Vic b

Tried running combofix again this time dragging the notepad file over. Same thing happened as before - starts to run and seems ok, then after doing the restore backup the computer blue screens - long message which included IRQL_NOT_LESS_OR_EQUAL and I have to reboot. Not confident about trying to run this again - any ideas why it might be doing this? Anti Virus and Internet both disabled and nothing else open. Cheers Vic

Hi again - thanks for the extra advice. I ran everything you suggested. all seems ok - although I'm not 100% sure I did the combofix run right as the first time the machine crashed and I had to restart, and when I tried again I forgot to drag the notepad file again. Wasn't sure if it was ok to run it a third time. Appreciate if you could let me know if i need to run through this again. Here are the Combofix, MBAm and HJT logs: Combofix: ComboFix 09-02-12.03 - Vic 2009-02-13 22:23:13.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1021.588 [GMT 0:00] Running from: c:\documents and settings\Vic\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *disabled* FW: NVIDIA Firewall *disabled* * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-01-13 to 2009-02-13 ))))))))))))))))))))))))))))))) . 2009-02-13 21:58 . 2009-02-13 21:58 <DIR> d-------- c:\program files\JavaRa 2009-02-13 21:57 . 2009-02-13 21:57 69,561 --a------ c:\program files\JavaRa.zip 2009-02-13 21:52 . 2009-02-13 21:52 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-02-13 21:48 . 2009-02-13 22:13 <DIR> d-------- c:\program files\NOS 2009-02-13 21:48 . 2009-02-13 22:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2009-02-13 21:44 . 2009-02-13 21:44 268 --ah----- C:\sqmdata02.sqm 2009-02-13 21:44 . 2009-02-13 21:44 244 --ah----- C:\sqmnoopt02.sqm 2009-02-10 23:52 . 2008-12-20 23:15 6,066,688 --------- c:\windows\system32\dllcache\ieframe.dll 2009-02-10 23:52 . 2007-04-17 09:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat 2009-02-10 23:52 . 2007-03-08 05:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui 2009-02-10 23:52 . 2008-12-20 23:15 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll 2009-02-10 23:52 . 2008-12-20 23:15 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll 2009-02-10 23:52 . 2008-12-20 23:15 267,776 --------- c:\windows\system32\dllcache\iertutil.dll 2009-02-10 23:52 . 2008-12-20 23:15 63,488 --------- c:\windows\system32\dllcache\icardie.dll 2009-02-10 23:52 . 2008-12-20 23:15 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll 2009-02-10 23:52 . 2008-12-19 09:10 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe 2009-02-05 21:54 . 2009-02-05 21:54 <DIR> d-------- c:\program files\Trend Micro 2009-02-05 17:09 . 2009-02-05 17:09 2,524 --a------ C:\autorun.PNF 2009-02-02 23:56 . 2009-02-02 23:56 <DIR> d-------- c:\documents and settings\Vic\Application Data\Malwarebytes 2009-02-02 22:30 . 2009-02-02 22:30 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-02-02 20:53 . 2009-02-02 20:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-02 20:53 . 2009-02-02 20:53 <DIR> d-------- c:\documents and settings\Pommy.SEBASTIAN\Application Data\Malwarebytes 2009-02-02 20:53 . 2009-02-02 20:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-02 20:53 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-02 20:53 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-01 15:58 . 2009-02-01 15:58 <DIR> d-------- c:\documents and settings\Vic\Application Data\Lavasoft 2009-02-01 15:45 . 2009-02-01 15:45 <DIR> d-------- c:\documents and settings\Vic\Application Data\SpywareStop 2009-02-01 13:45 . 2009-02-10 22:45 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-02-01 13:45 . 2009-02-10 22:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-01 10:34 . 2009-02-01 10:41 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-01-31 19:17 . 2009-01-31 19:17 <DIR> d-------- c:\documents and settings\Pommy.SEBASTIAN\Application Data\SpywareStop 2009-01-31 18:54 . 2006-05-12 03:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver 2009-01-31 18:54 . 2006-05-12 03:10 <DIR> d--h----- c:\documents and settings\Administrator\Application Data\Gtek 2009-01-31 18:54 . 2006-05-12 03:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Creative 2009-01-31 18:54 . 2006-05-12 03:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Corel 2009-01-31 18:54 . 2006-05-18 17:35 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AOL 2009-01-31 18:54 . 2009-02-10 22:39 <DIR> d-------- c:\documents and settings\Administrator . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-13 22:25 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki 2009-02-13 21:51 --------- d-----w c:\program files\Common Files\Adobe 2009-02-13 20:36 --------- d-----w c:\documents and settings\Vic\Application Data\Canon 2009-02-10 22:48 --------- d-----w c:\program files\Kontiki 2009-02-10 22:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-02-03 17:03 --------- d-----w c:\program files\Common Files\Sony Shared 2009-02-03 17:02 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-03 17:00 --------- d-----w c:\program files\RealArcade 2009-01-31 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-01-29 10:56 --------- d-----w c:\documents and settings\Pommy.SEBASTIAN\Application Data\Canon 2009-01-16 21:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll 2009-01-06 19:49 --------- d-----w c:\program files\Common Files\AVSMedia 2009-01-06 19:49 --------- d-----w c:\program files\AVS4YOU 2009-01-06 19:49 --------- d-----w c:\documents and settings\Pommy.SEBASTIAN\Application Data\AVS4YOU 2009-01-01 14:56 --------- d-----w c:\program files\LifeScan 2008-12-29 17:46 44,408 ----a-w c:\documents and settings\Vic\Application Data\GDIPFONTCACHEV1.DAT 2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-12-14 15:21 44,408 ----a-w c:\documents and settings\Pommy.SEBASTIAN\Application Data\GDIPFONTCACHEV1.DAT 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2006-09-29 17:47 774,144 ----a-w c:\program files\RngInterstitial.dll 2006-06-15 17:09 56 --sh--r c:\windows\system32\2C5E95D865.sys 2006-06-20 10:24 88 --sh--r c:\windows\system32\65D8955E2C.sys 2006-06-20 10:24 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-02-10_22.21.47.67 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-14 00:11:48 61,440 -c--a-w c:\windows\ie7\admparse.dll + 2008-04-14 00:11:48 99,840 -c--a-w c:\windows\ie7\advpack.dll + 2008-04-14 00:11:52 357,888 -c--a-w c:\windows\ie7\dxtmsft.dll + 2008-04-14 00:11:52 205,312 -c--a-w c:\windows\ie7\dxtrans.dll + 2008-04-14 00:11:53 55,808 -c--a-w c:\windows\ie7\extmgr.dll + 2008-04-14 00:11:54 38,912 -c--a-w c:\windows\ie7\hmmapi.dll + 2008-04-14 00:12:22 34,304 -c--a-w c:\windows\ie7\ie4uinit.exe + 2008-04-14 00:11:54 143,360 -c--a-w c:\windows\ie7\ieakeng.dll + 2008-04-14 00:11:54 216,576 -c--a-w c:\windows\ie7\ieaksie.dll + 2004-08-04 04:00:00 221,184 -c--a-w c:\windows\ie7\ieakui.dll + 2008-04-14 00:11:54 323,584 -c--a-w c:\windows\ie7\iedkcs32.dll + 2008-04-14 00:12:22 18,432 -c--a-w c:\windows\ie7\iedw.exe + 2008-04-14 00:11:54 251,904 -c--a-w c:\windows\ie7\iepeers.dll + 2008-04-14 00:11:54 48,640 -c--a-w c:\windows\ie7\iernonce.dll + 2008-04-14 00:11:54 62,976 -c--a-w c:\windows\ie7\iesetup.dll + 2008-04-14 00:12:22 93,184 -c--a-w c:\windows\ie7\iexplore.exe + 2008-04-14 00:11:54 35,840 -c--a-w c:\windows\ie7\imgutil.dll + 2008-04-14 00:11:55 96,256 -c--a-w c:\windows\ie7\inseng.dll + 2008-04-14 00:11:56 15,872 -c--a-w c:\windows\ie7\jsproxy.dll + 2008-04-14 00:11:56 22,016 -c--a-w c:\windows\ie7\licmgr10.dll + 2008-04-14 00:12:27 29,184 -c--a-w c:\windows\ie7\mshta.exe + 2008-12-12 17:01:00 3,067,904 -c--a-w c:\windows\ie7\mshtml.dll + 2008-04-14 00:11:59 449,024 -c--a-w c:\windows\ie7\mshtmled.dll + 2008-04-13 16:26:26 56,832 -c--a-w c:\windows\ie7\mshtmler.dll + 2004-08-04 04:00:00 146,432 -c--a-w c:\windows\ie7\msls31.dll + 2008-04-14 00:12:00 146,432 -c--a-w c:\windows\ie7\msrating.dll + 2008-04-14 00:12:00 532,480 -c--a-w c:\windows\ie7\mstime.dll + 2008-04-14 00:12:02 96,256 -c--a-w c:\windows\ie7\occache.dll + 2008-04-14 00:12:02 39,424 -c--a-w c:\windows\ie7\pngfilt.dll + 2007-08-13 18:54:42 32,960 -c--a-w c:\windows\ie7\spuninst\iecustom.dll + 2007-08-13 18:52:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe + 2006-09-06 17:43:16 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe + 2006-09-06 17:43:18 371,424 -c--a-w c:\windows\ie7\spuninst\updspapi.dll + 2008-04-14 00:12:08 37,888 -c--a-w c:\windows\ie7\url.dll + 2008-10-16 01:00:11 619,520 -c--a-w c:\windows\ie7\urlmon.dll + 2008-04-14 00:12:08 851,968 -c--a-w c:\windows\ie7\vgx.dll + 2008-04-14 00:12:08 276,480 -c--a-w c:\windows\ie7\webcheck.dll + 2008-10-16 01:00:11 666,112 -c--a-w c:\windows\ie7\wininet.dll + 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll + 2007-08-13 18:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll + 2007-08-13 18:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll + 2007-08-13 18:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll.000 + 2007-08-13 18:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll + 2007-08-13 18:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll.000 + 2007-08-13 18:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll + 2007-08-13 18:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll.000 + 2007-08-13 18:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll + 2007-08-13 18:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll.000 + 2007-08-13 18:36:26 61,952 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll + 2007-08-13 18:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe + 2007-08-13 18:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe.000 + 2007-08-13 18:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll + 2007-08-13 18:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll.000 + 2007-08-13 18:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll + 2007-08-13 18:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll.000 + 