BleepingComputer.com: Problems with IE search engines bringing me to random sites

From reading your forum i seem to be having some of the same problems "rjcarrillo1911" has, when performing internet searches (using IE and Yahoo ) I search for something and Yahoo will give me a list of results. Then, when I click on the link for a performed search, I am brought to a random website...not the one that was listed. Also, I am having problems running anti-spyware / malware programs also. i have Spybot , spywerablaster,PC-Guard AV & AS and as of today Ad-Aware. Spybot will not run at all only testimer icon is showing, PC-guard finds nothing as did Ad-Aware. I did find OD2MediaBar_VistaFileManager running in task manager which i belive is a malware but no way of removing it. Please can you help

I did try to run a Kaspersky scan but i kept getting a error saying i need to be online to update which at the time i was

DSS Log -



DDS (Ver_09-06-26.01) - NTFSx86
Run by People at 0:38:37.09 on 30/06/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3582.1787 [GMT 1:00]

AV: PCguard Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: PCguard Anti-Spyware *enabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
FW: PCguard Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ASUS\AASP\1.00.25\aaCenter.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\RPS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\People\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
uStart Page = hxxp://uk.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://uk.yahoo.com/?fr=fp-yie8
mDefault_Search_URL = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
mSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn13\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn13\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\virgin broadband\pcguard\pkR.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn13\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn13\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [IndexCleaner] "c:\program files\virgin broadband\pcguard\IdxClnR.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [lxdimon.exe] "c:\program files\lexmark 3500-4500 series\lxdimon.exe"
mRun: [lxdiamon] "c:\program files\lexmark 3500-4500 series\lxdiamon.exe"
mRun: [FaxCenterServer] "c:\program files\\lexmark fax solutions\fm3032.exe" /s
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MediaBarFileManager] c:\program files\on demand distribution\od2 music manager\OD2MediaBar_VistaFileManager.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
mRun: [PCguard] "c:\program files\virgin broadband\pcguard\Rps.exe"
mRun: [-FreedomNeedsReboot] "c:\program files\virgin broadband\pcguard\ZkRunOnceR.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\users\people\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~3.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - hxxps://www.coolroom.com/ActiveX/ax.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - hxxp://www.gomusic.ru/cabs/xdownloader.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://webgames.d.tmsrv.com/c=befff92398be1f2887f000b540f3502c/aff=t_25oa_ukca_wg/p/release/popcap/wg_bejeweled2/popcaploader_v6.cab
TCP: NameServer = 85.255.112.105,85.255.112.21
TCP: {EFDA781A-5DCD-4117-97B0-3C57DD2D7D63} = 85.255.112.105,85.255.112.21
TCP: {F35796F6-A96A-47AF-AE40-D9636D44117F} = 85.255.112.105,85.255.112.21
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-29 64160]
R0 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2008-1-26 132128]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-19 921936]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-6-11 99248]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2008-7-21 193888]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-23 210216]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-2-9 1153368]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1-15 15360]
S2 gupdate1c992197b3c770;Google Update Service (gupdate1c992197b3c770);c:\program files\google\update\GoogleUpdate.exe [2009-2-18 133104]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-25 33752]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\windows\system32\dllhost.exe [2006-11-2 7168]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 335872]
S4 ioatdma;Intel® QuickData Technology Device;c:\windows\system32\drivers\ioatdma.sys [2007-10-10 36744]
S4 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2007-10-10 34176]
S4 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2007-10-10 28800]
S4 Si3132r5;SiI-3132 SoftRaid 5 Controller;c:\windows\system32\drivers\Si3132r5.sys [2007-10-10 215856]
S4 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2007-10-10 210224]

=============== Created Last 30 ================

2009-06-29 23:11 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-29 23:10 <DIR> -cd-h--- c:\programdata\{2BAE6915-8510-4B9F-B498-02DA86258AA0}
2009-06-29 23:10 <DIR> -cd-h--- c:\progra~2\{2BAE6915-8510-4B9F-B498-02DA86258AA0}
2009-06-29 23:10 <DIR> --d----- c:\program files\Lavasoft
2009-06-29 19:13 <DIR> --d----- c:\users\people\appdata\roaming\IObit
2009-06-29 18:48 10,067 a------- c:\windows\msvrc20.dll
2009-06-29 18:48 <DIR> --d----- c:\program files\IObit
2009-06-29 17:57 <DIR> --d----- c:\program files\DVDConv
2009-06-28 19:32 <DIR> --d----- c:\programdata\App4rTemp
2009-06-28 19:32 <DIR> --d----- c:\progra~2\App4rTemp
2009-06-28 09:50 538,624 a------- c:\windows\system32\ac3filter.acm
2009-06-28 09:50 <DIR> --d----- c:\program files\AC3Filter
2009-06-28 00:00 87,608 a------- c:\users\people\appdata\roaming\inst.exe
2009-06-28 00:00 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-06-28 00:00 47,360 a------- c:\users\people\appdata\roaming\pcouffin.sys
2009-06-28 00:00 217,127 a------- c:\windows\system32\drv43260.dll
2009-06-28 00:00 208,935 a------- c:\windows\system32\drv33260.dll
2009-06-28 00:00 176,165 a------- c:\windows\system32\drv23260.dll
2009-06-28 00:00 102,439 a------- c:\windows\system32\sipr3260.dll
2009-06-28 00:00 65,602 a------- c:\windows\system32\cook3260.dll
2009-06-28 00:00 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-06-28 00:00 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-06-28 00:00 <DIR> --d----- c:\program files\VSO
2009-06-27 22:45 1,000,744 a------- c:\windows\system32\ShellManager10E2D762.dll
2009-06-27 22:45 648,192 a------- c:\windows\system32\NEROINSTAEC43759.DB
2009-06-27 21:37 <DIR> --d----- c:\program files\Nero
2009-06-27 21:10 815,104 a------- c:\windows\system32\xvidcore.dll
2009-06-27 21:10 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-06-27 21:10 77,824 a------- c:\windows\system32\xvid.ax
2009-06-27 21:10 <DIR> --d----- c:\program files\Xvid
2009-06-24 19:03 <DIR> --d----- c:\windows\system32\eu-ES
2009-06-24 19:03 <DIR> --d----- c:\windows\system32\ca-ES
2009-06-24 19:03 <DIR> --d----- c:\windows\system32\vi-VN
2009-06-24 18:20 <DIR> --d----- c:\windows\system32\EventProviders
2009-06-24 18:18 978,944 a------- c:\windows\system32\crypt32.dll
2009-06-24 18:17 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-06-24 18:17 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-06-24 18:17 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-06-24 18:17 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-06-24 18:17 744,448 a------- c:\windows\system32\wbem\wbemcore.dll
2009-06-24 18:17 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-06-24 18:17 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-06-24 18:17 705,536 a------- c:\windows\system32\SmiEngine.dll
2009-06-24 18:17 218,624 a------- c:\windows\system32\wdscore.dll
2009-06-24 18:17 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-06-24 18:17 247,808 a------- c:\windows\system32\drvstore.dll
2009-06-16 18:44 <DIR> --d----- C:\Downloads Done
2009-06-12 18:01 <DIR> --d----- c:\users\people\Tracing
2009-06-12 17:55 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-06-12 17:49 <DIR> --d----- c:\program files\common files\Windows Live
2009-06-11 07:19 2,034,688 a------- c:\windows\system32\win32k.sys
2009-06-11 07:19 623,616 a------- c:\windows\system32\localspl.dll
2009-06-11 07:18 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-04 18:17 <DIR> --d----- c:\program files\iPod
2009-06-04 18:17 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================

