12 15:21 506368 1386A976BE507C9CBAFFA6D3F39CBF1E c:\windows\system32\winlogon.exe

[7] 2004-08-03 23:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ip6fw.sys
[-] 2004-08-03 23:00 29056 ACA96CF6F78D2CAAAAF847F2EE0BEB14 c:\windows\system32\drivers\ip6fw.sys

[-] 2009-04-12 14:45 1034752 E52221CA17B56885CD8BBF32BE7DF49E c:\windows\explorer.exe
[7] 2004-08-04 00:56 1032192 A0732187050030AE399B241436565E64 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 00:12 1033728 ACE75FE76B8D34235430B954CEA5621F c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe

[7] 2004-08-04 00:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe
[-] 2004-08-04 00:56 14336 110FB3121C028E5AAEDF3307223787CD c:\windows\system32\lsass.exe

[7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[7] 2004-08-04 00:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe
[-] 2005-06-10 23:53 58368 3513A57EC257DF60F641D20031ACB383 c:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-07 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-08-21 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-07-26 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-07-26 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-16 18:17 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/05/2009 19:17 108552]
S0 cfyr;cfyr;c:\windows\system32\drivers\noxlg.sys --> c:\windows\system32\drivers\noxlg.sys [?]
S0 guiw;guiw;c:\windows\system32\drivers\nfpwyx.sys --> c:\windows\system32\drivers\nfpwyx.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/05/2009 19:17 325896]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/05/2009 19:17 298776]
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BACS\BPowMon.exe [13/04/2005 01:52 65536]
S2 VMwareService;VMwareService;"c:\windows\system\VMwareService.exe" --> c:\windows\system\VMwareService.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-03-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1x1e23du.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 20:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-18 20:38
ComboFix-quarantined-files.txt 2009-05-18 19:38
ComboFix2.txt 2009-05-18 19:13
ComboFix3.txt 2009-05-10 14:25
ComboFix4.txt 2009-05-10 12:01
ComboFix5.txt 2009-05-18 19:17

Pre-Run: 116,338,073,600 bytes free
Post-Run: 116,336,304,128 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,3,4,5,6
238 --- E O F --- 2009-05-10 14:08

Sorry, we are not forgetting you there is just a lot of behind-the-scenes stuff we are talking about in relation to this thread.


The version of ComboFix you are using is out of date so I need for you to delete it and the install a new version from one of the links below. Save it to your Desktop but do not run it yet.


Link 1
Link 2
Link 3




After doing this please continue with the instructions below:


This is our next step. Don't worry if you can't disable your AVG. Go ahead with the script anyway.



Special ComboFix script made for this computer only

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs including TeaTimer if you have it so they do not interfere with the running of ComboFix. Instructions for doing so are located here

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

This should produce two logs for you





I would like you to have check some suspicious files for me:


Go to http://virusscan.jotti.org
Copy the following line into the white textbox:
c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT

Click Submit.
Please post the results of this scan to this thread.

Do the same for both of these
c:\windows\001008_.tmp
c:\windows\003325_.tmp




Alternate site if Jottis' doesn't work or is too busy

Go to http://www.virustotal.com/en/indexf.html
Copy the following line into the white textbox:
c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT

Click Send.
Please post the results of this scan to this thread.

Do the same for both of these
c:\windows\001008_.tmp
c:\windows\003325_.tmp



There will be two logs produced by the running of ComboFix which will be named DeQuarantine_log.txt
and ComboFix.txt. Please post both of those plus the results of the file scans.

only one log was produced here it is. also wasnt sure how to save jotis logs but
c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT result said 20 scanners found nothing and the other 2 said file is empty 0 bytes