2007-08-13 17:56:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll + 2007-08-13 17:56:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll.000 + 2007-02-12 16:10:12 2,451,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dat + 2007-07-11 12:27:48 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll + 2007-08-13 18:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll + 2007-08-13 18:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll.000 + 2007-08-13 18:54:10 6,049,280 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll + 2007-08-13 18:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll + 2007-08-13 18:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll.000 + 2007-08-13 18:34:04 266,752 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll + 2007-08-13 18:39:10 13,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe + 2007-08-13 18:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe + 2007-08-13 18:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll + 2007-08-13 18:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll.000 + 2007-08-13 18:54:10 458,752 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll + 2007-08-13 18:54:10 50,688 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll + 2007-08-13 18:54:12 3,578,368 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll + 2007-08-13 18:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll + 2007-08-13 18:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll.000 + 2007-08-13 18:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll + 2007-08-13 18:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll.000 + 2007-08-13 18:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll + 2007-08-13 18:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll.000 + 2007-08-13 18:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll + 2007-08-13 18:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll.000 + 2007-08-13 18:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll + 2007-08-13 18:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll.000 + 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll + 2007-08-13 18:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll + 2007-08-13 18:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll.000 + 2007-08-13 18:54:10 1,162,240 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll + 2007-08-13 18:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll + 2007-08-13 18:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll.000 + 2007-08-13 18:54:10 818,688 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll + 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll + 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll.000 + 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll + 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll + 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll + 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll + 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll.000 + 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe + 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll + 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll + 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll + 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dat + 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll + 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll.000 + 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll + 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll + 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll.000 + 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll + 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll + 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll.000 + 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe + 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe + 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll + 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll + 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll.000 + 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll + 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll.000 + 2008-08-27 13:54:32 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll + 2008-08-27 13:54:32 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll.000 + 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll + 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll.000 + 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll + 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll + 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll + 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll + 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll.000 + 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll + 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll + 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll.000 + 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll + 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll.000 + 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll + 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll.000 + 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll + 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll.000 + 2007-12-12 15:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe - 2008-04-14 00:11:48 61,440 ----a-w c:\windows\system32\admparse.dll + 2007-08-13 18:39:20 71,680 ----a-w c:\windows\system32\admparse.dll - 2008-04-14 00:11:48 99,840 ----a-w c:\windows\system32\advpack.dll + 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll - 2009-02-06 20:21:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-02-13 21:48:33 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-02-06 20:21:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-02-13 21:48:33 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-02-06 20:21:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-02-13 21:48:33 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-08-13 18:39:20 71,680 ------w c:\windows\system32\dllcache\admparse.dll + 2008-12-20 23:15:11 124,928 ------w c:\windows\system32\dllcache\advpack.dll + 2006-09-23 13:12:50 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll + 2007-08-13 18:42:54 17,408 ------w c:\windows\system32\dllcache\corpol.dll + 2007-08-13 18:54:10 33,792 ------w c:\windows\system32\dllcache\custsat.dll + 2008-12-20 23:15:12 347,136 ------w c:\windows\system32\dllcache\dxtmsft.dll + 2008-12-20 23:15:13 214,528 ------w c:\windows\system32\dllcache\dxtrans.dll + 2008-12-20 23:15:13 133,120 ------w c:\windows\system32\dllcache\extmgr.dll + 2007-08-13 18:18:02 60,416 ------w c:\windows\system32\dllcache\hmmapi.dll + 2008-12-20 23:15:14 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll + 2008-12-20 23:15:14 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll + 2008-12-20 23:15:16 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll + 2007-08-13 18:44:02 69,120 ------w c:\windows\system32\dllcache\iedw.exe + 2007-08-13 18:45:18 78,336 ------w c:\windows\system32\dllcache\ieencode.dll + 2007-08-13 18:54:10 191,488 ------w c:\windows\system32\dllcache\iepeers.dll + 2008-12-20 23:15:21 44,544 ------w c:\windows\system32\dllcache\iernonce.dll + 2007-08-13 18:39:12 55,296 ------w c:\windows\system32\dllcache\iesetup.dll + 2007-08-13 18:36:06 36,352 ------w c:\windows\system32\dllcache\imgutil.dll + 2007-08-13 18:39:02 92,672 ------w c:\windows\system32\dllcache\inseng.dll + 2008-12-20 23:15:23 27,648 ------w c:\windows\system32\dllcache\jsproxy.dll + 2007-08-13 18:44:18 40,960 ------w c:\windows\system32\dllcache\licmgr10.dll + 2007-08-13 18:32:30 45,568 ------w c:\windows\system32\dllcache\mshta.exe + 2008-12-20 23:15:30 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll + 2007-08-13 18:01:12 48,128 ------w c:\windows\system32\dllcache\mshtmler.dll + 2007-08-13 18:54:10 156,160 ------w c:\windows\system32\dllcache\msls31.dll + 2008-12-20 23:15:31 193,024 ------w c:\windows\system32\dllcache\msrating.dll + 2008-12-20 23:15:32 671,232 ------w c:\windows\system32\dllcache\mstime.dll + 2008-12-20 23:15:38 102,912 ------w c:\windows\system32\dllcache\occache.dll + 2008-12-20 23:15:38 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll + 2006-09-23 13:12:50 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll + 2008-12-20 23:15:39 105,984 ------w c:\windows\system32\dllcache\url.dll - 2008-10-16 01:00:11 619,520 ------w c:\windows\system32\dllcache\urlmon.dll + 2008-12-20 23:15:40 1,160,192 ------w c:\windows\system32\dllcache\urlmon.dll + 2008-05-27 17:23:58 765,952 ------w c:\windows\system32\dllcache\vgx.dll + 2008-12-20 23:15:40 233,472 ------w c:\windows\system32\dllcache\webcheck.dll - 2008-10-16 01:00:11 666,112 ------w c:\windows\system32\dllcache\wininet.dll + 2008-12-20 23:15:41 826,368 ------w c:\windows\system32\dllcache\wininet.dll - 2008-04-14 00:11:52 357,888 ----a-w c:\windows\system32\dxtmsft.dll + 2008-12-20 23:15:12 347,136 ------w c:\windows\system32\dxtmsft.dll - 2008-04-14 00:11:52 205,312 ----a-w c:\windows\system32\dxtrans.dll + 2008-12-20 23:15:13 214,528 ------w c:\windows\system32\dxtrans.dll - 2008-04-14 00:11:53 55,808 ----a-w c:\windows\system32\extmgr.dll + 2008-12-20 23:15:13 133,120 ------w c:\windows\system32\extmgr.dll - 2008-11-19 17:48:52 199,344 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-02-11 18:39:12 199,344 ----a-w c:\windows\system32\FNTCACHE.DAT + 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll + 2006-06-29 08:05:44 26,112 ------w c:\windows\system32\idndl.dll - 2008-04-14 00:12:22 34,304 ----a-w c:\windows\system32\ie4uinit.exe + 2008-12-19 09:10:15 70,656 ------w c:\windows\system32\ie4uinit.exe - 2008-04-14 00:11:54 143,360 ----a-w c:\windows\system32\ieakeng.dll + 2008-12-20 23:15:14 153,088 ------w c:\windows\system32\ieakeng.dll - 2008-04-14 00:11:54 216,576 ----a-w c:\windows\system32\ieaksie.dll + 2008-12-20 23:15:14 230,400 ------w c:\windows\system32\ieaksie.dll - 2004-08-04 04:00:00 221,184 ----a-w c:\windows\system32\ieakui.dll + 2008-12-19 05:23:56 161,792 ------w c:\windows\system32\ieakui.dll + 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\system32\ieapfltr.dat + 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll - 2008-04-14 00:11:54 323,584 ----a-w c:\windows\system32\iedkcs32.dll + 2008-12-20 23:15:16 384,512 ------w c:\windows\system32\iedkcs32.dll + 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll - 2008-04-14 00:11:54 251,904 ----a-w c:\windows\system32\iepeers.dll + 2007-08-13 18:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll - 2008-04-14 00:11:54 48,640 ----a-w c:\windows\system32\iernonce.dll + 2008-12-20 23:15:21 44,544 ------w c:\windows\system32\iernonce.dll + 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll - 2008-04-14 00:11:54 62,976 ----a-w c:\windows\system32\iesetup.dll + 2007-08-13 18:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll + 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe + 2007-08-13 18:54:10 180,736 ------w c:\windows\system32\ieui.dll - 2008-04-14 00:11:54 35,840 ----a-w c:\windows\system32\imgutil.dll + 2007-08-13 18:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll - 2008-04-14 00:11:55 96,256 ----a-w c:\windows\system32\inseng.dll + 2007-08-13 18:39:02 92,672 ----a-w c:\windows\system32\inseng.dll - 2008-04-14 00:11:56 15,872 ----a-w c:\windows\system32\jsproxy.dll + 2008-12-20 23:15:23 27,648 ------w c:\windows\system32\jsproxy.dll - 2008-04-14 00:11:56 22,016 ----a-w c:\windows\system32\licmgr10.dll + 2007-08-13 18:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll - 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe + 2009-02-03 15:21:14 21,244,864 ----a-w c:\windows\system32\MRT.exe + 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll + 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll + 2007-08-13 18:36:40 12,288 ------w c:\windows\system32\msfeedssync.exe - 2008-04-14 00:12:27 29,184 ----a-w c:\windows\system32\mshta.exe + 2007-08-13 18:32:30 45,568 ----a-w c:\windows\system32\mshta.exe - 2008-12-12 17:01:00 3,067,904 ----a-w c:\windows\system32\mshtml.dll + 2009-01-16 21:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll - 2008-04-14 00:11:59 449,024 ----a-w c:\windows\system32\mshtmled.dll + 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll - 2008-04-13 16:26:26 56,832 ----a-w c:\windows\system32\mshtmler.dll + 2007-08-13 18:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll - 2004-08-04 04:00:00 146,432 ----a-w c:\windows\system32\msls31.dll + 2007-08-13 18:54:10 156,160 ----a-w c:\windows\system32\msls31.dll - 2008-04-14 00:12:00 146,432 ----a-w c:\windows\system32\msrating.dll + 2008-12-20 23:15:31 193,024 ------w c:\windows\system32\msrating.dll - 2008-04-14 00:12:00 532,480 ----a-w c:\windows\system32\mstime.dll + 2008-12-20 23:15:32 671,232 ------w c:\windows\system32\mstime.dll + 2006-06-28 17:59:26 24,576 ------w c:\windows\system32\nlsdl.dll + 2006-06-29 08:05:44 23,552 ------w c:\windows\system32\normaliz.dll - 2008-04-14 00:12:02 96,256 ----a-w c:\windows\system32\occache.dll + 2008-12-20 23:15:38 102,912 ------w c:\windows\system32\occache.dll - 2008-04-14 00:12:02 39,424 ----a-w c:\windows\system32\pngfilt.dll + 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll - 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll + 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll - 2008-04-14 00:12:08 37,888 ----a-w c:\windows\system32\url.dll + 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll - 2008-10-16 01:00:11 619,520 ----a-w c:\windows\system32\urlmon.dll + 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll - 2008-04-14 00:12:08 276,480 ----a-w c:\windows\system32\webcheck.dll + 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll + 2007-08-13 18:45:16 206,336 ------w c:\windows\system32\WinFXDocObj.exe - 2008-10-16 01:00:11 666,112 ----a-w c:\windows\system32\wininet.dll + 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\wininet.dll + 2009-02-13 22:16:44 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5e8.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-01 7561216] "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960] "BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-19 185896] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976] "MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "CTHelper"="CTHELPER.EXE" [2005-11-08 c:\windows\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 c:\windows\system32\CTXFIHLP.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-05-12 156784] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Pagis Scheduler.lnk - c:\program files\xerox\Pagis\Monitor.exe [2006-05-30 39424] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\Kontiki\\KService.