2009-06-28 00:01 239,616 a------- c:\windows\inf\infstrng.dat
2009-06-28 00:01 86,016 a------- c:\windows\inf\infpub.dat
2009-06-28 00:01 143,360 a------- c:\windows\inf\infstor.dat
2009-06-24 19:03 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-09 06:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 06:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-09 01:14 1,418,120 a------- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 01:14 14,736 a------- c:\windows\system32\drivers\nuidfltr.sys
2009-04-11 07:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-11 07:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-11 07:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-11 07:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-11 07:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-11 07:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-11 07:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-11 07:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-11 07:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-11 07:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-11 07:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-11 07:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-11 07:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-11 07:27 627,200 a------- c:\windows\system32\sethc.exe
2009-04-11 07:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-11 07:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-11 06:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 06:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 05:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-11 05:54 2,048 a------- c:\windows\system32\mferror.dll
2009-04-11 05:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-11 05:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-11 05:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-11 05:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-11 02:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2009-03-16 19:31 53,360 a------- c:\users\people\appdata\roaming\GDIPFONTCACHEV1.DAT
2008-03-19 21:09 174 a--sh--- c:\program files\desktop.ini
2008-01-01 15:46 22,328 a------- c:\users\people\appdata\roaming\PnkBstrK.sys
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:39:34.92 ===============

Hello Rekick,


Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

***************

Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Thank you for the reply

i've downloaded and run Security Check by screen317 with no problems, but in trying to run Malwarebytes' Anti-Malware all i get is "Malwarebytes encountered a problem and stopped working"

both Security Check & a new Hijackthis log below

Results of screen317's Security Check version 0.98.4
Windows Vista Service Pack 2
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````
Windows Firewall Enabled!
PCPitstopPandaAntiVirusScan(removeonly)
RPSAntiVirus
AuthentiumAntiVirusSDK-2
RPSFirewall
NortonSpywareScanprovidedbyYahoo!
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````
Out of date Spybot installed!
CA Yahoo! Anti-Spy (remove only)
Norton Spyware Scan provided by Yahoo!
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.2
Spybot - Search & Destroy
RPS AntiSpyware
McAfee SiteAdvisor
HijackThis 2.0.2
Java™ 6 Update 14
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
Windows Defender MSASCui.exe
Windows Defender MsMpEng.exe is disabled!
Spybot SDHelper is disabled!
Spybot - Search & Destroy TeaTimer.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````
GREAT! (Very random)

