[idapnam]

ok. Got it now
Log.txt

Spoiler

ComboFix 10-09-22.06 - USER 09/23/2010 21:41:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.63.1033.18.1014.564 [GMT 8:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Guest\AUTORUN.INF
c:\documents and settings\USER\AUTORUN.INF
c:\documents and settings\USER\Local Settings\Application Data\Windows Server
c:\documents and settings\USER\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\USER\Local Settings\Application Data\Windows Server\uses32.dat
c:\program files\YouTube Downloader Toolbar\IE\1.0\yoUTubedownloadertoolbarie.dll
c:\program files\YouTube Downloader Toolbar\SeARchsettings.dll
c:\windows\cmd.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\cmd.bat
c:\windows\system32\win32
c:\windows\system32\win32\csrss.exe
D:\Autorun.inf
D:\iostream.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))
.

2010-09-18 14:06 . 2010-09-23 13:24 0 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\prvlcl.dat
2010-09-18 01:14 . 2010-09-18 01:14 -------- d-----w- C:\_OTL
2010-09-16 05:04 . 2010-09-17 01:15 -------- d-----w- c:\documents and settings\Guest\Application Data\uTorrent
2010-09-15 02:42 . 2010-04-19 02:25 2117704 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-09-14 00:46 . 2010-09-14 00:46 -------- d-----w- c:\documents and settings\Guest\Application Data\Toshiba
2010-09-13 06:35 . 2010-09-21 01:40 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe
2010-09-13 00:35 . 2010-09-13 00:35 -------- d-----w- c:\documents and settings\Guest\Application Data\YouTube Downloader
2010-09-13 00:35 . 2010-09-13 00:35 -------- d-----w- c:\documents and settings\Guest\Application Data\Search Settings
2010-09-13 00:35 . 2010-09-21 06:48 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\AskToolbar
2010-09-13 00:27 . 2010-09-13 00:27 388096 ----a-r- c:\documents and settings\Guest\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-12 20:00 . 2010-09-12 20:00 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Toshiba
2010-09-12 19:31 . 2010-09-13 01:20 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2010-09-12 18:21 . 2010-09-12 18:21 100928 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-12 18:04 . 2010-09-12 18:04 -------- d-----w- c:\documents and settings\Guest\Application Data\Ahead
2010-09-12 18:01 . 2010-09-12 18:01 -------- d-----w- c:\documents and settings\Guest\Application Data\DivX
2010-09-12 18:01 . 2010-09-12 18:01 -------- d-----w- c:\documents and settings\Guest\Application Data\Media Player Classic
2010-09-12 17:51 . 2010-09-14 22:22 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\WMTools Downloaded Files
2010-09-12 17:35 . 2010-09-13 01:20 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Apple Computer
2010-09-12 13:09 . 2010-09-12 13:32 -------- d-----w- c:\documents and settings\USER\Application Data\QuickScan
2010-09-12 13:07 . 2010-08-25 08:25 614544 ----a-w- c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\cxtha57i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-09-12 13:07 . 2010-08-25 08:25 314816 ----a-w- c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\cxtha57i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-09-12 13:01 . 2010-09-12 13:01 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-09-12 11:44 . 2010-09-12 11:44 503808 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ac58712-n\msvcp71.dll
2010-09-12 11:44 . 2010-09-12 11:44 499712 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ac58712-n\jmc.dll
2010-09-12 11:44 . 2010-09-12 11:44 348160 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ac58712-n\msvcr71.dll
2010-09-12 11:42 . 2010-09-12 11:42 61440 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-59be09fd-n\decora-sse.dll
2010-09-12 11:42 . 2010-09-12 11:42 12800 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-59be09fd-n\decora-d3d.dll
2010-09-12 10:49 . 2010-09-12 10:49 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\AVG Security Toolbar
2010-09-12 10:49 . 2010-09-23 13:09 -------- d-----w- c:\documents and settings\Guest\Application Data\HPAppData