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2008-06-08 72672] S2 MKEMUSB;Panasonic Digital Palmcorder;c:\windows\system32\drivers\Mkemusb.sys [2006-11-11 14308] S3 CamdDriverV32;CamdDriverV32;c:\windows\system32\drivers\CamdDriverV32.sys [2008-06-23 508544] S3 CamdVideo32;CamdVideo32;c:\windows\system32\drivers\CamdVideo32.sys [2008-06-23 3768] S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;c:\windows\system32\drivers\Mkeusbi.sys [2006-11-11 16640] S3 DCamUSBMke2;Panasonic USB Video Camera;c:\windows\system32\drivers\Mkeusbi2.sys [2006-11-11 15872] S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\POMMY~1.SEB\LOCALS~1\Temp\Fadpu16E.sys --> c:\docume~1\POMMY~1.SEB\LOCALS~1\Temp\Fadpu16E.sys [?] S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-02-25 3768] S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2007-11-02 83496] S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2007-11-02 15016] S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2007-11-02 109992] S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [2007-11-02 103976] S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [2007-11-02 100008] S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\drivers\z530bus.sys [2007-12-11 58288] S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\drivers\z530mdfl.sys [2007-12-11 8336] S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\drivers\z530mdm.sys [2007-12-11 94064] S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\z530mgmt.sys [2007-12-11 85408] S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\drivers\z530obex.sys [2007-12-11 83344] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-6-4-95-100020766-100028246-100021796-6705.com c:\ \Shell\Open\command - c:\recycler\S-6-4-95-100020766-100028246-100021796-6705.com c:\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2711624-aaff-11dc-9354-0014223e8594}] \Shell\AutoRun\command - H:\InstallTomTomHOME.exe . Contents of the 'Scheduled Tasks' folder 2009-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-04-15 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2007-06-08 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2009-02-01 c:\windows\Tasks\SpywareStop Scheduled Scan.job - c:\program files\SpywareStop\SpywareStop.exe [] 2009-02-01 c:\windows\Tasks\SpywareStop Scheduled Scan.job - c:\program files\SpywareStop [] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Pommy.SEBASTIAN\Start Menu\Programs\IMVU\Run IMVU.lnk LSP: %SYSTEMROOT%\system32\nvappfilter.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-13 22:26:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? CTxfiHlp = CTXFIHLP.EXE? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(740) c:\windows\system32\nvappfilter.dll . Completion time: 2009-02-13 22:28:40 ComboFix-quarantined-files.txt 2009-02-13 22:28:18 ComboFix2.txt 2009-02-10 23:43:04 ComboFix3.txt 2009-02-10 22:22:59 Pre-Run: 164,637,290,496 bytes free Post-Run: 164,716,904,448 bytes free 474 --- E O F --- 2009-02-11 23:56:20 MBAM: Malwarebytes' Anti-Malware 1.34 Database version: 1760 Windows 5.1.2600 Service Pack 3 13/02/2009 22:46:13 mbam-log-2009-02-13 (22-46-13).txt Scan type: Quick Scan Objects scanned: 100176 Time elapsed: 3 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:35:40, on 13/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Kontiki\KService.exe C:\WINDOWS\system32\LxrSII1s.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe C:\Program Files\MarkAny\ContentSafer\MAAgent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kontiki\KHost.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\xerox\Pagis\Monitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=en&s=gen R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Pagis Scheduler.lnk = C:\Program Files\xerox\Pagis\Monitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Pommy.SEBASTIAN\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10951 bytes

Sure - thanks for your help. I ran it twice. Here is the second log after I'd updated our virus software: ComboFix 09-02-10.01 - Vic 2009-02-10 23:39:19.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1021.544 [GMT 0:00] Running from: c:\documents and settings\Vic\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *disabled* FW: NVIDIA Firewall *disabled* . ((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 ))))))))))))))))))))))))))))))) . 2009-02-05 21:54 . 2009-02-05 21:54 <DIR> d-------- c:\program files\Trend Micro 2009-02-05 17:09 . 2009-02-05 17:09 2,524 --a------ C:\autorun.PNF 2009-02-02 23:56 . 2009-02-02 23:56 <DIR> d-------- c:\documents and settings\Vic\Application Data\Malwarebytes 2009-02-02 22:30 . 2009-02-02 22:30 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-02-02 20:53 . 2009-02-02 20:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-02 20:53 . 2009-02-02 20:53 <DIR> d-------- c:\documents and settings\Pommy.SEBASTIAN\Application Data\Malwarebytes 2009-02-02 20:53 . 2009-02-02 20:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-02 20:53 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-02 20:53 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-01 15:58 . 