The problems (a.bat and avast! warnings) seem to be gone. However, when trying to run ComboFix, I get an error: "Freeware implementation of REG.EXE has stopped working". I ran ComboFix anyway, and the logs are below:
ComboFix 08-01-30.1 - piggy 2008-01-30 18:21:54.3 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1146 [GMT 8:00]
Running from: D:\Desktop\ComboFix.exe
Command switches used :: D:\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\lsyvg.exe
C:\Windows\qzabadyr.exe
C:\Windows\svchostx.exe
C:\Windows\vmdopiry.dll
C:\Windows\wlmsvcxp.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\lsyvg.exe
C:\Windows\qzabadyr.exe
C:\Windows\svchostx.exe
C:\Windows\vmdopiry.dll
C:\Windows\wlmsvcxp.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.
2008-01-30 16:01 . 2008-01-30 16:01 <DIR> dr------- C:\Users\piggy\AppData\Roaming\Brother
2008-01-30 11:17 . 2008-01-30 11:17 <DIR> d-------- C:\Windows\LastGood
2008-01-30 11:16 . 2007-07-26 16:15 53,248 --a------ C:\Windows\System32\CSVer.dll
2008-01-30 10:50 . 2008-01-30 10:50 <DIR> d-------- C:\NVIDIA
2008-01-30 10:48 . 2008-01-30 10:48 <DIR> d-------- C:\Windows\Sun
2008-01-30 10:48 . 2008-01-30 10:48 <DIR> d-------- C:\Users\piggy\AppData\Roaming\SystemRequirementsLab
2008-01-30 10:48 . 2008-01-30 10:48 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-01-30 10:47 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2008-01-30 10:46 . 2008-01-30 10:47 <DIR> d-------- C:\Program Files\Java
2008-01-30 10:46 . 2008-01-30 10:46 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-30 10:39 . 2008-01-30 10:42 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-30 10:32 . 2008-01-30 10:32 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-30 10:31 . 2008-01-30 10:32 <DIR> d-------- C:\Program Files\CCleaner
2008-01-30 10:19 . 2008-01-08 13:10 98,304 --a------ C:\Windows\RTKAUDIOSERVICE.EXE
2008-01-30 10:18 . 2008-01-30 10:18 <DIR> d-------- C:\Program Files\Realtek
2008-01-30 10:16 . 2007-11-14 15:18 553 --a------ C:\Windows\USetup.iss
2008-01-30 09:33 . 2007-11-13 11:15 1,048,576 --a------ C:\Windows\P5K-ASUS-0704.ROM
2008-01-30 09:33 . 2008-01-30 09:33 609,955 --a------ C:\Windows\P5K0704.zip
2008-01-29 14:45 . 2008-01-29 14:45 <DIR> d-------- C:\Deckard
2008-01-26 21:35 . 2008-01-30 10:32 <DIR> d-------- C:\Program Files\SpywareGuard
2008-01-25 10:02 . 2008-01-25 10:03 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-01-25 10:02 . 2008-01-25 10:03 <DIR> d-------- C:\ProgramData\Lavasoft
2008-01-25 10:02 . 2008-01-25 10:02 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-25 10:01 . 2008-01-25 10:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 10:09 . 2008-01-24 10:09 <DIR> d-------- C:\Windows\dudkmwia
2008-01-23 06:56 . 2007-11-30 04:07 25,088 --a------ C:\Windows\System32\userini.exe
2008-01-22 20:24 . 2008-01-30 11:03 54,156 --ah----- C:\Windows\QTFont.qfn
2008-01-22 20:24 . 2008-01-22 20:24 1,409 --a------ C:\Windows\QTFont.for
2008-01-22 14:47 . 2008-01-22 14:47 <DIR> d-------- C:\Program Files\iPod
2008-01-22 14:46 . 2008-01-22 14:47 <DIR> d-------- C:\Program Files\iTunes
2008-01-22 12:48 . 2008-01-21 21:12 20,937 -r-hs---- C:\Windows\winrl.exe
2008-01-15 14:48 . 2007-12-04 21:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-01-15 14:48 . 2004-01-09 17:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-01-15 14:48 . 2007-12-04 20:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-01-15 14:48 . 2007-12-04 22:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-01-15 14:48 . 2007-12-04 22:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-01-15 14:48 . 2007-12-04 22:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-01-10 09:25 . 2008-01-10 09:25 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-01-10 09:25 . 2000-07-21 11:05 518,416 --a------ C:\Windows\System32\msxml.dll
