HijackThis Log: Please help Diagnose: Generic8.GRD and friends!

Hi There,

Can't seem to shift this with spybot or my anti virus. Hoping you guys can help! Thanks in advance. Anti virus detects a generic8.GRD trojan (on open) whenever i run a spybot scan. Spybot reports the following:-

PWS.LDPinchIE,
Smithfraud-C,
Microsoft.Windows.Explorer (no folder options is not w=0),
windows security center.RegistryTools (DisableRegisryTools is not dword:0,

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:29, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Phill\Desktop\hijackthis\HijackThis.exe

O2 - BHO: C:\WINDOWS\system32\jkse73hedfdgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jkse73hedfdgf.dll (file missing)
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\U-ABIT\uGuru\uGuru.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Phill\LOCALS~1\Temp\csrssc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jkse73hedfdgf.dll (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 8043 bytes



DDS LOG


DDS (Version 1.1.0) - NTFSx86
Run by Phill at 19:49:38.95 on 16/12/2008
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1302 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Phill\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Phill\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: {C5BF49A2-94F3-42BD-F434-3604812C897D} - c:\windows\system32\jkse73hedfdgf.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ABIT uGuruIII] c:\program files\u-abit\uguru\uGuru.exe
uRun: [Jnskdfmf9eldfd] c:\docume~1\phill\locals~1\temp\csrssc.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {C5BF49A2-94F3-42BD-F434-3604812C897D} - c:\windows\system32\jkse73hedfdgf.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\phill\applic~1\mozilla\firefox\profiles\r73t472o.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\phill\application data\mozilla\firefox\profiles\r73t472o.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

============= SERVICES / DRIVERS ===============

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2008-4-29 10368]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-3 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-3 26824]
R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2008-5-5 14592]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-4 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-4 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-3 76040]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe []
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\RaInfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-5-1 47640]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-10-18 33792]
R3 SaiH0004;SaiH0004;c:\windows\system32\drivers\SaiH0004.sys [2007-5-1 132232]
R3 SaiL0004;SaiL0004;c:\windows\system32\drivers\SaiL0004.sys [2007-5-1 15488]
R3 SaiU0004;SaiU0004;c:\windows\system32\drivers\SaiU0004.sys [2007-5-1 28416]
S0 Si3132r5;Si3132r5;c:\windows\system32\drivers\Si3132r5.sys [2008-4-29 201728]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\lavalys\everest ultimate edition\kerneld.wnt [2008-6-30 23152]
S3 Memctl;Memctl;\??\c:\program files\u-abit\flashmenu\Memctl.sys [2008-11-25 4047]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2008-7-6 50048]
S4 LMIRfsClientNP;LMIRfsClientNP; []