2010-09-12 03:32 . 2010-07-26 06:06 389632 --sha-r- c:\windows\system32\domain.exe
2010-09-12 03:05 . 2010-09-12 03:56 -------- d-----w- c:\program files\Globe Broadband
2010-09-09 06:24 . 2010-09-09 06:24 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\AVG Security Toolbar
2010-09-09 06:17 . 2010-09-15 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 13:45 . 2010-07-17 14:07 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2010-09-23 13:24 . 2010-04-08 07:44 0 ----a-w- c:\documents and settings\USER\Local Settings\Application Data\prvlcl.dat
2010-09-23 13:16 . 2010-04-23 06:27 -------- d-----w- c:\documents and settings\USER\Application Data\uTorrent
2010-09-12 04:11 . 2009-12-23 11:04 10 ----a-w- c:\windows\popcinfo.dat
2010-09-11 11:40 . 2010-01-23 12:45 78940 ---ha-w- c:\windows\system32\mlfcache.dat
2010-09-06 11:13 . 2009-10-27 22:50 100928 ----a-w- c:\documents and settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-06 02:22 . 2009-11-17 18:57 -------- d-----w- c:\documents and settings\USER\Application Data\LimeWire
2010-09-02 10:59 . 2009-10-27 16:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-23 21:34 . 2010-08-23 21:34 -------- d-----w- c:\program files\Conduit
2010-08-20 04:18 . 2010-05-22 23:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-03 06:14 . 2010-08-03 06:14 503808 ----a-w- c:\documents and settings\USER\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1664fb1e-n\msvcp71.dll
2010-08-03 06:14 . 2010-08-03 06:14 499712 ----a-w- c:\documents and settings\USER\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1664fb1e-n\jmc.dll
2010-08-03 06:14 . 2010-08-03 06:14 348160 ----a-w- c:\documents and settings\USER\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1664fb1e-n\msvcr71.dll
2010-08-03 06:12 . 2010-08-03 06:12 61440 ----a-w- c:\documents and settings\USER\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-44a4e9bb-n\decora-sse.dll
2010-08-03 06:12 . 2010-08-03 06:12 12800 ----a-w- c:\documents and settings\USER\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-44a4e9bb-n\decora-d3d.dll
2010-08-02 11:50 . 2010-08-02 11:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-08-02 11:27 . 2010-08-02 11:27 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-08-02 10:58 . 2010-08-02 10:55 -------- d-----w- c:\program files\Pinnacle
2010-08-02 10:57 . 2009-10-27 15:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-02 10:55 . 2010-08-02 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-08-02 10:55 . 2010-06-08 03:16 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-28 13:35 . 2009-10-27 16:41 -------- d-----w- c:\documents and settings\USER\Application Data\Ahead
2010-07-28 01:07 . 2010-07-28 01:07 -------- d-----w- c:\documents and settings\USER\Application Data\Search Settings
2010-07-28 01:07 . 2010-07-28 01:07 -------- d-----w- c:\documents and settings\USER\Application Data\YouTube Downloader
2010-07-27 21:11 . 2010-07-27 21:11 -------- d-----w- c:\program files\Application Updater
2010-07-15 14:21 . 2010-04-02 13:18 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 14:21 . 2010-07-15 14:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 14:21 . 2010-04-02 13:18 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-11 15:06 . 2010-07-11 14:40 977 ----a-w- c:\windows\eReg.dat
2008-04-14 12:42 . 2008-04-14 12:42 6144 --sha-r- c:\windows\system32\csrss.exe
.

------- Sigcheck -------

[-] 2009-01-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 02:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 07:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-05-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-05-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-05-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-05-05 455168]
"QuickTime Task"="d:\quicktime\QTTask.exe" [2009-11-10 417792]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"[email protected]"="domain.exe" [2010-07-26 389632]
"[email protected]"="domain.exe" [2010-07-26 389632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]