Scan took 3615 seconds.
`````````End of Log```````````


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:38:02, on 02/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.25\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\RPS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Hijack.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MediaBarFileManager] C:\Program Files\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - https://www.coolroom.com/ActiveX/ax.dll
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll
O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - http://www.gomusic.ru/cabs/xdownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://webgames.d.tmsrv.com/c=befff92398be...aploader_v6.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFDA781A-5DCD-4117-97B0-3C57DD2D7D63}: NameServer = 85.255.112.105,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{F35796F6-A96A-47AF-AE40-D9636D44117F}: NameServer = 85.255.112.105,85.255.112.21
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.105,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.105,85.255.112.21
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c992197b3c770) (gupdate1c992197b3c770) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15011 bytes

Hi Rekick,

I (as well as MicroSoft, McAfee and Symantec) recommend that you DO NOT have more than one anti virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection.

In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove all but one of these (only one antivirus should be one your computer).
PCPitstopPanda AntiVirusScan
RPS AntiVirus
Authentium AntiVirusSDK


Spybot - Search & Destroy 1.5.2.20 is an ancient version so uninstall it.
Please download, update and run
Spybot 1.6.2


We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

• Open Windows Defender.
  
• Click on Tools, General Settings.
  
• Scroll down and uncheck Turn on real-time protection (recommended).
  
• After you uncheck this, click on the Save button and close Windows Defender.

After all of the fixes are complete it is very important that you enable Real-time Protection again.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent some things from being fixed.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

* Open Spybot Search & Destroy.
* In the Mode menu click "Advanced mode" if not already selected.
* Choose "Yes" at the Warning prompt.
* Expand the "Tools" menu.
* Click "Resident".
* Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
* In the File menu click "Exit" to exit Spybot Search & Destroy.



If MBAM will not install, please rename the installer mbam-setup.exe. Example: newtool.exe
Proceed installing the renamed installer of MBAM.

If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtool.exe, double click newtool.exe to proceed in running a Quick scan.

Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

This post has been edited by SifuMike: 02 July 2009 - 10:12 AM

hi and thanks for replying again

i was not awhere i had the other AV installed on this PC i thought i only had PC-Guard ( which i think is RPS AntiVirus ) which comes with firewall and Anti-spy. i could not find Authentium AntiVirusSDK in my uninstall list or in my program files?

im also not sure why Spybot is showing up as 1.5V as i update spybot once a week ( i have a 15 son that works on this PC sometimes ) and i thought i updated it to 1.6.2V

anyway i've unstalled the spybot i had install but i am now not able download the new one from the link you have supplied. I've try just typing the address in but all i get is "Internet Explorer cannot display the webpage" from both.

i had to rename both MBAM files to get it to install and run, but on trying to update MBAM all i got was a error code "Error 732 (0,0)" but i did run a scan anyway as requested.

MBAM report

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 6.0.6002 Service Pack 2

02/07/2009 19:16:00
mbam-log-2009-07-02 (19-16-00).txt

Scan type: Quick Scan
Objects scanned: 84273
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 9
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DVDConv (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDConv (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.105,85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{efda781a-5dcd-4117-97b0-3c57dd2d7d63}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.105,85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f35796f6-a96a-47af-ae40-d9636d44117f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.105,85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.105,85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{efda781a-5dcd-4117-97b0-3c57dd2d7d63}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.105,85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f35796f6-a96a-47af-ae40-d9636d44117f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.105,85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.105,85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{efda781a-5dcd-4117-97b0-3c57dd2d7d63}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.105,85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f35796f6-a96a-47af-ae40-d9636d44117f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.105,85.255.112.21 -> Quarantined and deleted successfully.

Folders Infected:
c:\Users\People\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDConv (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\DVDConv (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\People\AppData\Roaming\microsoft\Windows\start menu\Programs\DVDConv\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\program files\DVDConv\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\MSIVXcount (Trojan.Agent) -> Delete on reboot.


HijackThis Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:20, on 02/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.25\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\RPS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\Hijack.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - https://www.coolroom.com/ActiveX/ax.dll
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll
O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - http://www.gomusic.ru/cabs/xdownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://webgames.d.tmsrv.com/c=befff92398be...aploader_v6.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c992197b3c770) (gupdate1c992197b3c770) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13365 bytes

Hi Rekick,

To manually download Malwarebytes udates, go here http://malwarebytes.gt500.org/mbam-rules.exe and just double-click on mbam-rules.exe to install.

After it is updated (latest is Database 2363), then run anther quick scan and post the log.

hi again

Sorry i thought i would try to update MBAM after i ran it for the first time and it removed someitems and it work

So i ran a scan again new report and hijackthis logs below

Malwarebytes' Anti-Malware 1.38
Database version: 2365
Windows 6.0.6002 Service Pack 2

02/07/2009 20:04:45
mbam-log-2009-07-02 (20-04-45).txt

Scan type: Quick Scan
Objects scanned: 86386
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\MSIVXcount (Trojan.Agent) -> Delete on reboot.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:42, on 02/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.25\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\RPS.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Trend Micro\HijackThis\Hijack.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - https://www.coolroom.com/ActiveX/ax.dll
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll
O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - http://www.gomusic.ru/cabs/xdownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://webgames.d.tmsrv.com/c=befff92398be...aploader_v6.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c992197b3c770) (gupdate1c992197b3c770) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13516 bytes

Hi Rekick,

Looks like you are still infected so we will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your PCguard Anti-Virus, Windows Defender, Ad-Watch and Spybot Teatimer before running ComboFix, as they will prevent it from running.