=============== Created Last 30 ================

2008-12-15 22:07 164 a------- c:\windows\wininit.ini
2008-12-15 21:54 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2008-12-15 21:42 <DIR> --d----- c:\documents and settings\phill\.housecall6.6
2008-12-14 23:36 78,784 a------- c:\windows\system32\ISUSPM.cpl
2008-12-14 19:53 <DIR> --d----- C:\Fraps
2008-12-14 18:56 205,413 a------- c:\windows\system32\nvapps.nvb
2008-12-09 15:03 <DIR> --d----- c:\windows\system32\xlive
2008-12-09 15:03 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2008-12-09 14:22 <DIR> --d----- c:\windows\system32\XPSViewer
2008-12-09 14:21 14,048 -------- c:\windows\system32\spmsg2.dll
2008-12-02 23:11 1,253,376 a------- c:\windows\system32\NvPVEnc.ax
2008-12-01 21:32 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-01 21:32 1,409 a------- c:\windows\QTFont.for
2008-11-30 20:15 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2008-11-30 20:15 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2008-11-30 20:15 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-11-30 20:15 452,440 a------- c:\windows\system32\d3dx10_40.dll
2008-11-30 20:15 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2008-11-30 20:15 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-11-30 20:15 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-11-29 20:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OrbNetworks
2008-11-29 20:29 <DIR> --d----- c:\program files\Winamp Remote
2008-11-29 20:28 129,784 -------- c:\windows\system32\pxafs.dll
2008-11-29 15:25 53,248 a------- c:\windows\system32\CSVer.dll
2008-11-29 15:24 <DIR> --d----- C:\Intel
2008-11-29 15:22 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-11-29 15:22 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-29 15:21 1,419,232 a----r-- c:\windows\system32\WdfCoInstaller01005.dll
2008-11-29 15:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2008-11-29 15:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-11-29 14:53 <DIR> --d----- c:\docume~1\phill\applic~1\Uniblue
2008-11-29 14:53 <DIR> --d----- c:\program files\Uniblue
2008-11-29 14:52 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-29 13:51 <DIR> --d----- c:\windows\system32\AGEIA
2008-11-29 13:51 199,280 a------- c:\windows\system32\nvapps.xml
2008-11-29 13:51 453,152 a------- c:\windows\system32\nvudisp.exe
2008-11-29 13:51 18,696 a------- c:\windows\system32\nvdisp.nvu
2008-11-29 13:51 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-11-29 13:44 552 a------- c:\windows\system32\d3d8caps.dat
2008-11-28 23:01 <DIR> --d----- c:\program files\VideoLAN
2008-11-25 21:26 50,688 a------- c:\windows\system32\AC2005DLL.dll
2008-11-25 21:22 268 a---h--- C:\sqmdata19.sqm
2008-11-25 21:22 244 a---h--- C:\sqmnoopt19.sqm
2008-11-24 11:45 268 a---h--- C:\sqmdata18.sqm
2008-11-24 11:45 244 a---h--- C:\sqmnoopt18.sqm
2008-11-23 23:27 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-23 14:02 44,646 a------- c:\windows\system32\FlashMenu.sys
2008-11-23 14:01 3,548 a------- c:\windows\system32\drivers\WinFlash.sys
2008-11-23 12:49 268 a---h--- C:\sqmdata17.sqm
2008-11-23 12:49 244 a---h--- C:\sqmnoopt17.sqm
2008-11-23 01:40 <DIR> --d----- c:\documents and settings\phill\LocalLow
2008-11-23 01:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
2008-11-22 22:15 268 a---h--- C:\sqmdata16.sqm
2008-11-22 22:15 244 a---h--- C:\sqmnoopt16.sqm

==================== Find3M ====================

2008-12-14 22:48 137,992 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-14 22:48 201,816 a------- c:\windows\system32\PnkBstrB.exe
2008-12-09 15:06 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-10-28 17:41 14,303,392 a------- c:\windows\system32\xlive.dll
2008-10-28 17:41 13,643,936 a------- c:\windows\system32\xlivefnt.dll
2008-10-25 22:14 22,328 a------- c:\docume~1\phill\applic~1\PnkBstrK.sys
2008-10-25 22:14 2,250,024 a------- c:\windows\system32\pbsvc.exe
2008-10-25 22:14 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-10-17 17:24 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2008-10-17 17:24 87,352 a------- c:\windows\system32\LMIinit.dll
2008-10-17 17:24 28,984 a------- c:\windows\system32\LMIport.dll
2008-10-17 17:24 23,736 a------- c:\windows\system32\lmimirr.dll
2008-10-17 17:24 10,040 a------- c:\windows\system32\lmimirr2.dll
2008-10-13 09:56 70,936 a------- c:\windows\system32\PhysXLoader.dll
2008-10-02 22:50 81,920 a------- c:\windows\system32\frapsvid.dll
2008-05-14 16:20 87,608 a------- c:\docume~1\phill\applic~1\inst.exe
2008-05-14 16:20 47,360 a------- c:\docume~1\phill\applic~1\pcouffin.sys

============= FINISH: 19:49:57.81 ===============

Hello millwalker,



Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea

Thanks for the speedy reply. I have pasted in the SDFix log, ComboFix Log and finally a new Hijack this log.

Once again thanks for getting back to me so soon.


SDFix: Version 1.240
Run by Phill on 17/12/2008 at 17:46

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :

C:\WINDOWS
:E7283D0CBCA8488B 24
Total size: 24 bytes.
WINDOWS: deleted 24 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS
No streams found.