2008-01-10 09:25 . 2002-01-05 06:40 487,424 --a------ C:\Windows\System32\msvcp70.dll
2008-01-10 09:25 . 2002-01-05 07:37 344,064 --a------ C:\Windows\System32\msvcr70.dll
2008-01-10 09:25 . 2002-01-05 06:38 54,784 --a------ C:\Windows\System32\msvci70.dll
2008-01-10 09:25 . 2000-10-20 00:05 25,088 --a------ C:\Windows\System32\msxml3a.dll
2008-01-10 00:12 . 2008-01-10 00:12 <DIR> d-------- C:\Windows\SpaceForce - Captains
2008-01-09 17:06 . 2008-01-09 17:55 <DIR> d-------- C:\Program Files\RapidUploader
2008-01-01 14:26 . 2008-01-01 14:26 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2007-12-31 03:51 . 2007-12-31 03:51 <DIR> d-------- C:\PerfLogs
2007-12-31 03:35 . 2007-12-31 03:18 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2007-12-31 03:35 . 2007-12-31 03:18 36,864 --a------ C:\Windows\System32\SPReview.exe
2007-12-31 03:27 . 2007-11-30 04:07 193,024 --a------ C:\Windows\System32\recdisc.exe
2007-12-31 03:27 . 2007-11-30 04:11 142,336 --a------ C:\Windows\System32\spp.dll
2007-12-31 03:27 . 2007-11-30 04:11 28,160 --a------ C:\Windows\System32\sxproxy.dll
2007-12-31 03:27 . 2007-11-30 04:10 6,656 --a------ C:\Windows\System32\sdspres.dll
2007-12-31 03:25 . 2007-11-30 02:45 12,038,656 --a------ C:\Windows\System32\NlsLexicons0007.dll
2007-12-31 03:24 . 2007-11-30 04:08 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2007-12-31 03:22 . 2007-11-30 04:07 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2007-12-31 03:19 . 2007-11-30 04:07 44,032 --a------ C:\Windows\System32\cbsra.exe
2007-12-31 03:18 . 2007-12-31 03:36 196,608 --a------ C:\Windows\SPInstall.etl
2007-12-31 02:17 . 2008-01-10 08:07 <DIR> dr------- C:\Users\piggy\Hii King Chou
2007-12-31 02:10 . 2007-12-31 02:10 6,656 --a------ C:\Windows\System32\kbd106n.dll
2007-12-31 01:47 . 2007-12-31 01:47 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-31 01:47 . 2003-03-19 04:20 1,060,864 --a------ C:\Windows\System32\MFC71.dll
2007-12-31 01:18 . 2007-12-31 01:20 <DIR> d-------- C:\Users\All Users\AVG7
2007-12-31 01:18 . 2007-12-31 01:20 <DIR> d-------- C:\ProgramData\AVG7
2007-12-31 00:59 . 2007-12-31 00:59 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2007-12-31 00:49 . 2007-12-31 02:20 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2007-12-31 00:49 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2007-12-31 00:48 . 2007-12-31 00:48 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-31 00:41 . 2007-12-31 02:20 <DIR> d-------- C:\Program Files\Windows Live
2007-12-31 00:41 . 2007-12-31 00:44 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-31 00:40 . 2007-12-31 00:40 <DIR> d-------- C:\Users\All Users\WLInstaller
2007-12-31 00:40 . 2007-12-31 00:40 <DIR> d-------- C:\ProgramData\WLInstaller
2007-12-30 09:13 . 2007-12-30 09:13 <DIR> d-------- C:\Users\All Users\DFX
2007-12-30 09:13 . 2007-12-30 09:13 <DIR> d-------- C:\ProgramData\DFX
2007-12-30 08:24 . 2007-12-31 00:40 <DIR> d-------- C:\Program Files\Paint.NET
2007-12-30 08:17 . 2008-01-10 08:07 <DIR> d-------- C:\Users\piggy\AppData\Roaming\gtk-2.0
2007-12-30 08:15 . 2008-01-30 18:23 <DIR> d-------- C:\Users\piggy\AppData\Roaming\.purple
2007-12-30 08:14 . 2007-12-30 08:15 <DIR> d-------- C:\Program Files\Pidgin
2007-12-30 08:14 . 2007-12-30 08:14 <DIR> d-------- C:\Program Files\Common Files\GTK
2007-12-28 05:05 . 2007-12-28 05:05 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2007-12-19 17:57 . 2007-12-19 17:57 46,592 --a------ C:\Windows\System32\drivers\l160x86.sys
2007-12-18 10:48 . 2007-12-18 10:48 159,458 --a------ C:\Windows\System32\nvapps.xml
2007-12-14 11:32 . 2007-12-14 11:32 12,632 --a------ C:\Windows\System32\lsdelete.exe