ComboFix 09-05-20.01 - Owner 20/05/2009 20:39.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2558.2121 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\program files\bmgr.exe
c:\program files\bmgr.scr
c:\program files\boot.bin
c:\program files\command.com
c:\program files\io.sys
c:\program files\MSDOS.SYS
c:\program files\SYS.COM
c:\windows\system32\drivers\nfpwyx.sys
c:\windows\system32\drivers\noxlg.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\bmgr.exe
c:\program files\bmgr.scr
c:\program files\boot.bin
c:\program files\command.com
c:\program files\io.sys
c:\program files\MSDOS.SYS
c:\program files\SYS.COM

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\svchost.exe --> c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe
c:\windows\ServicePackFiles\i386\svchost.exe --> c:\windows\system32\svchost.exe
c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\$NtServicePackUninstall$\winlogon.exe
c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\ServicePackFiles\i386\ip6fw.sys --> c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ip6fw.sys
c:\windows\ServicePackFiles\i386\ip6fw.sys --> c:\windows\system32\drivers\ip6fw.sys
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe
c:\windows\ServicePackFiles\i386\lsass.exe --> c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe
c:\windows\ServicePackFiles\i386\lsass.exe --> c:\windows\system32\lsass.exe
c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe --> c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe
c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe --> c:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_cfyr
-------\Service_guiw


((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
.