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 17:50:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000e8e0173ba]
"001813bc2f7f"=hex:96,ea,fe,9c,bf,03,6c,ea,a1,37,74,92,ab,fc,f3,d3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:1d,83,c5,81,0d,a8,17,94,09,50,7f,e2,a3,32,97,4d,9e,07,96,8f,cf,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,eb,39,1e,53,81,e4,11,f8,ef,f0,f7,a0,ed,aa,f2,7c,3d,..
"khjeh"=hex:85,16,c3,9d,9b,32,f9,ca,3b,08,d5,f9,a1,7c,9f,3a,54,9a,ce,4e,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5d,da,28,16,b6,28,c0,d2,5e,ef,cb,a5,07,35,2b,c5,e5,50,4f,52,fc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000e8e0173ba]
"001813bc2f7f"=hex:96,ea,fe,9c,bf,03,6c,ea,a1,37,74,92,ab,fc,f3,d3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:1d,83,c5,81,0d,a8,17,94,09,50,7f,e2,a3,32,97,4d,9e,07,96,8f,cf,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,eb,39,1e,53,81,e4,11,f8,ef,f0,f7,a0,ed,aa,f2,7c,3d,..
"khjeh"=hex:85,16,c3,9d,9b,32,f9,ca,3b,08,d5,f9,a1,7c,9f,3a,54,9a,ce,4e,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5d,da,28,16,b6,28,c0,d2,5e,ef,cb,a5,07,35,2b,c5,e5,50,4f,52,fc,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Synology Assistant\\DSAssistant.exe"="C:\\Program Files\\Synology Assistant\\DSAssistant.exe:*:Enabled:Synology Assistant"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Synology Download Redirector\\Redirector.exe"="C:\\Program Files\\Synology Download Redirector\\Redirector.exe:*:Enabled:Synologyr Download Redirector"
"E:\\Battlefield 2142\\BF2142.exe"="E:\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Phill\\Local Settings\\Temp\\hp_webrelease\\setup\\HPZnet01.exe"="C:\\Documents and Settings\\Phill\\Local Settings\\Temp\\hp_webrelease\\setup\\HPZnet01.exe:*:Enabled:hpznet01.exe"
"C:\\Documents and Settings\\Phill\\Local Settings\\Temp\\hp_webrelease\\setup\\hponicifs01.exe"="C:\\Documents and Settings\\Phill\\Local Settings\\Temp\\hp_webrelease\\setup\\hponicifs01.exe:*:Enabled:hponicifs01.exe"
"C:\\WINDOWS\\system32\\spoolsv.exe"="C:\\WINDOWS\\system32\\spoolsv.exe:*:Enabled:Spooler SubSystem App"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"E:\\COD4\\iw3mp.exe"="E:\\COD4\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"E:\\Codemasters\\GRID\\GRID.exe"="E:\\Codemasters\\GRID\\GRID.exe:*:Enabled:GRID"
"E:\\bf2\\BF2.exe"="E:\\bf2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"="C:\\Program Files\\TVersity\\Media Server\\MediaServer.exe:*:Enabled:TVersity Media Server"
"E:\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"="E:\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"E:\\Codemasters\\Race Driver 3\\RD3.exe"="E:\\Codemasters\\Race Driver 3\\RD3.exe:*:Enabled:RaceDriver 3 Application"
"E:\\pes2009\\PES 2009\\pes2009.exe"="E:\\pes2009\\PES 2009\\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"="C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe:*:Enabled:artpschd"
"E:\\Far Cry 2\\bin\\FC2Editor.exe"="E:\\Far Cry 2\\bin\\FC2Editor.exe:*:Enabled:Editor"
"E:\\Capcom\\MotoGP 08\\Launcher.exe"="E:\\Capcom\\MotoGP 08\\Launcher.exe:*:Enabled:MotoGP 08"
"C:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"="C:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe:*:Enabled:Media Player Classic"
"E:\\Far Cry 2\\bin\\FC2Launcher.exe"="E:\\Far Cry 2\\bin\\FC2Launcher.exe:*:Disabled:Far Cry 2 Updater"
"E:\\fm2009\\fm.exe"="E:\\fm2009\\fm.exe:*:Enabled:Football Manager 2009"
"C:\\Program Files\\U-ABIT\\FlashMenu\\FlashMenu.exe"="C:\\Program Files\\U-ABIT\\FlashMenu\\FlashMenu.exe:*:Enabled:FlashMenu Application"
"e:\\Sports Interactive\\Football Manager 2009 Demo\\fm.exe"="e:\\Sports Interactive\\Football Manager 2009 Demo\\fm.exe:*:Disabled:Football Manager 2009 Demo"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"E:\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"="E:\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe:*:Disabled:Grand Theft Auto IV"
"E:\\Far Cry 2\\bin\\FarCry2.exe"="E:\\Far Cry 2\\bin\\FarCry2.exe:*:Disabled:Far Cry 2"
"E:\\GTA4\\Rockstar Games Social Club\\RGSCLauncher.exe"="E:\\GTA4\\Rockstar Games Social Club\\RGSCLauncher.exe:*:Disabled:Rockstar Games Social Club"
"E:\\GTA4\\Grand Theft Auto IV\\GTAIV.exe"="E:\\GTA4\\Grand Theft Auto IV\\GTAIV.exe:*:Disabled:Grand Theft Auto IV"
"E:\\Shaun White\\ShaunWhiteSnowboardingGame.exe"="E:\\Shaun White\\ShaunWhiteSnowboardingGame.exe:*:Enabled:Shaun White Snowboarding Game"
"E:\\Shaun White\\ShaunWhiteSnowboarding.exe"="E:\\Shaun White\\ShaunWhiteSnowboarding.exe:*:Enabled:Shaun White Snowboarding Update"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"