c:\documents and settings\USER\Start Menu\Programs\Startup\
uTorrent.exe [2010-4-23 321328]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 14:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^USER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\USER\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^USER^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\USER\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 00:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-10-12 06:49 163840 ----a-w- c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 17:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 08:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-04-18 00:03 170520 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 08:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-04-18 00:03 150040 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2007-09-29 00:03 75136 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-19 02:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 23:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-04-18 00:03 141848 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-02-19 12:27 974848 ----a-w- c:\program files\YouTube Downloader Toolbar\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"wuauserv"=2 (0x2)
"MyWebSearchService"=2 (0x2)
"Autorun CDROM Monitor"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Application Updater"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Zuma Deluxe\\Zuma.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\USER\\Start Menu\\Programs\\Startup\\uTorrent.exe"=
"d:\\CS Source\\Counter-Strike Source\\hl2.exe"=
"d:\\NBA2K10\\Nba\\nba2k10.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\GENERALS\\zero_hour\\game.dat"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/2/2010 9:18 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/2/2010 9:18 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 10:21 PM 308136]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [9/9/2010 2:17 PM 430152]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2/19/2010 7:43 PM 380928]
S4 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe --> c:\windows\system32\SupportAppXL\cdrom_mon.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 07:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\cxtha57i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\cxtha57i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\USER\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\USER\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\cxtha57i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin2.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin3.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin4.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin5.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin6.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
AddRemove-Zuma Deluxe_is1 - d:\zuma deluxe\ReflexiveArcade\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 21:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-09-23 21:51:28
ComboFix-quarantined-files.txt 2010-09-23 13:51

Pre-Run: 28,168,790,016 bytes free
Post-Run: 32,479,490,048 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 3E0D73147F9E43D878AA4E9769C8A0F1

ComboFix.txt

Spoiler

ComboFix 10-09-22.06 - USER 09/23/2010 21:41:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.63.1033.18.1014.564 [GMT 8:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Guest\AUTORUN.INF
c:\documents and settings\USER\AUTORUN.INF
c:\documents and settings\USER\Local Settings\Application Data\Windows Server
c:\documents and settings\USER\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\USER\Local Settings\Application Data\Windows Server\uses32.dat
c:\program files\YouTube Downloader Toolbar\IE\1.0\yoUTubedownloadertoolbarie.dll
c:\program files\YouTube Downloader Toolbar\SeARchsettings.dll
c:\windows\cmd.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\cmd.bat
c:\windows\system32\win32
c:\windows\system32\win32\csrss.exe
D:\Autorun.inf
D:\iostream.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))
.

