Thankyou for your response, following the requested tasks (despite I.E closing thre times around %90 of the way through kaspersky's online scan!!! DOH!) , here are tho log reports.
COMBIFIX log:-
((((((((((((((((((((((((( Files Created from 2008-02-12 to 2008-03-12 )))))))))))))))))))))))))))))))
.
2008-03-11 21:18 . 2008-03-12 12:09 <DIR> d-------- C:\Documents and Settings\Mr. David Dick\Application Data\AVG7
2008-03-11 13:10 . 2008-03-11 13:10 <DIR> d-------- C:\Documents and Settings\Sand\Application Data\Grisoft
2008-03-11 13:10 . 2008-03-12 12:18 <DIR> d-------- C:\Documents and Settings\Sand\Application Data\AVG7
2008-03-11 01:33 . 2008-03-11 01:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-11 01:30 . 2005-03-23 16:10 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-03-11 01:30 . 2005-03-24 10:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-03-11 01:22 . 2008-03-11 01:22 <DIR> d-------- C:\Documents and Settings\Bazza\Application Data\Grisoft
2008-03-11 01:21 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-10 23:05 . 2008-03-10 23:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-10 23:05 . 2008-03-10 23:08 <DIR> d-------- C:\Documents and Settings\Bazza\Application Data\AVG7
2008-03-10 21:57 . 2008-03-10 21:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-10 21:57 . 2008-03-10 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-10 17:16 . 2008-03-11 03:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-10 17:16 . 2008-03-10 17:16 <DIR> d-------- C:\Documents and Settings\Bazza\Application Data\SUPERAntiSpyware.com
2008-03-10 16:57 . 2008-03-10 22:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-09 20:26 . 2008-03-09 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Incomplete
2008-03-09 17:15 . 2008-03-09 17:15 13,942 --a------ C:\WINDOWS\system32\N90-002.ico
2008-03-09 16:45 . 2008-03-10 16:55 <DIR> d--hs---- C:\WINDOWS\TXIuIERhdmlkIERpY2s
2008-03-09 16:44 . 2008-03-11 02:45 <DIR> d-------- C:\WINDOWS\system32\iDlo18
2008-03-09 16:44 . 2008-03-11 11:20 <DIR> d-------- C:\Temp
2008-03-09 16:37 . 2008-03-10 13:36 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-09 16:37 . 2008-03-09 16:37 <DIR> d-------- C:\Documents and Settings\Bazza\Application Data\DAEMON Tools
2008-03-09 15:20 . 2008-03-09 16:31 <DIR> d-------- C:\Documents and Settings\Sand\Application Data\LimeWire
2008-03-03 20:03 . 2008-03-03 20:03 <DIR> d-------- C:\Program Files\Lavalys
2008-02-29 17:18 . 2008-03-10 18:30 <DIR> d-------- C:\Program Files\Soulseek
2008-02-27 19:23 . 2008-02-27 19:23 <DIR> d-------- C:\Documents and Settings\Mr. David Dick\Application Data\Ipswitch
2008-02-27 12:39 . 2008-02-27 12:39 <DIR> d-------- C:\Documents and Settings\KAYLEIGH\Application Data\Nero
2008-02-27 12:39 . 2008-02-27 12:39 <DIR> d-------- C:\Documents and Settings\KAYLEIGH\Application Data\Ipswitch
2008-02-25 13:52 . 2008-02-25 13:52 <DIR> d-------- C:\Documents and Settings\Bazza\Application Data\Sibelius Software
2008-02-24 13:13 . 2008-02-24 13:13 <DIR> d-------- C:\Documents and Settings\Steve\Application Data\Ipswitch
2008-02-22 13:48 . 2008-02-22 13:48 <DIR> d-------- C:\Documents and Settings\Sand\Application Data\Ipswitch
2008-02-22 01:42 . 2008-02-22 01:42 <DIR> d-------- C:\Program Files\Ipswitch
2008-02-22 01:42 . 2008-02-22 01:42 <DIR> d-------- C:\Documents and Settings\Bazza\Application Data\Ipswitch
2008-02-22 01:42 . 2008-02-22 01:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ipswitch
2008-02-22 01:42 . 2005-02-28 12:37 606,293 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-02-22 01:42 . 2005-02-28 12:37 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-02-21 23:38 . 2008-02-21 23:38 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-02-21 23:38 . 2008-02-21 23:38 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-02-21 20:40 . 2008-02-27 14:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-21 20:40 . 2008-02-21 20:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-15 11:27 . 2008-03-07 11:33 <DIR> d-------- C:\Documents and Settings\Sand\Application Data\PlayFirst
2008-02-15 11:27 . 2008-02-15 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-02-12 22:39 . 2008-02-12 22:39 <DIR> d-------- C:\Program Files\Cucusoft
2008-02-12 22:39 . 2008-02-12 22:41 <DIR> d-------- C:\ConverterOutput