Finished!



ComboFix 08-12-16.03 - Phill 2008-12-17 17:56:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1397 [GMT 0:00]
Running from: c:\documents and settings\Phill\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Phill\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-17 to 2008-12-17 )))))))))))))))))))))))))))))))
.

2008-12-17 17:45 . 2008-12-17 17:45 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-17 17:44 . 2008-12-17 17:44 <DIR> d-------- c:\windows\ERUNT
2008-12-17 17:39 . 2008-12-17 17:52 <DIR> d-------- C:\SDFix
2008-12-15 22:07 . 2008-12-15 22:42 164 --a------ c:\windows\wininit.ini
2008-12-15 21:54 . 2008-12-15 21:54 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-12-15 21:42 . 2008-12-15 21:53 <DIR> d-------- c:\documents and settings\Phill\.housecall6.6
2008-12-14 23:52 . 2008-12-14 23:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-12-14 23:51 . 2008-12-14 23:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ubisoft
2008-12-14 23:36 . 2007-04-27 10:12 78,784 --a------ c:\windows\system32\ISUSPM.cpl
2008-12-14 19:53 . 2008-12-14 21:16 <DIR> d-------- C:\Fraps
2008-12-14 18:56 . 2008-12-02 23:11 205,413 --a------ c:\windows\system32\nvapps.nvb
2008-12-09 15:04 . 2008-12-09 15:04 <DIR> d-------- c:\windows\system32\drivers\umdf
2008-12-09 15:03 . 2008-12-09 15:03 <DIR> d-------- c:\windows\system32\xlive
2008-12-09 15:03 . 2008-12-09 15:14 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-09 14:24 . 2008-12-09 14:24 <DIR> d-------- c:\program files\MSBuild
2008-12-09 14:22 . 2008-12-11 18:26 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-09 14:21 . 2008-12-09 14:21 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-09 14:21 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-02 23:11 . 2008-12-02 23:11 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax
2008-12-01 21:32 . 2008-12-14 19:05 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-01 21:32 . 2008-12-01 21:32 1,409 --a------ c:\windows\QTFont.for
2008-12-01 16:40 . 2008-12-01 16:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-30 20:15 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-11-30 20:15 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-11-30 20:15 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-11-30 20:15 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-11-30 20:15 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-11-30 20:15 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-11-30 20:15 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-11-29 20:29 . 2008-11-29 20:29 <DIR> d-------- c:\program files\Winamp Remote
2008-11-29 20:29 . 2008-11-29 20:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\OrbNetworks
2008-11-29 20:28 . 2008-11-29 20:30 <DIR> d-------- c:\program files\Winamp
2008-11-29 20:28 . 2008-11-30 03:27 <DIR> d-------- c:\documents and settings\Phill\Application Data\Winamp
2008-11-29 20:28 . 2007-03-07 23:51 129,784 --------- c:\windows\system32\pxafs.dll
2008-11-29 15:25 . 2008-03-26 11:15 53,248 --a------ c:\windows\system32\CSVer.dll
2008-11-29 15:24 . 2008-11-29 15:24 <DIR> d-------- C:\Intel
2008-11-29 15:22 . 2008-11-29 15:22 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-29 15:22 . 2008-11-29 15:22 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-11-29 15:21 . 2006-11-02 16:09 1,419,232 -ra------ c:\windows\system32\WdfCoInstaller01005.dll
2008-11-29 15:11 . 2008-11-29 15:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2008-11-29 15:10 . 2008-11-29 15:11 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-11-29 14:53 . 2008-11-29 15:11 <DIR> d-------- c:\program files\Uniblue