2009-05-18 19:32 . 2009-05-18 19:38 -------- d-----w C:\Combo-Fix
2009-05-16 18:17 . 2009-05-16 18:17 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-16 18:17 . 2009-05-16 18:17 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-16 18:17 . 2009-05-16 18:17 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-16 18:17 . 2009-05-20 08:46 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-16 18:17 . 2009-05-17 11:41 -------- d-----w c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-05-16 18:17 . 2009-05-16 18:17 -------- d-----w c:\program files\AVG
2009-05-16 18:17 . 2009-05-16 18:17 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-10 13:32 . 2009-05-10 13:33 -------- d-----w C:\xpcd
2009-05-01 18:24 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-01 18:23 . 2008-04-11 18:50 683520 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-05-01 18:21 . 2008-05-01 14:30 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-05-01 18:19 . 2008-10-03 10:15 247326 -c----w c:\windows\system32\dllcache\strmdll.dll
2009-05-01 18:17 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-30 18:37 . 2009-05-01 18:24 -------- d-----w c:\program files\trend micro
2009-04-30 18:37 . 2009-04-30 18:38 -------- d-----w C:\rsit
2009-04-29 21:00 . 2009-04-29 21:00 59056 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 19:46 . 2009-04-28 19:45 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-28 19:44 . 2009-04-28 19:46 -------- d-----w c:\documents and settings\Owner\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 18:34 . 2008-01-21 20:27 -------- d-----w c:\program files\Eset
2009-05-13 19:57 . 2009-03-07 07:45 1272 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-05-10 12:31 . 2009-03-10 12:49 1324 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-04 19:57 . 2008-01-22 00:01 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-19 19:27 . 2009-04-19 19:27 -------- d-----w c:\program files\microsoft money 2005
2009-04-19 19:09 . 2009-04-19 19:09 -------- d-----w c:\program files\WinAVIVideoConverter
2009-04-19 19:05 . 2008-01-27 19:22 -------- d-----w c:\program files\DivX
2009-04-19 19:04 . 2009-04-19 19:04 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-19 18:52 . 2009-01-20 21:48 -------- d-----w c:\program files\Xvid
2009-04-18 08:59 . 2009-04-18 08:59 -------- d-----w c:\program files\JavaFX
2009-04-18 08:58 . 2009-04-18 08:58 -------- d-----w c:\program files\Sun
2009-04-18 08:57 . 2009-04-18 08:58 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-18 08:56 . 2008-06-23 20:50 -------- d-----w c:\program files\Java
2009-04-15 20:25 . 2009-04-19 19:05 9464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-04-15 20:25 . 2009-04-19 19:05 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-04-15 20:25 . 2009-04-19 19:05 129784 ------w c:\windows\system32\pxafs.dll
2009-04-15 20:25 . 2009-04-19 19:05 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2009-04-19 19:05 118520 ------w c:\windows\system32\pxinsi64.exe
2009-04-15 20:25 . 2005-04-25 10:03 43528 ------w c:\windows\system32\drivers\pxhelp20.sys
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll
2009-04-11 18:03 . 2009-04-11 18:03 -------- d-----w c:\program files\CCleaner
2009-04-11 10:58 . 2009-04-11 10:58 563 ----a-w c:\program files\Shortcut to Malwarebytes' Anti-Malware.lnk
2009-04-07 09:04 . 2009-04-07 08:52 28725 ------w c:\windows\hpoins03.dat
2009-04-07 08:27 . 2009-04-07 08:27 -------- d-----w c:\program files\SonicWallES
2009-04-06 09:21 . 2009-04-06 09:15 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-06 09:08 . 2009-04-06 09:08 -------- d-----w c:\program files\Zone Labs
2009-04-02 19:48 . 2009-03-26 21:24 -------- d-----w c:\program files\SpywareBlaster
2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
2009-03-29 16:20 . 2008-01-26 17:58 -------- d-----w c:\program files\VSO
2009-03-24 21:13 . 2008-01-24 22:29 -------- d-----w c:\program files\PCDR5
2009-03-22 19:32 . 2009-03-22 19:32 -------- d-----w c:\program files\GrabIt
2009-03-22 16:57 . 2009-03-07 04:39 76487 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-03-22 16:46 . 2009-03-22 16:46 0 ----atw c:\windows\001008_.tmp
2009-03-22 15:53 . 2009-03-22 15:53 0 ----atw c:\windows\003325_.tmp
2009-03-22 15:42 . 2009-03-22 15:42 -------- d-----w c:\program files\Bit Che
2009-03-22 15:20 . 2009-03-07 08:05 59056 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-22 15:18 . 2009-03-22 15:16 -------- d-----w c:\program files\Common Files\Ahead
2009-03-22 15:16 . 2009-03-21 18:27 -------- d-----w c:\program files\Nero
2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\tbdbj5r3.dat
2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\zfdb7h79.dat
2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\xjjnv1fd.dat
2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\gz9rlvd7.dat
2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\bpzvlflf.dat
2009-03-11 21:06 . 2009-03-11 21:06 0 ----a-w c:\windows\nsreg.dat
2009-03-10 21:50 . 2009-03-10 21:50 128 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2009-03-09 20:42 . 2002-08-29 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-09 20:41 . 2009-03-07 04:37 23388 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-07 19:30 . 2009-03-07 19:30 17801 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-07 13:18 . 2009-03-07 13:18 30144 ----a-w c:\windows\system32\drivers\psadd.sys
2009-03-07 04:40 . 2009-03-22 15:55 558142 ----a-w c:\windows\java\Packages\8db9jvpz.zip
2009-03-07 04:40 . 2009-03-22 15:55 155995 ----a-w c:\windows\java\Packages\lv1fdz33.zip
2009-03-06 14:44 . 2002-08-29 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-05 23:59 . 2009-03-18 23:05 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-05 23:59 . 2009-03-18 23:05 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-02-20 08:30 . 2009-03-10 12:41 81920 ------w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2002-08-29 12:00 659456 ----a-w c:\windows\system32\wininet.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-05-18_19.08.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-20 19:43 . 2009-05-20 19:43 16384 c:\windows\temp\Perflib_Perfdata_124.dat
+ 2002-08-29 12:00 . 2004-08-04 00:56 14336 c:\windows\system32\dllcache\svchost.exe
+ 2002-08-29 12:00 . 2005-06-11 00:17 57856 c:\windows\system32\dllcache\spoolsv.exe
+ 2002-08-29 12:00 . 2004-08-04 00:56 13312 c:\windows\system32\dllcache\lsass.exe
+ 2009-03-10 12:41 . 2004-08-03 23:00 29056 c:\windows\system32\dllcache\ip6fw.sys
+ 2002-08-29 12:00 . 2004-08-04 00:56 502272 c:\windows\system32\dllcache\winlogon.exe
+ 2002-08-29 12:00 . 2004-08-04 00:56 1032192 c:\windows\system32\dllcache\explorer.exe
+ 2009-03-07 15:51 . 2009-05-06 23:16 24699336 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-07 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-08-21 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-07-26 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-07-26 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-16 18:17 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/05/2009 19:17 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/05/2009 19:17 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/05/2009 19:17 298776]
R2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BACS\BPowMon.exe [13/04/2005 01:52 65536]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S2 VMwareService;VMwareService;"c:\windows\system\VMwareService.exe" --> c:\windows\system\VMwareService.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-03-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1x1e23du.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 20:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1656)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-05-20 20:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-20 19:46
ComboFix2.txt 2009-05-18 19:38
ComboFix3.txt 2009-05-18 19:13
ComboFix4.txt 2009-05-10 14:25
ComboFix5.txt 2009-05-20 19:38