Disable Ad-Watch to make sure it won't interfere fixing.

Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your computer is clean.

* Open Spybot Search & Destroy.
* In the Mode menu click "Advanced mode" if not already selected.
* Choose "Yes" at the Warning prompt.
* Expand the "Tools" menu.
* Click "Resident".
* Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
* In the File menu click "Exit" to exit Spybot Search & Destroy.

To disable Windows Defender:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.




Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop..
Post the log from ComboFix in your next reply,

A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

This post has been edited by SifuMike: 02 July 2009 - 02:29 PM

hi thanks again for replying

Combofix log as requested

ComboFix 09-07-01.04 - People 02/07/2009 20:49.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3582.2427 [GMT 1:00]
Running from: c:\users\People\Desktop\Combo-Fix.exe
AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: PCguard Anti-Spyware *disabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\People\AppData\Roaming\inst.exe
c:\windows\msvrc20.dll
c:\windows\system32\drivers\MSIVXvvtrutglqtqfunhiqufslibsceaxyevg.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXjfdckwmsnbyueichdmfxmksgvhjnhqnh.dll
c:\windows\system32\MSIVXxarrwlejodjexxddcdppgmpcjnoyyjvj.dll
J:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-07-02 18:07 . 2009-07-02 18:07 -------- d-----w- c:\users\People\AppData\Roaming\Malwarebytes
2009-07-02 18:05 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-02 18:05 . 2009-07-02 18:05 -------- d-----w- c:\programdata\Malwarebytes
2009-07-02 18:05 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-02 06:36 . 2009-07-02 18:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-01 21:08 . 2009-07-01 21:08 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-06-30 19:29 . 2009-06-30 19:29 -------- d-----w- c:\program files\Trend Micro
2009-06-30 19:02 . 2009-06-30 19:02 -------- d-----w- c:\windows\BDOSCAN8
2009-06-30 18:56 . 2009-06-30 18:56 -------- d-----w- c:\programdata\PCPitstop
2009-06-30 18:51 . 2009-07-02 17:07 -------- d-----w- c:\program files\PCPitstop
2009-06-30 17:41 . 2009-06-30 17:40 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-29 18:13 . 2009-06-29 18:24 -------- d-----w- c:\users\People\AppData\Roaming\IObit
2009-06-28 18:32 . 2009-06-28 18:32 -------- d-----w- c:\programdata\App4rTemp
2009-06-28 08:50 . 2009-06-28 08:50 -------- d-----w- c:\program files\AC3Filter
2009-06-27 23:00 . 2009-06-27 23:00 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-06-27 23:00 . 2009-06-27 23:00 47360 ----a-w- c:\users\People\AppData\Roaming\pcouffin.sys
2009-06-27 23:00 . 2009-06-28 09:07 -------- d-----w- c:\users\People\AppData\Roaming\Vso
2009-06-27 23:00 . 2007-03-18 20:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-06-27 23:00 . 2006-09-29 12:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-06-27 23:00 . 2006-09-29 12:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-06-27 23:00 . 2006-09-29 12:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-06-27 23:00 . 2002-12-10 02:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-06-27 23:00 . 2006-05-20 16:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-06-27 23:00 . 2006-05-11 19:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-06-27 23:00 . 2009-06-27 23:00 -------- d-----w- c:\program files\VSO
2009-06-27 21:45 . 2008-05-14 08:34 1000744 ----a-w- c:\windows\system32\ShellManager10E2D762.dll
2009-06-27 20:37 . 2009-06-27 20:37 -------- d-----w- c:\program files\Nero
2009-06-27 20:10 . 2009-06-27 20:10 -------- d-----w- c:\program files\Xvid
2009-06-27 20:10 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-27 20:10 . 2008-12-04 20:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2009-06-24 18:03 . 2009-06-24 18:04 -------- d-----w- c:\windows\system32\ca-ES
2009-06-24 18:03 . 2009-06-24 18:04 -------- d-----w- c:\windows\system32\eu-ES
2009-06-24 18:03 . 2009-06-24 18:04 -------- d-----w- c:\windows\system32\vi-VN
2009-06-24 17:20 . 2009-06-24 17:20 -------- d-----w- c:\windows\system32\EventProviders
2009-06-24 17:18 . 2009-04-11 06:28 754688 ----a-w- c:\windows\system32\propsys.dll
2009-06-24 17:17 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-06-24 17:17 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-06-24 17:17 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-06-24 17:17 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-06-24 17:17 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-06-24 17:17 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-06-24 17:17 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-06-24 17:17 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-06-24 17:17 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-06-24 17:17 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-06-24 17:17 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-06-22 17:17 . 2009-06-22 17:17 -------- d-----w- c:\users\People\AppData\Local\Yahoo
2009-06-19 16:22 . 2009-05-26 20:50 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-06-16 17:44 . 2009-06-29 19:07 -------- d-----w- C:\Downloads Done
2009-06-12 17:01 . 2009-06-12 17:01 -------- d-----w- c:\users\People\Tracing
2009-06-12 16:55 . 2009-06-12 16:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-12 16:49 . 2009-06-12 16:49 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-11 06:40 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-11 06:40 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-11 06:19 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 06:19 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-11 06:18 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-04 17:17 . 2009-06-04 17:17 -------- d-----w- c:\program files\iPod
2009-06-04 17:17 . 2009-06-04 17:17 -------- d-----w- c:\program files\iTunes
2009-06-04 17:15 . 2009-06-04 17:16 -------- d-----w- c:\program files\QuickTime
2009-06-04 17:11 . 2009-06-04 17:11 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 19:46 . 2007-12-27 18:19 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-02 17:35 . 2007-10-12 20:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-02 17:31 . 2007-10-12 20:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-02 17:08 . 2007-10-11 14:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 17:03 . 2008-05-17 21:00 -------- d-----w- c:\programdata\Google Updater
2009-07-01 21:07 . 2007-10-12 20:45 -------- d-----w- c:\programdata\Yahoo! Companion
2009-07-01 18:09 . 2007-10-20 18:35 -------- d-----w- c:\program files\SpywareBlaster
2009-06-30 17:44 . 2007-11-20 18:17 -------- d-----w- c:\program files\Java
2009-06-29 22:10 . 2007-10-16 19:45 -------- d-----w- c:\programdata\Lavasoft
2009-06-29 21:04 . 2009-01-25 16:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-28 18:53 . 2008-01-05 13:33 -------- d-----w- c:\programdata\lx_cats
2009-06-28 08:31 . 2007-10-23 20:35 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-27 21:40 . 2007-11-03 13:55 -------- d-----w- c:\programdata\Ahead
2009-06-25 16:46 . 2009-04-10 10:27 -------- d-----w- c:\program files\Safari
2009-06-24 19:17 . 2008-09-23 18:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SACore
2009-06-24 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-24 18:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-24 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-24 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-24 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-24 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-24 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-24 18:03 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-20 14:13 . 2008-11-24 19:46 -------- d-----w- c:\users\People\AppData\Roaming\Apple Computer
2009-06-19 16:22 . 2007-10-12 22:17 -------- d-----w- c:\programdata\Yahoo!
2009-06-16 12:00 . 2008-10-25 11:26 -------- d-----w- c:\users\People\AppData\Roaming\Bioshock
2009-06-12 16:58 . 2007-10-18 17:37 -------- d-----w- c:\program files\Windows Live
2009-06-12 16:56 . 2009-02-04 18:09 -------- d-----w- c:\program files\Microsoft
2009-06-04 17:17 . 2008-11-24 19:42 -------- d-----w- c:\program files\Common Files\Apple