2008-02-12 22:39 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-02-12 22:39 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-02-12 22:39 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-02-12 22:39 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-02-12 22:39 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-02-12 22:39 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-02-12 21:47 . 2008-02-12 21:47 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-11 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-10 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-10 23:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-10 19:03 --------- d-----w C:\Documents and Settings\Bazza\Application Data\LimeWire
2008-03-10 18:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-10 18:41 --------- d-----w C:\Program Files\C-Media 3D Audio
2008-03-10 18:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-10 02:04 --------- d-----w C:\Program Files\Google
2008-03-10 00:51 --------- d-----w C:\Documents and Settings\Mr. David Dick\Application Data\LimeWire
2008-03-09 20:48 --------- d-----w C:\Documents and Settings\Steve\Application Data\LimeWire
2008-03-09 20:41 --------- d-----w C:\Program Files\MSN Messenger
2008-03-09 20:38 --------- d-----w C:\Program Files\LimeWire
2008-03-07 12:37 --------- d-----w C:\Program Files\PlayFirst
2008-02-27 12:43 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-02-27 12:43 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-02-27 12:43 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-02-25 13:50 1,409 ----a-w C:\WINDOWS\Fonts\OPUSNN__.FOT
2008-01-30 17:14 --------- d-----w C:\Documents and Settings\Bazza\Application Data\Yahoo!
2008-01-27 12:18 --------- d-----w C:\Documents and Settings\Sand\Application Data\Sonic Foundry
2008-01-27 12:18 --------- d-----w C:\Documents and Settings\Sand\Application Data\Publish Providers
2008-01-27 12:18 --------- d-----w C:\Documents and Settings\Sand\Application Data\NetMedia Providers
2008-01-25 11:34 --------- d-----w C:\Documents and Settings\Sand\Application Data\Nero
2008-01-24 23:59 --------- d-----w C:\Program Files\dvdSanta
2008-01-18 16:25 --------- d-----w C:\Documents and Settings\REECE\Application Data\Nero
2008-01-17 11:47 --------- d-----w C:\Program Files\Oberon Media
2008-01-12 15:34 --------- d-----w C:\Documents and Settings\sands\Application Data\Home Sweet Home
2008-01-12 15:23 --------- d-----w C:\Documents and Settings\sands\Application Data\PlayFirst
2007-12-13 19:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\WINDOWS\system32\iDlo18 ----
---- Directory of C:\WINDOWS\TXIuIERhdmlkIERpY2s ----
((((((((((((((((((((((((((((( snapshot@2008-03-11_11.46.45.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-03-11 11:03:17 40,108 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-12 17:56:17 40,108 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-11 11:03:17 311,912 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-12 17:56:17 311,912 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-27 17:26 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 10:15 106496]
"PCTVOICE"="pctspk.exe" [2003-07-17 19:01 180224 C:\WINDOWS\system32\pctspk.exe]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2003-10-30 14:09 249856]
"Hotkey"="C:\Program Files\Hotkey\Hotkey.exe" [2004-04-03 17:38 36864]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38 866816]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-07 16:13 185896]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-10 23:07 579072]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-27 17:26 68856]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-10 23:04 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-27 17:26:37 124400]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Ares Ultra\\Ares Ultra.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
S3 UXDCMN;UXDCMN;D:\UXDCMN.SYS []
.
Contents of the 'Scheduled Tasks' folder
"2008-03-12 17:55:35 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-12 18:33:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
.
**************************************************************************
.
Completion time: 2008-03-12 18:42:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-12 18:42:05
ComboFix2.txt 2008-03-12 18:01:26
ComboFix3.txt 2008-03-11 11:47:11
.
2008-03-12 16:29:39 --- E O F ---
MBAM report:-
Malwarebytes' Anti-Malware 1.08
Database version: 482
Scan type: Quick Scan
Objects scanned: 36116
Time elapsed: 6 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\nvcoi (Trojan.Stars) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xInsiDERexe (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Sammsoft (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\iDlo18 (Trojan.Downloader) -> Quarantined and deleted successfully.