Pre-Run: 116,472,795,136 bytes free
Post-Run: 116,472,791,040 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

247 --- E O F --- 2009-05-20 19:25

You did fine. Are you seeing any improvement in the running of your machine? Can you tell me briefly of any problems which are still occurring?

yes, seems to be running quicker and no probs with the web browser, still getting a few application failed to initialise when opening some progs. but yes seems a lot better although not been on it for any length of time just to follow your instructions mostly. anything else you would like me to do.

I'm looking over it now and will get back to you. I needed to know how we were coming along.

We still have a little bit to do although things are definitely looking better:


Special ComboFix script made for this computer only

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs including TeaTimer if you have it so they do not interfere with the running of ComboFix. Instructions for doing so are located here

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Along with the ComboFix log please run HJT and post the log it produces. I also need any information on what programs are failing to initialize and exactly what the message says if possible.

all the programmes i tried seem to be opening now if i come across any that wont i will let you no, here are the two logs you asked for

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28:32, on 22/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Broadcom\BACS\BPowMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BACS\BPowMon.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: VMwareService - Unknown owner - C:\WINDOWS\system\VMwareService.exe (file missing)

--
End of file - 6694 bytes


ComboFix 09-05-22.04 - Owner 22/05/2009 22:32.10 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2558.2141 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\001008_.tmp
c:\windows\003325_.tmp
c:\windows\system32\drivers :#:
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\001008_.tmp
c:\windows\003325_.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AMD64SI
-------\Service_amd64si