2008-11-29 14:53 . 2008-11-29 15:11 <DIR> d-------- c:\documents and settings\Phill\Application Data\Uniblue
2008-11-29 14:52 . 2008-11-29 14:53 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-29 13:51 . 2008-11-29 13:51 <DIR> d-------- c:\windows\system32\AGEIA
2008-11-29 13:51 . 2008-11-29 13:51 <DIR> d-------- c:\program files\AGEIA Technologies
2008-11-29 13:51 . 2008-12-02 10:13 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-29 13:51 . 2008-12-02 23:11 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-11-29 13:51 . 2008-12-17 17:53 199,280 --a------ c:\windows\system32\nvapps.xml
2008-11-29 13:51 . 2008-12-02 23:11 18,696 --a------ c:\windows\system32\nvdisp.nvu
2008-11-29 13:44 . 2008-11-29 13:44 552 --a------ c:\windows\system32\d3d8caps.dat
2008-11-28 23:03 . 2008-11-28 23:07 <DIR> d-------- c:\documents and settings\Phill\Application Data\vlc
2008-11-28 23:01 . 2008-11-28 23:01 <DIR> d-------- c:\program files\VideoLAN
2008-11-25 21:26 . 2007-04-25 15:38 50,688 --a------ c:\windows\system32\AC2005DLL.dll
2008-11-25 21:25 . 2008-12-14 23:52 <DIR> d-------- c:\documents and settings\Phill\Application Data\InstallShield
2008-11-25 21:22 . 2008-11-25 21:22 268 --ah----- C:\sqmdata19.sqm
2008-11-25 21:22 . 2008-11-25 21:22 244 --ah----- C:\sqmnoopt19.sqm
2008-11-24 11:45 . 2008-11-24 11:45 268 --ah----- C:\sqmdata18.sqm
2008-11-24 11:45 . 2008-11-24 11:45 244 --ah----- C:\sqmnoopt18.sqm
2008-11-23 23:27 . 2008-11-23 23:26 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-23 14:02 . 2008-11-23 14:02 44,646 --a------ c:\windows\system32\FlashMenu.sys
2008-11-23 14:01 . 2006-04-18 14:53 3,548 --a------ c:\windows\system32\drivers\WinFlash.sys
2008-11-23 12:49 . 2008-11-23 12:49 268 --ah----- C:\sqmdata17.sqm
2008-11-23 12:49 . 2008-11-23 12:49 244 --ah----- C:\sqmnoopt17.sqm
2008-11-23 01:40 . 2008-11-23 01:40 <DIR> d-------- c:\documents and settings\Phill\LocalLow
2008-11-23 01:40 . 2008-11-23 01:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\TVU Networks
2008-11-22 22:15 . 2008-11-22 22:15 268 --ah----- C:\sqmdata16.sqm
2008-11-22 22:15 . 2008-11-22 22:15 244 --ah----- C:\sqmnoopt16.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 17:40 --------- d-----w c:\documents and settings\Phill\Application Data\uTorrent
2008-12-17 12:33 --------- d-----w c:\program files\LogMeIn
2008-12-15 22:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-15 22:30 --------- d-----w c:\program files\SpywareBlaster
2008-12-14 23:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 23:36 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-14 22:48 201,816 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-14 22:48 137,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-09 15:06 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-01 16:40 --------- d-----w c:\program files\HP
2008-11-29 13:51 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-29 13:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-29 13:17 --------- d-----w c:\documents and settings\Phill\Application Data\NewsBin
2008-11-25 21:26 --------- d-----w c:\program files\U-ABIT
2008-11-23 23:26 --------- d-----w c:\program files\Java
2008-11-23 23:26 --------- d-----w c:\program files\Common Files\Adobe
2008-11-18 18:09 --------- d-----w c:\documents and settings\Phill\Application Data\Sports Interactive
2008-11-10 16:52 --------- d-----w c:\documents and settings\Curtis\Application Data\HP
2008-11-08 16:08 --------- d-----w c:\program files\Real Alternative
2008-11-07 12:42 --------- d-----w c:\documents and settings\Phill\Application Data\Capcom
2008-11-02 01:03 --------- d-----w c:\documents and settings\All Users\Application Data\Sports Interactive
2008-11-02 01:01 --------- d--h--w c:\program files\Zero G Registry