2009-05-29 12:36 . 2009-05-29 12:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 12:36 . 2009-05-29 12:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-19 12:08 . 2008-05-17 21:00 -------- d-----w- c:\program files\Google
2009-05-16 08:28 . 2008-09-23 18:22 -------- d-----w- c:\program files\McAfee
2009-05-09 00:14 . 2007-08-31 19:01 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 00:14 . 2009-05-09 00:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-05-08 06:25 . 2007-10-11 14:20 -------- d-----w- c:\programdata\NVIDIA
2009-04-26 10:13 . 2007-10-12 18:48 53360 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-11 06:33 . 2009-06-24 17:19 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-06-24 17:18 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-06-24 17:18 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-06-24 17:19 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-06-24 17:18 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-06-24 17:18 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-06-24 17:19 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-06-24 17:18 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-06-24 17:18 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-06-24 17:18 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-06-24 17:19 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-06-24 17:19 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-06-24 17:18 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-06-24 17:18 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-06-24 17:18 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-06-24 17:18 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-06-24 17:18 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-06-24 17:18 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-06-24 17:18 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-06-24 17:18 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-06-24 17:18 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-06-24 17:18 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-06-24 17:18 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-06-24 17:18 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-06-24 17:18 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-06-24 17:18 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-06-24 17:18 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-06-24 17:18 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-06-24 17:18 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-06-24 17:18 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:43 . 2009-06-24 17:19 148992 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2009-04-11 04:43 . 2009-06-24 17:19 507904 ----a-w- c:\windows\system32\drivers\bthport.sys
2009-04-11 04:43 . 2009-06-24 17:18 22528 ----a-w- c:\windows\system32\drivers\bthenum.sys
2009-04-11 04:43 . 2009-06-24 17:18 41472 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2009-04-11 04:43 . 2009-06-24 17:18 30720 ----a-w- c:\windows\system32\drivers\hidbth.sys
2009-04-11 04:43 . 2009-06-24 17:18 29696 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2009-04-11 04:43 . 2009-06-24 17:18 62208 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2009-04-11 04:42 . 2009-06-24 17:18 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-06-24 17:18 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-06-24 17:18 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-06-24 17:18 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-06-24 17:18 31616 ----a-w- c:\windows\system32\drivers\winusb.sys
2009-04-11 04:42 . 2009-06-24 17:18 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-04-11 04:42 . 2009-06-24 17:18 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-06-24 17:18 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-06-24 17:18 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-06-24 17:18 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-06-24 17:19 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-06-24 17:18 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-06-24 17:18 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-06-24 17:18 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-06-24 17:18 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:38 . 2009-06-24 17:18 17408 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-04-11 04:27 . 2009-06-24 17:18 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:23 . 2009-06-24 17:18 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-06-24 17:18 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-06-24 17:18 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-06-24 17:18 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:15 . 2009-06-24 17:18 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-06-24 17:18 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-06-24 17:18 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-06-24 17:18 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-06-24 17:18 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="c:\program files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-07-16 311984]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-12 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-12 81920]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 2061552]
"PCguard"="c:\program files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 310000]
"-FreedomNeedsReboot"="c:\program files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-29 185872]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-30 148888]

c:\users\People\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-26 344064]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:fc,3a,07,ee,f6,f4,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D4E4A3DF-9AC2-46FB-B22B-44773E36667C}c:\\games\\world of warcraft\\wow-1.12.0-engb-downloader.exe"= UDP:c:\games\world of warcraft\wow-1.12.0-engb-downloader.exe:Blizzard Downloader
"UDP Query User{FF914A9D-252E-4299-BF0C-FCFDA81AE9BD}c:\\games\\world of warcraft\\wow-1.12.0-engb-downloader.exe"= TCP:c:\games\world of warcraft\wow-1.12.0-engb-downloader.exe:Blizzard Downloader
"TCP Query User{30AC5BEA-5D1F-469E-925C-6F9E5463D170}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B7F82834-D9BC-4D0C-AFCF-117DC0BDC2B4}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D3E597EF-9642-4D5E-AC94-BE0DF7B0DB75}c:\\games\\world of warcraft\\wow-1.12.x-to-2.0.1-engb-patch-downloader.exe"= UDP:c:\games\world of warcraft\wow-1.12.x-to-2.0.1-engb-patch-downloader.exe:Blizzard Downloader
"UDP Query User{B0A0C940-7EF0-44C9-847E-CD7DF99467D9}c:\\games\\world of warcraft\\wow-1.12.x-to-2.0.1-engb-patch-downloader.exe"= TCP:c:\games\world of warcraft\wow-1.12.x-to-2.0.1-engb-patch-downloader.exe:Blizzard Downloader
"{DE3D26E0-1234-4FED-B529-DCA6BA04B7F7}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FF2F8892-EF48-43D3-A332-F7574F834753}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C5903B47-01B3-4E3A-BC9C-5C6F8BB77E01}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B03658AF-CC35-43E3-8AAD-F10F24F09553}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{39AB7B4C-A18E-4246-A0BF-BCAEF2CB855A}"= UDP:c:\games\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{1E4668C6-11B9-4FAE-82B6-F6A4D962391A}"= TCP:c:\games\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"TCP Query User{D1D275C4-CD04-4D9C-B5C9-A2CAEB45CBFF}c:\\games\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:c:\games\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"UDP Query User{6CDD8B03-A6F9-4E8D-B4BA-E7B227A39F55}c:\\games\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:c:\games\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"{A25F8BD2-9658-41D9-ACAA-07643A30F2A5}"= UDP:c:\games\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{9F1782B1-A072-439C-9CD8-E02D205E5F7C}"= TCP:c:\games\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{7C387842-0D70-47A4-AD15-2B7ED82610BF}c:\\users\\people\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\os0px1ks\\02_apek2.avi-downloader[1].exe"= UDP:c:\users\people\appdata\local\microsoft\windows\temporary internet files\content.ie5\os0px1ks\02_apek2.avi-downloader[1].exe:02_apek2.avi-downloader[1].exe