Files Infected:
(No malicious items detected)
KASPERSKY report:-
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 12, 2008 11:14:43 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/03/2008
Kaspersky Anti-Virus database records: 626476
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 66716
Number of viruses found: 12
Number of infected objects: 35
Number of suspicious objects: 0
Duration of the scan process: 01:14:54
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Bazza\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Bazza\Desktop\ACID-PRO-4\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Bazza\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Bazza\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Bazza\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bazza\Local Settings\History\History.IE5\MSHist012008031220080313\index.dat Object is locked skipped
C:\Documents and Settings\Bazza\Local Settings\Temp\Acr1561.tmp Object is locked skipped
C:\Documents and Settings\Bazza\Local Settings\Temp\hsperfdata_Bazza\3492 Object is locked skipped
C:\Documents and Settings\Bazza\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bazza\ntuser.dat Object is locked skipped
C:\Documents and Settings\Bazza\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Bazza\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mr. David Dick\Application Data\Nero\Nero8\OnlineServices\registrationinfo.xml Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Nero\Nero8\OnlineServices\registrationinfo.xml Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Temp\hsperfdata_Steve\3996 Object is locked skipped
C:\Program Files\DAEMON Tools Lite\SRSAI.exe Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\QooBox\Quarantine\C\Program Files\ComPlus Applications\ryzohosod89104.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\QooBox\Quarantine\C\Program Files\JavaCore\JavaCore.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\QooBox\Quarantine\C\Program Files\NoDNS\NoDNS.exe.vir Infected: Trojan-Downloader.Win32.Agent.kji skipped
C:\QooBox\Quarantine\C\WINDOWS\b153.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cmoxwupr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lcntqkwd.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.at skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lixohrdh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mcntxwd.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.at skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mljhihf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pcntrkwb.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.aj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pcntrkwd.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.at skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yejqoxln.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\winlogon.exe.vir Infected: not-a-virus:PSWTool.Win32.PassView.ag skipped
C:\QooBox\Quarantine\catchme2008-03-11_114054.95.zip/yayabby.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-11_114054.95.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP351\A0039171.exe Object is locked skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP351\A0039172.exe Object is locked skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP351\A0039173.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP351\A0039173.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP351\A0039187.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039243.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039245.exe Infected: Trojan-Downloader.Win32.Agent.kji skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039247.exe Object is locked skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039250.exe Infected: not-a-virus:PSWTool.Win32.PassView.ag skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039260.exe Object is locked skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039261.exe Object is locked skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039262.exe Object is locked skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039263.exe Object is locked skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039264.exe Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039266.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.aj skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039267.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.at skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039268.dll Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039269.dll Object is locked skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039270.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039271.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039272.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039274.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP352\A0039282.exe Object is locked skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP353\A0039408.exe Object is locked skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP353\A0039409.exe Object is locked skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP355\A0039445.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.at skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP355\A0039453.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.at skipped
C:\System Volume Information\_restore{5B52B472-3982-42CE-84C1-AD10EE9DA22A}\RP356\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{47A4564C-23E8-4EE4-B539-08A952F3374F}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\btwebcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.g skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
FRESH HIJACK THIS log:-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:24:42, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Hotkey\Hotkey.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mr. David Dick\Desktop\malware help\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://uk.red.client...fo/bt_side.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Hotkey] C:\Program Files\Hotkey\Hotkey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search -
http://edits.mywebse...?p=ZJxdm025YYGBO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) -
http://www.playfirst...eb.1.0.0.13.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) -
http://www.couponrep...123/csauie1.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cabO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) -
http://upload.facebo...toUploader2.cabO16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) -
http://www.playfirst...web.1.0.0.9.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://crucial.com/c.../cpcScanner.cabO16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) -
http://simcity.ea.co...ic/SimCityX.cabO16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
http://game08.zylom....gamesplayer.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{2D6A4AA9-B61E-4993-873A-31DCBDBF4697}: NameServer = 212.139.132.36 212.139.132.37
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O24 - Desktop Component 0: (no name) -
http://profile.ak.fa...225003_4301.jpg--
End of file - 7414 bytes
AGAIN, THANKYOU FOR YOUR TIME...