2008-10-28 17:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 17:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-25 22:55 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-25 22:55 --------- d-----w c:\documents and settings\Phill\Application Data\SystemRequirementsLab
2008-10-25 22:14 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-10-25 22:14 22,328 ----a-w c:\documents and settings\Phill\Application Data\PnkBstrK.sys
2008-10-25 22:14 2,250,024 ----a-w c:\windows\system32\pbsvc.exe
2008-10-19 19:16 --------- d-----w c:\documents and settings\Phill\Application Data\Atari
2008-10-19 19:09 --------- d-----w c:\program files\Common Files\PocketSoft
2008-10-19 18:54 --------- d-----w c:\documents and settings\Phill\Application Data\Vso
2008-10-18 16:08 --------- d-----w c:\program files\RSBR-Software
2008-10-18 16:08 --------- d-----w c:\documents and settings\Phill\Application Data\News File Grabber
2008-10-18 16:07 --------- d-----w c:\documents and settings\Phill\Application Data\NewsLeecher
2008-10-18 15:50 --------- d-----w c:\program files\NewsLeecher
2008-10-18 14:56 --------- d-----w c:\program files\Mozilla Thunderbird
2008-10-18 14:48 --------- d-----w c:\documents and settings\Phill\Application Data\Thunderbird
2008-10-18 14:48 --------- d-----w c:\documents and settings\Phill\Application Data\Talkback
2008-10-18 07:34 --------- d-----w c:\program files\LibUSB-Win32-0.1.10.1
2008-10-17 17:24 87,352 ----a-w c:\windows\system32\LMIinit.dll
2008-10-17 17:24 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll
2008-10-17 17:24 47,640 ----a-w c:\windows\system32\drivers\LMIRfsDriver.sys
2008-10-17 17:24 28,984 ----a-w c:\windows\system32\LMIport.dll
2008-10-17 17:24 23,736 ----a-w c:\windows\system32\lmimirr.dll
2008-10-17 17:24 10,040 ----a-w c:\windows\system32\lmimirr2.dll
2008-10-13 09:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-10-02 22:50 81,920 ----a-w c:\windows\system32\frapsvid.dll
2008-05-14 16:20 47,360 ----a-w c:\documents and settings\Phill\Application Data\pcouffin.sys
2008-02-28 13:30 8,784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 13:33 245,408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ABIT uGuruIII"="c:\program files\U-ABIT\uGuru\uGuru.exe" [2007-11-07 425984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-23 136600]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-04-19 319488]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-12-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Jo\Start Menu\Programs\Startup\
Windows Messenger.lnk - c:\program files\Messenger\msmsgs.exe [4/29/2008 6:41:06 PM 1695232]
Yahoo! Messenger.lnk - c:\program files\Yahoo!\Messenger\YahooMessenger.exe [4/29/2008 8:24:43 PM 4670704]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 3:21:22 AM 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2/10/2006 6:56:20 AM 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 17:24 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Synology Assistant\\DSAssistant.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Synology Download Redirector\\Redirector.exe"=
"e:\\Battlefield 2142\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\COD4\\iw3mp.exe"=
"e:\\Codemasters\\GRID\\GRID.exe"=
"e:\\bf2\\BF2.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"e:\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Codemasters\\Race Driver 3\\RD3.exe"=
"e:\\pes2009\\PES 2009\\pes2009.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"e:\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
"e:\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\fm2009\\fm.exe"=