2007-12-05 04:00 . 1997-12-17 18:33 304,128 --a------ C:\Windows\IsUninst.exe
2007-12-03 21:02 . 2007-12-03 21:02 <DIR> d-------- C:\Users\piggy\AppData\Roaming\InstallShield
2007-12-03 16:18 . 2007-12-03 21:04 <DIR> d-------- C:\Program Files\THQ
2007-12-03 14:55 . 2007-12-03 14:55 <DIR> d-------- C:\Users\piggy\AppData\Roaming\Apple Computer
2007-12-03 14:53 . 2007-12-03 14:53 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-03 14:52 . 2007-12-03 14:52 <DIR> d-------- C:\Users\All Users\Apple
2007-12-03 14:52 . 2007-12-03 14:52 <DIR> d-------- C:\ProgramData\Apple
2007-12-03 14:52 . 2007-12-03 14:52 <DIR> d-------- C:\Program Files\Common Files\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 10:23 --------- d-----w C:\Users\piggy\AppData\Roaming\.purple
2008-01-30 10:14 --------- d-----w C:\Users\piggy\AppData\Roaming\uTorrent
2008-01-30 03:03 --------- d-----w C:\Users\piggy\AppData\Roaming\Orbit
2008-01-30 03:03 --------- d-----w C:\ProgramData\NVIDIA
2008-01-30 02:18 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-01-30 02:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 01:30 --------- d-----w C:\Program Files\Orbitdownloader
2008-01-26 09:54 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-15 11:19 2,047,576 ----a-w C:\Windows\system32\drivers\RTKVHDA.sys
2008-01-15 03:26 4,874,240 ----a-w C:\Windows\RtHDVCpl.exe
2008-01-14 08:18 29,696 ----a-w C:\Windows\System32\RtkCoInst.dll
2008-01-10 00:07 --------- d-----w C:\Users\piggy\AppData\Roaming\PDF reDirect
2008-01-10 00:07 --------- d-----w C:\Users\piggy\AppData\Roaming\DAEMON Tools Pro
2008-01-10 00:07 --------- d-----w C:\ProgramData\APC
2008-01-10 00:07 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-09 10:52 636,416 ----a-w C:\Windows\System32\RtkPgExt.dll
2008-01-09 09:00 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-09 08:56 715,248 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-01-07 11:30 2,156,544 ----a-w C:\Windows\System32\RtkAPO.dll
2008-01-03 10:02 --------- d-----w C:\Program Files\Stardock
2008-01-01 06:02 --------- d-----w C:\Program Files\VistaCodecPack
2007-12-30 19:58 174 --sha-w C:\Program Files\desktop.ini
2007-12-30 19:51 --------- d-----w C:\Program Files\Windows Sidebar
2007-12-30 19:51 --------- d-----w C:\Program Files\Windows Photo Gallery
2007-12-30 19:51 --------- d-----w C:\Program Files\Windows Mail
2007-12-30 19:51 --------- d-----w C:\Program Files\Windows Journal
2007-12-30 19:51 --------- d-----w C:\Program Files\Windows Defender
2007-12-30 19:51 --------- d-----w C:\Program Files\Windows Collaboration
2007-12-30 19:51 --------- d-----w C:\Program Files\Windows Calendar
2007-12-30 19:39 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2007-12-30 19:39 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2007-12-30 17:23 --------- d-----w C:\Program Files\MSN Messenger
2007-12-27 05:30 285,216 ----a-w C:\Windows\System32\RtkApoApi.dll
2007-12-11 10:52 356,352 ----a-w C:\Windows\System32\nvuninst.exe
2007-12-11 09:06 86,016 ----a-w C:\Windows\System32\nvsvc.dll
2007-12-11 09:06 81,920 ----a-w C:\Windows\System32\nvmctray.dll
2007-12-11 09:06 8,530,464 ----a-w C:\Windows\System32\nvcpl.dll
2007-12-11 09:06 8,238,688 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
2007-12-11 09:06 795,104 ----a-w C:\Windows\System32\dpinst.exe
2007-12-11 09:06 753,664 ----a-w C:\Windows\System32\nvcplui.exe
2007-12-11 09:06 7,098,368 ----a-w C:\Windows\System32\nvoglv32.dll
2007-12-11 09:06 6,549,504 ----a-w C:\Windows\System32\nvdisps.dll
2007-12-11 09:06 5,263,360 ----a-w C:\Windows\System32\nvd3dum.dll
2007-12-11 09:06 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
2007-12-11 09:06 385,024 ----a-w C:\Windows\System32\nvapi.dll
2007-12-11 09:06 356,352 ----a-w C:\Windows\System32\nvudisp.exe