"UDP Query User{68303445-9EC8-4EF8-A79C-0BC7725D94DC}c:\\users\\people\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\os0px1ks\\02_apek2.avi-downloader[1].exe"= TCP:c:\users\people\appdata\local\microsoft\windows\temporary internet files\content.ie5\os0px1ks\02_apek2.avi-downloader[1].exe:02_apek2.avi-downloader[1].exe
"{07313E94-60A6-43A3-8598-83390F9F80BC}"= UDP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{E6283FDD-50D7-495E-8CB1-13F4F3FD1DBD}"= TCP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{8532CBAC-AD56-4066-BCA4-3A96375AAB20}"= UDP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{4858EC40-CD06-4AFD-A798-0103FDB6F799}"= TCP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{C805C200-143D-40A8-B3BF-DB495CE652A9}"= UDP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{B242EFE5-49DF-43B4-8478-622D4C821EE4}"= TCP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{3A98249A-48FC-414D-8DE4-853917D3F46D}"= UDP:c:\program files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"TCP Query User{C7A2454C-1385-4559-A495-C9A6F640A928}c:\\users\\people\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\people\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{DA271058-A35D-4B8B-83DF-A5202977CEFA}c:\\users\\people\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\people\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"{6D64A15D-7860-443D-BCF2-D3700BEB4370}"= c:\program files\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:Command & Conquer 3 Tiberium Wars
"TCP Query User{E43E8FE6-FE08-4502-907D-DA90F4836F51}c:\\games\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{A82440CD-681E-4672-AF4A-BA3CBDC96F4E}c:\\games\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{FF5C4DEF-9539-45FF-842C-20B00626EAE3}c:\\games\\wow mod's\\wow-2.2.3.7359-to-0.3.0.7441-engb-downloader.exe"= UDP:c:\games\wow mod's\wow-2.2.3.7359-to-0.3.0.7441-engb-downloader.exe:Blizzard Downloader
"UDP Query User{8EB6994D-474A-46EE-BA5A-E8F839185E20}c:\\games\\wow mod's\\wow-2.2.3.7359-to-0.3.0.7441-engb-downloader.exe"= TCP:c:\games\wow mod's\wow-2.2.3.7359-to-0.3.0.7441-engb-downloader.exe:Blizzard Downloader
"TCP Query User{84A61727-6E25-481A-8B73-C13635A3FE9F}c:\\games\\world of warcraft\\wowtest\\wow-0.3.0.7501-to-0.3.0.7521-engb-downloader.exe"= UDP:c:\games\world of warcraft\wowtest\wow-0.3.0.7501-to-0.3.0.7521-engb-downloader.exe:Blizzard Downloader
"UDP Query User{18DAC80E-FA5B-4B49-8C4F-B9F6E5CCF0F0}c:\\games\\world of warcraft\\wowtest\\wow-0.3.0.7501-to-0.3.0.7521-engb-downloader.exe"= TCP:c:\games\world of warcraft\wowtest\wow-0.3.0.7501-to-0.3.0.7521-engb-downloader.exe:Blizzard Downloader
"TCP Query User{8B0BD276-2066-4AA0-BDAD-0F9B6C49D0B4}c:\\games\\world of warcraft\\wowtest\\wow-0.3.0.7521-to-0.3.0.7543-engb-downloader.exe"= UDP:c:\games\world of warcraft\wowtest\wow-0.3.0.7521-to-0.3.0.7543-engb-downloader.exe:Blizzard Downloader
"UDP Query User{FC70CB0A-B737-4E24-B1E7-B434E5BCEE97}c:\\games\\world of warcraft\\wowtest\\wow-0.3.0.7521-to-0.3.0.7543-engb-downloader.exe"= TCP:c:\games\world of warcraft\wowtest\wow-0.3.0.7521-to-0.3.0.7543-engb-downloader.exe:Blizzard Downloader
"TCP Query User{A5BDD2B4-FFA4-404A-A71F-4D1ADBCB8A3C}c:\\games\\world of warcraft\\wowtest\\wow-0.3.0.7543-to-0.3.0.7561-engb-downloader.exe"= UDP:c:\games\world of warcraft\wowtest\wow-0.3.0.7543-to-0.3.0.7561-engb-downloader.exe:Blizzard Downloader
"UDP Query User{16E578CF-9149-4FD0-AE39-8C865737FF00}c:\\games\\world of warcraft\\wowtest\\wow-0.3.0.7543-to-0.3.0.7561-engb-downloader.exe"= TCP:c:\games\world of warcraft\wowtest\wow-0.3.0.7543-to-0.3.0.7561-engb-downloader.exe:Blizzard Downloader
"TCP Query User{51B38CA8-4FC0-4777-BCCC-51D91DF5404D}c:\\games\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-engb-downloader.exe"= UDP:c:\games\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-engb-downloader.exe:Blizzard Downloader
"UDP Query User{8425E19A-4241-4F97-B468-E618AA2FBCEB}c:\\games\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-engb-downloader.exe"= TCP:c:\games\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-engb-downloader.exe:Blizzard Downloader
"{854CAE7D-DC9F-4A49-9706-2A0B4E2BD424}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C8FC7282-9F43-4DA7-A31C-CA07C2003E3F}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{854EEFCA-B4A3-4711-8EF0-04FCD66F963C}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{F0F9F228-BF3F-4B0A-9D0B-DC1E577F76F9}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{4615E5BA-C113-4347-9C7C-045C6A47881C}"= UDP:c:\games\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"{8771C305-6B7A-4051-9B3B-645172EEBC21}"= TCP:c:\games\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"{CA17E73A-974F-4643-95DE-8CF35CB7829A}"= UDP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{52BCB50F-012D-483D-856D-974EE27C10C5}"= TCP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{C52C72FE-50B4-4EE1-9451-41C82C1E492C}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{74FECFBE-74AD-4692-BA6B-CAAD0A84A677}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{8002100A-6C2B-4FFC-9E1F-7004A89FFFDE}"= UDP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{FD8BF483-EB28-4A5A-AAED-4FB38870BE95}"= TCP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{4DB0F2BC-BEDB-44A5-8044-5CAF18281943}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{BC26EFEA-C0FA-4E52-BE2B-90990D519C2B}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{6B806068-F96F-467D-B0E6-8B2BEFC9B488}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{67514BDC-2BB7-4CFE-8BD4-8BA331498D57}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{063FB786-7F32-4096-853C-FE87DE711470}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"{9039E92C-96F0-4AC0-8C1F-FB7AA1722070}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"{A45D7F7A-415A-4FEE-BF23-3EE165C186EF}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"{6431A30B-491C-49CD-8E50-660D76A9046C}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"{0F308667-83F3-46B5-8B32-E9FB813F4383}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
"{E1190F0D-7B11-4CC4-808E-08D7F0737D30}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
"{0D569827-773D-44AE-9DBB-CDC70CF898BF}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{6F7D5F21-00AE-4BE5-A267-26F1A25A4A6F}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{73A5306A-6D6F-4653-89E7-3F36314858B9}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{D30866D3-1D18-4724-B642-FB0EE844FDBD}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{CF954D04-B880-4D2F-AD58-52A8E4815C0A}c:\\program files\\kontiki\\khost.exe"= UDP:c:\program files\kontiki\khost.exe:Delivery Manager
"UDP Query User{0B18EF6E-5F0E-458F-A2FC-0A955BD62315}c:\\program files\\kontiki\\khost.exe"= TCP:c:\program files\kontiki\khost.exe:Delivery Manager
"TCP Query User{71110B28-6B43-4C47-8229-24DAD7F99EEE}c:\\games\\world of warcraft\\wow-2.2.0-engb-downloader.exe"= UDP:c:\games\world of warcraft\wow-2.2.0-engb-downloader.exe:Blizzard Downloader
"UDP Query User{BADDC532-A40E-4F39-95E1-15A422CBBE6B}c:\\games\\world of warcraft\\wow-2.2.0-engb-downloader.exe"= TCP:c:\games\world of warcraft\wow-2.2.0-engb-downloader.exe:Blizzard Downloader
"TCP Query User{313461D8-228C-4B0A-8C39-C4D67B9BAAA8}c:\\games\\world of warcraft\\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe"= UDP:c:\games\world of warcraft\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe:Blizzard Downloader
"UDP Query User{5BC47367-6A6D-4735-A9F7-9479FD817997}c:\\games\\world of warcraft\\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe"= TCP:c:\games\world of warcraft\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe:Blizzard Downloader
"TCP Query User{B4E3EADB-F7BB-4E5B-9D7B-D4A49FE8AE3E}c:\\users\\people\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\wn5qfswq\\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader[1].exe"= UDP:c:\users\people\appdata\local\microsoft\windows\temporary internet files\content.ie5\wn5qfswq\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader[1].exe:wow-2.3.3.7799-to-0.4.0.7897-engb-downloader[1].exe