((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-20 08:45 . 2009-05-16 18:17 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-20 08:45 . 2009-05-16 18:17 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-20 08:45 . 2009-05-16 18:17 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-18 19:32 . 2009-05-18 19:38 -------- d-----w C:\Combo-Fix
2009-05-16 18:17 . 2009-05-16 18:17 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-16 18:17 . 2009-05-16 18:17 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-16 18:17 . 2009-05-16 18:17 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-16 18:17 . 2009-05-16 18:17 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-16 18:17 . 2009-05-22 12:33 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-16 18:17 . 2009-05-17 11:41 -------- d-----w c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-05-16 18:17 . 2009-05-16 18:17 -------- d-----w c:\program files\AVG
2009-05-16 18:17 . 2009-05-16 18:17 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-10 13:32 . 2009-05-10 13:33 -------- d-----w C:\xpcd
2009-05-01 18:24 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-01 18:23 . 2008-04-11 18:50 683520 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-05-01 18:21 . 2008-05-01 14:30 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-05-01 18:19 . 2008-10-03 10:15 247326 -c----w c:\windows\system32\dllcache\strmdll.dll
2009-05-01 18:17 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-30 18:37 . 2009-05-01 18:24 -------- d-----w c:\program files\trend micro
2009-04-30 18:37 . 2009-04-30 18:38 -------- d-----w C:\rsit
2009-04-28 19:46 . 2009-04-28 19:45 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-28 19:44 . 2009-04-28 19:46 -------- d-----w c:\documents and settings\Owner\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 09:32 . 2009-03-07 08:04 -------- d-----w c:\documents and settings\Owner\Application Data\Vso
2009-05-16 18:34 . 2008-01-21 20:27 -------- d-----w c:\program files\Eset
2009-05-13 19:57 . 2009-03-07 07:45 1272 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-05-10 12:31 . 2009-03-10 12:49 1324 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-04 19:57 . 2008-01-22 00:01 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-20 18:17 . 2009-04-20 18:17 -------- d-----w c:\documents and settings\Owner\Application Data\DivX
2009-04-19 19:27 . 2009-04-19 19:27 -------- d-----w c:\program files\microsoft money 2005
2009-04-19 19:09 . 2009-04-19 19:09 -------- d-----w c:\program files\WinAVIVideoConverter
2009-04-19 19:05 . 2008-01-27 19:22 -------- d-----w c:\program files\DivX
2009-04-19 19:04 . 2009-04-19 19:04 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-19 18:52 . 2009-01-20 21:48 -------- d-----w c:\program files\Xvid
2009-04-18 08:59 . 2009-04-18 08:59 -------- d-----w c:\program files\JavaFX
2009-04-18 08:58 . 2009-04-18 08:58 -------- d-----w c:\program files\Sun
2009-04-18 08:57 . 2009-04-18 08:58 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-18 08:56 . 2008-06-23 20:50 -------- d-----w c:\program files\Java
2009-04-15 20:25 . 2009-04-19 19:05 9464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-04-15 20:25 . 2009-04-19 19:05 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-04-15 20:25 . 2009-04-19 19:05 129784 ------w c:\windows\system32\pxafs.dll
2009-04-15 20:25 . 2009-04-19 19:05 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2009-04-19 19:05 118520 ------w c:\windows\system32\pxinsi64.exe
2009-04-15 20:25 . 2005-04-25 10:03 43528 ------w c:\windows\system32\drivers\pxhelp20.sys
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll
2009-04-11 22:57 . 2009-04-11 22:57 -------- d-----w c:\documents and settings\All Users\Application Data\vsosdk
2009-04-11 21:26 . 2009-03-26 21:28 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-11 20:45 . 2009-03-07 13:32 -------- d-----w c:\documents and settings\All Users\Application Data\PCDr
2009-04-11 18:03 . 2009-04-11 18:03 -------- d-----w c:\program files\CCleaner
2009-04-11 10:58 . 2009-04-11 10:58 563 ----a-w c:\program files\Shortcut to Malwarebytes' Anti-Malware.lnk
2009-04-10 17:35 . 2009-04-10 17:35 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-04-07 09:04 . 2009-04-07 08:52 28725 ------w c:\windows\hpoins03.dat
2009-04-07 08:27 . 2009-04-07 08:27 -------- d-----w c:\program files\SonicWallES
2009-04-06 09:21 . 2009-04-06 09:15 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-06 09:08 . 2009-04-06 09:08 -------- d-----w c:\program files\Zone Labs
2009-04-02 19:48 . 2009-03-26 21:24 -------- d-----w c:\program files\SpywareBlaster