2007-12-11 09:06 35,328 ----a-w C:\Windows\System32\nvcod100.dll
2007-12-11 09:06 35,328 ----a-w C:\Windows\System32\nvcod.dll
2007-12-11 09:06 307,200 ----a-w C:\Windows\System32\nvexpbar.dll
2007-12-11 09:06 3,710,976 ----a-w C:\Windows\System32\nvvitvs.dll
2007-12-11 09:06 3,420,160 ----a-w C:\Windows\System32\nvgames.dll
2007-12-11 09:06 229,376 ----a-w C:\Windows\System32\nvmccs.dll
2007-12-11 09:06 2,498,560 ----a-w C:\Windows\System32\nvwss.dll
2007-12-11 09:06 188,416 ----a-w C:\Windows\System32\nvmccss.dll
2007-12-11 09:06 147,456 ----a-w C:\Windows\System32\nvcolor.exe
2007-12-11 09:06 1,830,912 ----a-w C:\Windows\System32\nvwgf2um.dll
2007-12-11 09:06 1,228,800 ----a-w C:\Windows\System32\nvmobls.dll
2007-12-03 08:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-03 06:55 --------- d-----w C:\ProgramData\Apple Computer
2007-11-29 20:19 986,680 ----a-w C:\Windows\System32\winload.exe
2007-11-29 20:19 926,776 ----a-w C:\Windows\System32\winresume.exe
2007-11-29 20:17 891,448 ----a-w C:\Windows\system32\drivers\tcpip.sys
2007-11-29 20:17 614,968 ----a-w C:\Windows\System32\ci.dll
2007-11-29 20:17 529,464 ----a-w C:\Windows\system32\drivers\ndis.sys
2007-11-29 20:17 504,376 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2007-11-29 20:17 440,888 ----a-w C:\Windows\system32\drivers\ksecdd.sys
2007-11-29 20:17 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-11-29 20:17 3,599,928 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-11-29 20:17 3,547,192 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-11-29 20:17 294,456 ----a-w C:\Windows\system32\drivers\volmgrx.sys
2007-11-29 20:17 266,808 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-29 20:17 247,352 ----a-w C:\Windows\System32\clfs.sys
2007-11-29 20:17 227,896 ----a-w C:\Windows\system32\drivers\volsnap.sys
2007-11-29 20:17 223,288 ----a-w C:\Windows\system32\drivers\netio.sys
2007-11-29 20:17 192,056 ----a-w C:\Windows\system32\drivers\fltMgr.sys
2007-11-29 20:17 181,304 ----a-w C:\Windows\system32\drivers\msiscsi.sys
2007-11-29 20:17 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2007-11-29 20:17 163,384 ----a-w C:\Windows\system32\drivers\msrpc.sys
2007-11-29 20:17 151,096 ----a-w C:\Windows\system32\drivers\pci.sys
2007-11-29 20:17 1,082,424 ----a-w C:\Windows\system32\drivers\ntfs.sys
2007-11-29 20:16 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2007-11-29 20:16 143,416 ----a-w C:\Windows\system32\drivers\ecache.sys
2007-11-29 20:16 142,904 ----a-w C:\Windows\system32\drivers\scsiport.sys
2007-11-29 20:16 141,880 ----a-w C:\Windows\System32\halacpi.dll
2007-11-29 20:16 127,544 ----a-w C:\Windows\system32\drivers\Classpnp.sys
2007-11-29 20:16 123,960 ----a-w C:\Windows\system32\drivers\Storport.sys
2007-11-29 20:16 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2007-11-29 20:16 101,432 ----a-w C:\Windows\system32\drivers\FWPKCLNT.SYS
2007-11-29 20:15 58,936 ----a-w C:\Windows\system32\drivers\fileinfo.sys
2007-11-29 20:15 57,400 ----a-w C:\Windows\system32\drivers\mountmgr.sys
2007-11-29 20:15 56,376 ----a-w C:\Windows\system32\drivers\partmgr.sys
2007-11-29 20:15 55,352 ----a-w C:\Windows\system32\drivers\disk.sys
2007-11-29 20:15 54,328 ----a-w C:\Windows\system32\drivers\termdd.sys
2007-11-29 20:15 52,792 ----a-w C:\Windows\system32\drivers\volmgr.sys
2007-11-29 20:15 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2007-11-29 20:15 49,208 ----a-w C:\Windows\system32\drivers\mup.sys
2007-11-29 20:15 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2007-11-29 20:15 36,408 ----a-w C:\Windows\system32\drivers\crashdmp.sys
2007-11-29 20:15 35,896 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2007-11-29 20:15 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-11-30 04:07 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-30 09:28 219952]