"UDP Query User{1F3D9920-D6A8-413C-AD93-0799EEBA5181}c:\\users\\people\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\wn5qfswq\\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader[1].exe"= TCP:c:\users\people\appdata\local\microsoft\windows\temporary internet files\content.ie5\wn5qfswq\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader[1].exe:wow-2.3.3.7799-to-0.4.0.7897-engb-downloader[1].exe
"TCP Query User{4A32AA90-B210-4D52-965A-FD77F1D9A070}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{791C726C-BB67-4FED-B041-82067C7D303A}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{281B79D5-AFBE-4CB0-A23C-36717E51B2EC}c:\\games\\world of warcraft\\wowtest\\wow-0.4.0.7897-to-0.4.0.7923-engb-downloader.exe"= UDP:c:\games\world of warcraft\wowtest\wow-0.4.0.7897-to-0.4.0.7923-engb-downloader.exe:Blizzard Downloader
"UDP Query User{1066EAD6-CB72-4285-B124-C07FFB4FBEE9}c:\\games\\world of warcraft\\wowtest\\wow-0.4.0.7897-to-0.4.0.7923-engb-downloader.exe"= TCP:c:\games\world of warcraft\wowtest\wow-0.4.0.7897-to-0.4.0.7923-engb-downloader.exe:Blizzard Downloader
"{E4F07135-8AB5-4AD7-8755-5CE4120D01E7}"= UDP:c:\games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{88E12464-090F-4807-A58F-B6F2904387E0}"= TCP:c:\games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"TCP Query User{2EF7AC6C-81E6-4007-A9AA-BBF65C433D9D}c:\\games\\world of warcraft\\wow-2.4.2.8278-to-0.4.3.8478-engb-downloader.exe"= UDP:c:\games\world of warcraft\wow-2.4.2.8278-to-0.4.3.8478-engb-downloader.exe:Blizzard Downloader
"UDP Query User{C25B2273-0CB0-4B2F-A3A8-147D3C9B9E30}c:\\games\\world of warcraft\\wow-2.4.2.8278-to-0.4.3.8478-engb-downloader.exe"= TCP:c:\games\world of warcraft\wow-2.4.2.8278-to-0.4.3.8478-engb-downloader.exe:Blizzard Downloader
"TCP Query User{B934752B-54F4-4406-90D7-A5FF5870CC21}c:\\games\\novalogic\\delta force xtreme\\dfx.exe"= UDP:c:\games\novalogic\delta force xtreme\dfx.exe:dfx
"UDP Query User{F01D9A41-2BA4-40DB-9BB2-324320F637E2}c:\\games\\novalogic\\delta force xtreme\\dfx.exe"= TCP:c:\games\novalogic\delta force xtreme\dfx.exe:dfx
"TCP Query User{EFA28B80-829B-4AF1-B9D7-8F8816326054}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{28C97C39-3930-4DD9-83D1-E71338C187A7}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{22DF2E35-D78B-4F8C-B954-5EF170DBAF59}c:\\users\\people\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\people\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{E90470F4-93D5-4E4E-BA0D-D2719C7E922D}c:\\users\\people\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\people\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"TCP Query User{80001055-C686-4205-AB5A-627DDDA9868E}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{B0B3F532-7BD8-4318-B6AE-60D07CD53DA9}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{7F952955-54E1-4B95-856D-D7451F0643DA}c:\\games\\world of warcraft\\wowtest\\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe"= UDP:c:\games\world of warcraft\wowtest\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe:Blizzard Downloader
"UDP Query User{A7F6E3EA-5381-4C19-A24A-61B2AA449B1E}c:\\games\\world of warcraft\\wowtest\\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe"= TCP:c:\games\world of warcraft\wowtest\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe:Blizzard Downloader
"{97D9A3A9-6FC9-49FD-BE61-8676138FF83D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{901C1509-02AC-48D8-8D83-37F8728CE880}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8E8F02D0-740E-4644-8C17-E34257FD5371}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{74509191-D94F-4638-88A3-FC46AFCB0CF8}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{6A4EC70A-A8D1-4A1F-A283-72E561AF684F}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{1D13B64A-6BE9-4A36-9F3C-8527147D234F}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{FAA2D2F9-1C2E-4924-AEBF-B8BE770894F3}c:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= UDP:c:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor
"UDP Query User{B86CEB99-BC95-46C2-A64F-C296A8A0CF9F}c:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= TCP:c:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor
"TCP Query User{34E26690-47E0-462D-8C6B-A77DC53B4A28}c:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= UDP:c:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application
"UDP Query User{4B4A312F-589B-46D7-9A17-6164A258D133}c:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= TCP:c:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application
"{8040A764-43E8-43B2-A23D-89191799E7F4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2DF6A9B2-9322-475D-9772-CA5116837507}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EB3847D5-C893-4590-9B4A-4B864E1B9143}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe:Blizzard Downloader
"{52713E04-1BCA-413E-97BE-ECB59F72E074}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe:Blizzard Downloader
"{53E2FE3F-11FF-4AAA-940D-491DA24AB5FA}"= UDP:3724:Blizzard Downloader: 3724
"{0CA73055-0CE7-435B-930D-BE56DE5FBBEE}"= UDP:6881:Blizzard Downloader: 6881
"TCP Query User{8A09506B-4FD6-4D51-9579-B6CD5B4A7845}c:\\users\\people\\appdata\\local\\temp\\blizzard launcher temporary - b24386a0\\launcher.exe"= UDP:c:\users\people\appdata\local\temp\blizzard launcher temporary - b24386a0\launcher.exe:launcher.exe
"UDP Query User{EA6412A3-ACD3-4D1B-9045-2B5A5C340AFE}c:\\users\\people\\appdata\\local\\temp\\blizzard launcher temporary - b24386a0\\launcher.exe"= TCP:c:\users\people\appdata\local\temp\blizzard launcher temporary - b24386a0\launcher.exe:launcher.exe
"TCP Query User{EB533BA8-013E-4CF7-AF87-72F87B22829D}c:\\games\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\games\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{0D589FF0-BFBE-4CB0-971C-F4D28BBF02B6}c:\\games\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\games\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"{DB0B01FF-EFFE-493C-84F4-C297A3F673D8}"= UDP:6112:Blizzard Downloader: 6112
"TCP Query User{6457DDFB-A33F-4BCF-A795-F68DCEF0D5A0}c:\\users\\people\\appdata\\local\\temp\\blizzard launcher temporary - 9299bdc0\\launcher.exe"= UDP:c:\users\people\appdata\local\temp\blizzard launcher temporary - 9299bdc0\launcher.exe:launcher.exe
"UDP Query User{39012816-604B-4BCF-9FB1-04816754DFDA}c:\\users\\people\\appdata\\local\\temp\\blizzard launcher temporary - 9299bdc0\\launcher.exe"= TCP:c:\users\people\appdata\local\temp\blizzard launcher temporary - 9299bdc0\launcher.exe:launcher.exe
"TCP Query User{3E0D20D8-FD0F-49E9-B49A-221DFC97679B}c:\\games\\world of warcraft\\launcher.exe"= UDP:c:\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{1927E903-FF1E-40D8-9921-867E955E49F4}c:\\games\\world of warcraft\\launcher.exe"= TCP:c:\games\world of warcraft\launcher.exe:Blizzard Launcher
"{E72AFCF3-5CCE-498B-A003-852AE423B277}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E3C7F2AD-AC2D-43B8-AE45-6F30DD34AE3C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{F604069A-7C5F-452C-8C33-44CDD8E5EA69}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{CECFBADE-B06F-4718-BC8D-1B33A774ADD0}c:\\users\\people\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\people\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{E017AD10-8422-4A83-BDB8-5AF1129F4534}c:\\users\\people\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\people\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"TCP Query User{D899EAA9-75AA-4409-8C46-EF157493E080}c:\\program files\\lexmark 3500-4500 series\\app4r.exe"= UDP:c:\program files\lexmark 3500-4500 series\app4r.exe:Printing Application
"UDP Query User{0113C76D-E882-4C8F-B7AA-4CF936173CF7}c:\\program files\\lexmark 3500-4500 series\\app4r.exe"= TCP:c:\program files\lexmark 3500-4500 series\app4r.exe:Printing Application
"TCP Query User{1DB10645-33D9-4F76-AA34-ABD7BE0F6717}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"= UDP:c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"UDP Query User{A03D2BDD-A639-4BD8-88D2-00EBA370E25A}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"= TCP:c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface

R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdiserv.exe [11/06/2007 15:14 99248]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [23/09/2008 19:23 210216]