2009-04-02 19:47 . 2009-03-26 21:22 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
2009-03-29 16:20 . 2008-01-26 17:58 -------- d-----w c:\program files\VSO
2009-03-26 21:13 . 2009-03-22 15:19 -------- d-----w c:\documents and settings\Owner\Application Data\Ahead
2009-03-26 20:59 . 2009-03-22 15:18 -------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-03-24 21:13 . 2008-01-24 22:29 -------- d-----w c:\program files\PCDR5
2009-03-22 16:57 . 2009-03-07 04:39 76487 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-03-22 15:20 . 2009-03-07 08:05 59056 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\tbdbj5r3.dat
2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\zfdb7h79.dat
2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\xjjnv1fd.dat
2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\gz9rlvd7.dat
2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\bpzvlflf.dat
2009-03-12 21:18 . 2009-03-12 21:18 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2009-03-11 21:06 . 2009-03-11 21:06 0 ----a-w c:\windows\nsreg.dat
2009-03-10 21:50 . 2009-03-10 21:50 128 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2009-03-09 20:41 . 2009-03-07 04:37 23388 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-07 19:30 . 2009-03-07 19:30 17801 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-07 13:18 . 2009-03-07 13:18 30144 ----a-w c:\windows\system32\drivers\psadd.sys
2009-03-07 04:40 . 2009-03-22 15:55 558142 ----a-w c:\windows\java\Packages\8db9jvpz.zip
2009-03-07 04:40 . 2009-03-22 15:55 155995 ----a-w c:\windows\java\Packages\lv1fdz33.zip
2009-03-06 14:44 . 2002-08-29 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-05 23:59 . 2009-03-18 23:05 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-05 23:59 . 2009-03-18 23:05 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-05-18_19.08.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-22 21:35 . 2009-05-22 21:35 16384 c:\windows\temp\Perflib_Perfdata_68c.dat
+ 2002-08-29 12:00 . 2004-08-04 00:56 14336 c:\windows\system32\svchost.exe
+ 2002-08-29 12:00 . 2005-06-11 00:17 57856 c:\windows\system32\spoolsv.exe
+ 2002-08-29 12:00 . 2004-08-04 00:56 13312 c:\windows\system32\lsass.exe
+ 2002-08-29 12:00 . 2004-08-04 00:56 14336 c:\windows\system32\dllcache\svchost.exe
+ 2002-08-29 12:00 . 2005-06-11 00:17 57856 c:\windows\system32\dllcache\spoolsv.exe
+ 2002-08-29 12:00 . 2004-08-04 00:56 13312 c:\windows\system32\dllcache\lsass.exe
+ 2009-03-10 12:41 . 2004-08-03 23:00 29056 c:\windows\system32\dllcache\ip6fw.sys
- 2009-05-01 18:39 . 2008-04-14 00:12 14336 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe
- 2009-05-01 18:39 . 2008-04-14 00:12 57856 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe
- 2009-05-01 18:38 . 2008-04-14 00:12 13312 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe
+ 2002-08-29 12:00 . 2004-08-04 00:56 502272 c:\windows\system32\winlogon.exe
+ 2002-08-29 12:00 . 2004-08-04 00:56 502272 c:\windows\system32\dllcache\winlogon.exe
+ 2002-08-29 12:00 . 2004-08-04 00:56 1032192 c:\windows\system32\dllcache\explorer.exe
+ 2002-08-29 12:00 . 2004-08-04 00:56 1032192 c:\windows\explorer.exe
+ 2009-03-07 15:51 . 2009-05-06 23:16 24699336 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-07 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-08-21 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-07-26 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-07-26 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-16 18:17 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/05/2009 19:17 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/05/2009 19:17 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/05/2009 19:17 298776]
R2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BACS\BPowMon.exe [13/04/2005 01:52 65536]
S2 VMwareService;VMwareService;"c:\windows\system\VMwareService.exe" --> c:\windows\system\VMwareService.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-03-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1x1e23du.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 22:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3956)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-05-22 22:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-22 21:39
ComboFix2.txt 2009-05-20 20:08
ComboFix3.txt 2009-05-20 19:46
ComboFix4.txt 2009-05-18 19:38
ComboFix5.txt 2009-05-22 21:30

Pre-Run: 116,363,186,176 bytes free
Post-Run: 116,330,893,312 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

235 --- E O F --- 2009-05-20 19:25