"APC"="C:\Program Files\Advanced Parental Control\BackProcessAPC.exe" [2007-04-20 16:27 135168]
"Pidgin"="C:\Program Files\Pidgin\pidgin.exe" [2007-12-08 02:53 44658]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"x64setup"="cmd.exe" [2007-11-30 04:07 318464 C:\Windows\System32\cmd.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-30 04:13 1008184]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 09:48 275800]
"VX1000"="C:\Windows\vVX1000.exe" [2006-12-06 07:38 707360]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
"ooccctrl.exe"="C:\Program Files\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 15:08 1911568]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"APC"="C:\Program Files\Advanced Parental Control\BackProcessAPC.exe" [2007-04-20 16:27 135168]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 12:13 988584]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 21:00 79224]
"QuickTime Task"="C:\Program Files\VistaCodecPack\QT\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
C:\Users\piggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
ZMover.lnk - C:\Program Files\Basta Computing\ZMover\ZMover.exe [2007-10-13 19:13:26 565760]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2007-10-14 16:23:58 49220]
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2007-10-13 18:41:41 1674432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
R0 hotcore3;hotcore3;C:\Windows\system32\drivers\hotcore3.sys [2007-04-13 20:56]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 22:52]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-05 06:13]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2007-12-19 17:57]
R3 n558;N558 Bluetooth USB Filter Driver;C:\Windows\system32\Drivers\n558.sys [2007-08-15 07:27]
R3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2006-12-06 07:39]
S3 exfat;exFAT File System Driver;C:\Windows\system32\drivers\exfat.sys [2007-11-30 02:01]
S3 FERJSC;FERJSC;C:\Users\piggy\AppData\Local\Temp\FERJSC.exe [2008-01-30 11:32]
*Newly Created Service* - RKREVEAL150
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-30 18:23:38
Windows 6.0.6001 Service Pack 1, v.668 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-30 18:24:40
ComboFix-quarantined-files.txt 2008-01-30 10:24:37
ComboFix2.txt 2008-01-30 01:02:56
.
2008-01-30 00:35:01 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:28:58 PM, on 30/1/2008
Platform: Windows Vista SP1, v.668 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.17052)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\vVX1000.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Basta Computing\ZMover\ZMover.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Downloads\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APC] C:\Program Files\Advanced Parental Control\BackProcessAPC.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [APC] C:\Program Files\Advanced Parental Control\BackProcessAPC.exe
O4 - HKCU\..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe
O4 - HKCU\..\RunOnce: [x64setup] cmd.exe /c "If EXIST "%programfiles%\VistaCodecPack\icons\icons64.dll" REG ADD HKCU\Software\GNU\ffdshow\default /v isSubtitles /t REG_DWORD /d 1 /f&® ADD HKCU\Software\GNU\ffdshow_audio /v ac3 /t REG_DWORD /d 15 /f&®svr32.exe /s "%programfiles%\VistaCodecPack\filters\MatroskaSplitter.ax""
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: ZMover.lnk = C:\Program Files\Basta Computing\ZMover\ZMover.exe
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} -
http://u3.sandisk.co...LPInstaller.CABO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FERJSC - Unknown owner - C:\Users\piggy\AppData\Local\Temp\FERJSC.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 9876 bytes