2009-02-01 15:58 <DIR> d-------- c:\documents and settings\Vic\Application Data\Lavasoft 2009-02-01 15:45 . 2009-02-01 15:45 <DIR> d-------- c:\documents and settings\Vic\Application Data\SpywareStop 2009-02-01 13:45 . 2009-02-10 22:45 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-02-01 13:45 . 2009-02-10 22:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-01 10:34 . 2009-02-01 10:41 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-01-31 19:17 . 2009-01-31 19:17 <DIR> d-------- c:\documents and settings\Pommy.SEBASTIAN\Application Data\SpywareStop 2009-01-31 18:54 . 2006-05-12 03:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver 2009-01-31 18:54 . 2006-05-12 03:10 <DIR> d--h----- c:\documents and settings\Administrator\Application Data\Gtek 2009-01-31 18:54 . 2006-05-12 03:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Creative 2009-01-31 18:54 . 2006-05-12 03:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Corel 2009-01-31 18:54 . 2006-05-18 17:35 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AOL 2009-01-31 18:54 . 2009-02-10 22:39 <DIR> d-------- c:\documents and settings\Administrator . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-10 23:40 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki 2009-02-10 22:48 --------- d-----w c:\program files\Kontiki 2009-02-10 22:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-02-03 17:03 --------- d-----w c:\program files\Common Files\Sony Shared 2009-02-03 17:02 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-03 17:00 --------- d-----w c:\program files\RealArcade 2009-01-31 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-01-29 10:56 --------- d-----w c:\documents and settings\Pommy.SEBASTIAN\Application Data\Canon 2009-01-06 19:49 --------- d-----w c:\program files\Common Files\AVSMedia 2009-01-06 19:49 --------- d-----w c:\program files\AVS4YOU 2009-01-06 19:49 --------- d-----w c:\documents and settings\Pommy.SEBASTIAN\Application Data\AVS4YOU 2009-01-01 14:56 --------- d-----w c:\program files\LifeScan 2008-12-29 17:46 44,408 ----a-w c:\documents and settings\Vic\Application Data\GDIPFONTCACHEV1.DAT 2008-12-14 15:21 44,408 ----a-w c:\documents and settings\Pommy.SEBASTIAN\Application Data\GDIPFONTCACHEV1.DAT 2008-12-12 17:01 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2006-09-29 17:47 774,144 ----a-w c:\program files\RngInterstitial.dll 2006-06-15 17:09 56 --sh--r c:\windows\system32\2C5E95D865.sys 2006-06-20 10:24 88 --sh--r c:\windows\system32\65D8955E2C.sys 2006-06-20 10:24 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-02-10_22.21.47.67 ))))))))))))))))))))))))))))))))))))))))) . - 2009-02-06 20:21:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-02-10 23:30:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-02-06 20:21:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-02-10 23:30:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-02-06 20:21:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-02-10 23:30:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-04-14 00:12:22 93,184 ----a-w c:\windows\system32\dllcache\iexplore.exe + 2009-02-10 23:17:46 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_680.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-01 7561216] "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881] "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960] "BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-19 185896] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976] "MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "CTHelper"="CTHELPER.EXE" [2005-11-08 c:\windows\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 c:\windows\system32\CTXFIHLP.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-05-12 156784] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Pagis Scheduler.lnk - c:\program files\xerox\Pagis\Monitor.exe [2006-05-30 39424] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\Kontiki\\KService.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2008-06-08 72672] S2 MKEMUSB;Panasonic Digital Palmcorder;c:\windows\system32\drivers\Mkemusb.sys [2006-11-11 14308] S3 CamdDriverV32;CamdDriverV32;c:\windows\system32\drivers\CamdDriverV32.sys [2008-06-23 508544] S3 CamdVideo32;CamdVideo32;c:\windows\system32\drivers\CamdVideo32.sys [2008-06-23 3768] S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;c:\windows\system32\drivers\Mkeusbi.sys [2006-11-11 16640] S3 DCamUSBMke2;Panasonic USB Video Camera;c:\windows\system32\drivers\Mkeusbi2.sys [2006-11-11 15872] S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\POMMY~1.SEB\LOCALS~1\Temp\Fadpu16E.sys --> c:\docume~1\POMMY~1.SEB\LOCALS~1\Temp\Fadpu16E.sys [?] S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-02-25 3768] S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2007-11-02 83496] S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2007-11-02 15016] S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2007-11-02 109992] S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [2007-11-02 