"c:\\Program Files\\U-ABIT\\FlashMenu\\FlashMenu.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"e:\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\GTA4\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\Shaun White\\ShaunWhiteSnowboardingGame.exe"=
"e:\\Shaun White\\ShaunWhiteSnowboarding.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 3:11:18 PM 35328]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [4/29/2008 5:43:36 PM 10368]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [5/3/2008 1:23:44 PM 97928]
R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [5/5/2008 8:45:25 PM 14592]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/4/2008 3:04:22 PM 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/4/2008 3:04:20 PM 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [5/3/2008 1:23:46 PM 76040]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe []
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [8/3/2007 2:09:34 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [5/1/2008 12:29:00 AM 47640]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [10/18/2008 7:34:23 AM 33792]
R3 SaiH0004;SaiH0004;c:\windows\system32\DRIVERS\SaiH0004.sys [5/1/2007 3:44:04 PM 132232]
R3 SaiL0004;SaiL0004;c:\windows\system32\DRIVERS\SaiL0004.sys [5/1/2007 3:44:04 PM 15488]
R3 SaiU0004;SaiU0004;c:\windows\system32\DRIVERS\SaiU0004.sys [5/1/2007 3:44:04 PM 28416]
S0 Si3132r5;Si3132r5;c:\windows\system32\drivers\Si3132r5.sys [4/29/2008 5:43:29 PM 201728]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [6/30/2008 10:14:36 PM 23152]
S3 Memctl;Memctl;\??\c:\program files\U-ABIT\FlashMenu\Memctl.sys [11/25/2008 9:26:16 PM 4047]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\DRIVERS\xusb20.sys [7/6/2008 8:43:58 PM 50048]
S4 LMIRfsClientNP;LMIRfsClientNP; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{11FC12D0-1A72-12D2-992D-5BC14F992BC7}]
c:\windows\system32\javan.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Phill\Application Data\Mozilla\Firefox\Profiles\r73t472o.default\
FF - plugin: c:\documents and settings\Phill\Application Data\Mozilla\Firefox\Profiles\r73t472o.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 17:57:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(1100)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-17 17:58:22
ComboFix-quarantined-files.txt 2008-12-17 17:58:19

Pre-Run: 12,795,129,856 bytes free
Post-Run: 12,827,041,792 bytes free

291



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:40, on 17/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Phill\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\U-ABIT\uGuru\uGuru.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 7152 bytes

Hello,

You're welcome.

How is it running? One more scan, please :

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea

Everything is running great and MalwareBytes reported no problems! thanks for your help Tea.


Malwarebytes' Anti-Malware 1.31
Database version: 1511
Windows 5.1.2600 Service Pack 3

17/12/2008 18:44:17
mbam-log-2008-12-17 (18-44-17).txt

Scan type: Quick Scan
Objects scanned: 22047
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

That's great, and you're most welcome.

Please delete ComboFix and its accompanying folder C:\Qoobox, as well as SDFix. Empty your Recycle bin and reboot your computer.

You might consider a firewall for the system, especially with the torrent stuff I see installed. Some good free firewalls are Kerio, or Outpost. I use Comodo on my own system and really like it. http://comodo.com
A tutorial on understanding and using firewalls may be found here.

http://mvps.org/winhelp2002/unwanted.htm

Take care!
tea

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.