R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\System32\drivers\dc3d.sys [15/01/2009 10:15 15360]
S2 gupdate1c992197b3c770;Google Update Service (gupdate1c992197b3c770);c:\program files\Google\Update\GoogleUpdate.exe [18/02/2009 23:33 133104]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [25/10/2008 11:34 33752]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\windows\System32\dllhost.exe [02/11/2006 09:50 7168]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187.sys [27/06/2008 01:40 335872]
S4 ioatdma;Intel® QuickData Technology Device;c:\windows\System32\drivers\ioatdma.sys [10/10/2007 08:41 36744]
S4 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [10/10/2007 08:42 34176]
S4 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [10/10/2007 08:42 28800]
S4 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [10/10/2007 08:44 210224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-17 14:36]

2009-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-18 22:33]

2009-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-18 22:33]

2009-07-01 c:\windows\Tasks\User_Feed_Synchronization-{7E551440-141A-4B6A-AF0A-20805A2F6169}.job
- c:\windows\system32\msfeedssync.exe [2009-03-27 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - hxxps://www.coolroom.com/ActiveX/ax.dll
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - hxxp://www.gomusic.ru/cabs/xdownloader.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 20:56
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-452665143-2657019009-658589305-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b9,1b,7f,4e,b4,7a,27,7c,ef,c3,86,bc,e1,47,9b,a3,a5,e8,23,87,0d,a5,6e,
5a,4b,9b,55,7c,db,ee,80,a1,dc,9f,ad,dd,2b,43,21,ee,2f,d3,fe,f1,8c,0e,39,27,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-452665143-2657019009-658589305-1000\Software\SecuROM\License information*]
"datasecu"=hex:c5,0c,f9,e8,be,e4,2d,ba,26,07,56,ab,02,79,51,d3,bb,14,84,66,01,
ae,0a,c7,3f,2c,fa,be,ee,18,55,44,7a,8a,82,9f,20,a2,87,2c,17,2b,ec,24,d3,65,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-02 20:57
ComboFix-quarantined-files.txt 2009-07-02 19:57

Pre-Run: 372,197,380,096 bytes free
Post-Run: 372,134,178,816 bytes free

455 --- E O F --- 2009-06-24 17:42

Hi Rekick,

Now we look for stragglers.


Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• Open the Kaspersky WebScanner
  page.
  
• Click on the button on the main page.
  
• The program will launch and fill in the Information section on the left.
  
• Read the "Requirements and Limitations" then press the button.
  
• The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  
• Once the files have been downloaded, click on the ...button.
  In the scan settings make sure the following are selected:
  • Detect malicious programs of the following categories:
    Viruses, Worms, Trojan Horses, Rootkits
    Spyware, Adware, Dialers and other potentially dangerous programs
    
  • Scan compound files (doesn't apply to the File scan area):
    Archives
    Mail databases
    By default the above items should already be checked.
    
  • Click the button, if you made any changes.
  
  
• Now under the Scan section on the left:
  
  Select My Computer
  
  
• The program will now start and scan your system. This will run for a while, be patient and let it finish.
  
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• In the drop down box labeled Files of type change the type to Text file.
  
• Save the file to your desktop.
  
• Copy and paste that information in your next post. Post the log even if it finds nothing.

You can refer to this animation by sundavis if needed.

Also post a fresh Hijackthis log.

This post has been edited by SifuMike: 02 July 2009 - 03:57 PM

Hi Again

Installed Kaspersky WebScanner and updated it after running it came up with 3 Threats, log below with new HijackThis Log



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, July 3, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 02, 2009 18:08:15
Records in database: 2415233
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
L:\

Scan statistics:
Files scanned: 290290
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 04:08:08


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Windows\System32\MSIVXjfdckwmsnbyueichdmfxmksgvhjnhqnh.dll.vir Infected: Trojan.Win32.Agent2.kug 1
C:\Qoobox\Quarantine\C\Windows\System32\MSIVXxarrwlejodjexxddcdppgmpcjnoyyjvj.dll.vir Infected: Trojan.Win32.Agent2.kuh 1
F:\FEATURES\50 PC TOOLS\Spiceworks.exe Infected: not-a-virus:PSWTool.Win32.ProductKey.b 1

The selected area was scanned.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:25:29, on 03/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.25\aaCenter.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Virgin Broadband\PCguard\RPS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\windows sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\Hijack.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn14\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - https://www.coolroom.com/ActiveX/ax.dll
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll
O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - http://www.gomusic.ru/cabs/xdownloader.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c992197b3c770) (gupdate1c992197b3c770) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11517 bytes

Hi Rekick,

Both logs look good Kapsersky found files quarentined by ComboFix. We will get getting rid of those shortly.

Please tell me how the computer is running.

We still have to do some program clean up.

hi again

all seems to be running fine now thank you

spybot now runs and my ext harddrive has come back to life

Now we do the program clean up.

Delete Combo-Fix and Security Check from your desktopand its accompanying folder C:\Qoobox.

Reboot

Let's reset you files so they are hidden and protected.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading deselect Show hidden files and folders.
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK



Let's clean your System Restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows.
The files in System Restore are protected to prevent any programs from changing those files.
This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK

2. Restart your computer.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
NOTE: only do this ONCE, NOT on a regular basis

System Restore will now be active again.



Use this if ComboFix does not reset the military time to standard time format:

Click Start>Control Panel>Regional and Language Options
Click the Customize button
Select the Time tab.
Reset to preferred time format, click Apply and OK.

or
Open the Control Panel> Date, Time, Language and Regional Options> Select the Regional Options tab> Next to the box that shows your selected language click Customize> Click the Time tab> In the Time Format box enter: Standard Format: "h:mm:ss:tt"

or
In case the clock settings weren't restored, Go to your control panel and choose Date,Time, language & region Options > Regional and Language options (this in normal XP view)
When in classic view, select Regional and Language options.
Under the tab Regional options > standards and formats, from the dropdown list, choose your region > click apply and ok.


Please read and follow
<a href="http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/" target="_blank">
Simple and easy ways to keep your computer safe and secure on the Internet</a> as well
Groovicus' Guide to Simple PC Security to help keep yourself from becoming infected again, as well as
How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes

If you want to improve speed/system performance after malware removal, take a look here.

Now your good to go.

This post has been edited by SifuMike: 03 July 2009 - 11:22 AM

hi again

Combo-Fix and Security Check deleted

restore points cleaned and new one made

thanks again for all your help and fasts replys

Not sure if this is a clash of programs with Spybot but CA Yahoo toolbar Anti-spy is telling me i have

1. KoolyNoody Downloader
2. WinSpywareProtect Rougue Security Software
3. Bifrost Backdoor

and spybot is telling me i have

Win32.TDSS.reg Registry key

This post has been edited by Rekick: 03 July 2009 - 12:46 PM