103976] S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [2007-11-02 100008] S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\drivers\z530bus.sys [2007-12-11 58288] S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\drivers\z530mdfl.sys [2007-12-11 8336] S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\drivers\z530mdm.sys [2007-12-11 94064] S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\z530mgmt.sys [2007-12-11 85408] S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\drivers\z530obex.sys [2007-12-11 83344] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-6-4-95-100020766-100028246-100021796-6705.com c:\ \Shell\Open\command - c:\recycler\S-6-4-95-100020766-100028246-100021796-6705.com c:\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2711624-aaff-11dc-9354-0014223e8594}] \Shell\AutoRun\command - H:\InstallTomTomHOME.exe . Contents of the 'Scheduled Tasks' folder 2009-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-04-15 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2007-06-08 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2009-02-01 c:\windows\Tasks\SpywareStop Scheduled Scan.job - c:\program files\SpywareStop\SpywareStop.exe [] 2009-02-01 c:\windows\Tasks\SpywareStop Scheduled Scan.job - c:\program files\SpywareStop [] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Pommy.SEBASTIAN\Start Menu\Programs\IMVU\Run IMVU.lnk LSP: %SYSTEMROOT%\system32\nvappfilter.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-10 23:41:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? CTxfiHlp = CTXFIHLP.EXE? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(728) c:\windows\system32\nvappfilter.dll . Completion time: 2009-02-10 23:43:03 ComboFix-quarantined-files.txt 2009-02-10 23:43:00 ComboFix2.txt 2009-02-10 22:22:59 Pre-Run: 166,155,882,496 bytes free Post-Run: 166,145,290,240 bytes free 197 --- E O F --- 2009-01-14 23:17:31

Using Comofix has done the trick - after running it I managed to connect to the internet and update all our antivirus systems. The machine is now running fine and our browser is no longer hijacked. No need to restore afterall. Thank you so much! This is a fantastic forum - i'll recommed it to anyone I know having isssues with malware. Vic

Hi - here are the mbam log files. As you can see, it suggests there is no infection, but we know there is. We've disconnected the internet (as it appears to have rooted itself in our browsers), and had already done a scan and removed items when we produced this scan. We can't update the application and the macine is running very slow. Malwarebytes' Anti-Malware 1.33 Database version: 1654 Windows 5.1.2600 Service Pack 3 06/02/2009 23:04:39 mbam-log-2009-02-06 (23-04-39).txt Scan type: Full Scan (C:\|) Objects scanned: 229463 Time elapsed: 1 hour(s), 29 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Hi - as instructed, here are the log files from our machine. The advice we have from a friend is to wipe the computer and do a full restore. We only want to do this as a last resort. Any ideas? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:55:33, on 05/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Kontiki\KService.exe C:\WINDOWS\system32\LxrSII1s.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Kontiki\KHost.exe C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe C:\Program Files\MarkAny\ContentSafer\MAAgent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Vic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\xerox\Pagis\Monitor.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MSC\mcuimgr.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=en&s=gen R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [workflow] D:\installs\workflow.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Vic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spywareStop] C:\Program Files\SpywareStop\SpywareStop.exe -boot O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Pagis Scheduler.lnk = C:\Program Files\xerox\Pagis\Monitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Pommy.SEBASTIAN\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Filter hijack: text/html - {0EB00690-8FA1-11D3-96C7-829E3EA50C29} - (no file) O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 12929 bytes

Hi We have a Trojan infecting my sister's machine we can't get rid of. We've installed Malwarebytes and scanned the machine in normal and safe mode. It find various infected files, but even after removal the trojan is still there. It it is stopping us from updating Malwarebytes and also stopping us from running other spyware aps (like Spybot). Macafee doesn't pick anything up. The trojan has infected all our browsers (IE, Google Crome and Firefox) and redirects all our searches, and inserts adverts. The PC is running Windows XP and the system keeps freezing up as well. I think the Trojan is called something like Trojan.DNSnamechanger Any advice would be appreciated as we are not very technical! Thanks Vic