2010-09-18 14:06 . 2010-09-23 13:24 0 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\prvlcl.dat
2010-09-18 01:14 . 2010-09-18 01:14 -------- d-----w- C:\_OTL
2010-09-16 05:04 . 2010-09-17 01:15 -------- d-----w- c:\documents and settings\Guest\Application Data\uTorrent
2010-09-15 02:42 . 2010-04-19 02:25 2117704 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-09-14 00:46 . 2010-09-14 00:46 -------- d-----w- c:\documents and settings\Guest\Application Data\Toshiba
2010-09-13 06:35 . 2010-09-21 01:40 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe
2010-09-13 00:35 . 2010-09-13 00:35 -------- d-----w- c:\documents and settings\Guest\Application Data\YouTube Downloader
2010-09-13 00:35 . 2010-09-13 00:35 -------- d-----w- c:\documents and settings\Guest\Application Data\Search Settings
2010-09-13 00:35 . 2010-09-21 06:48 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\AskToolbar
2010-09-13 00:27 . 2010-09-13 00:27 388096 ----a-r- c:\documents and settings\Guest\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-12 20:00 . 2010-09-12 20:00 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Toshiba
2010-09-12 19:31 . 2010-09-13 01:20 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2010-09-12 18:21 . 2010-09-12 18:21 100928 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-12 18:04 . 2010-09-12 18:04 -------- d-----w- c:\documents and settings\Guest\Application Data\Ahead
2010-09-12 18:01 . 2010-09-12 18:01 -------- d-----w- c:\documents and settings\Guest\Application Data\DivX
2010-09-12 18:01 . 2010-09-12 18:01 -------- d-----w- c:\documents and settings\Guest\Application Data\Media Player Classic
2010-09-12 17:51 . 2010-09-14 22:22 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\WMTools Downloaded Files
2010-09-12 17:35 . 2010-09-13 01:20 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Apple Computer
2010-09-12 13:09 . 2010-09-12 13:32 -------- d-----w- c:\documents and settings\USER\Application Data\QuickScan
2010-09-12 13:07 . 2010-08-25 08:25 614544 ----a-w- c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\cxtha57i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-09-12 13:07 . 2010-08-25 08:25 314816 ----a-w- c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\cxtha57i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-09-12 13:01 . 2010-09-12 13:01 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-09-12 11:44 . 2010-09-12 11:44 503808 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ac58712-n\msvcp71.dll
2010-09-12 11:44 . 2010-09-12 11:44 499712 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ac58712-n\jmc.dll
2010-09-12 11:44 . 2010-09-12 11:44 348160 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ac58712-n\msvcr71.dll
2010-09-12 11:42 . 2010-09-12 11:42 61440 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-59be09fd-n\decora-sse.dll
2010-09-12 11:42 . 2010-09-12 11:42 12800 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-59be09fd-n\decora-d3d.dll
2010-09-12 10:49 . 2010-09-12 10:49 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\AVG Security Toolbar
2010-09-12 10:49 . 2010-09-23 13:09 -------- d-----w- c:\documents and settings\Guest\Application Data\HPAppData
2010-09-12 03:32 . 2010-07-26 06:06 389632 --sha-r- c:\windows\system32\domain.exe
2010-09-12 03:05 . 2010-09-12 03:56 -------- d-----w- c:\program files\Globe Broadband
2010-09-09 06:24 . 2010-09-09 06:24 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\AVG Security Toolbar
2010-09-09 06:17 . 2010-09-15 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 13:45 . 2010-07-17 14:07 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2010-09-23 13:24 . 2010-04-08 07:44 0 ----a-w- c:\documents and settings\USER\Local Settings\Application Data\prvlcl.dat
2010-09-23 13:16 . 2010-04-23 06:27 -------- d-----w- c:\documents and settings\USER\Application Data\uTorrent
2010-09-12 04:11 . 2009-12-23 11:04 10 ----a-w- c:\windows\popcinfo.dat
2010-09-11 11:40 . 2010-01-23 12:45 78940 ---ha-w- c:\windows\system32\mlfcache.dat
2010-09-06 11:13 . 2009-10-27 22:50 100928 ----a-w- c:\documents and settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-06 02:22 . 2009-11-17 18:57 -------- d-----w- c:\documents and settings\USER\Application Data\LimeWire
2010-09-02 10:59 . 2009-10-27 16:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-23 21:34 . 2010-08-23 21:34 -------- d-----w- c:\program files\Conduit
2010-08-20 04:18 . 2010-05-22 23:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-03 06:14 . 2010-08-03 06:14 503808 ----a-w- c:\documents and settings\USER\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1664fb1e-n\msvcp71.dll
2010-08-03 06:14 . 2010-08-03 06:14 499712 ----a-w- c:\documents and settings\USER\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1664fb1e-n\jmc.dll
2010-08-03 06:14 . 2010-08-03 06:14 348160 ----a-w- c:\documents and settings\USER\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1664fb1e-n\msvcr71.dll
2010-08-03 06:12 . 2010-08-03 06:12 61440 ----a-w- c:\documents and settings\USER\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-44a4e9bb-n\decora-sse.dll
2010-08-03 06:12 . 2010-08-03 06:12 12800 ----a-w- c:\documents and settings\USER\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-44a4e9bb-n\decora-d3d.dll
2010-08-02 11:50 . 2010-08-02 11:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-08-02 11:27 . 2010-08-02 11:27 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-08-02 10:58 . 2010-08-02 10:55 -------- d-----w- c:\program files\Pinnacle
2010-08-02 10:57 . 2009-10-27 15:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-02 10:55 . 2010-08-02 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-08-02 10:55 . 2010-06-08 03:16 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-28 13:35 . 2009-10-27 16:41 -------- d-----w- c:\documents and settings\USER\Application Data\Ahead
2010-07-28 01:07 . 2010-07-28 01:07 -------- d-----w- c:\documents and settings\USER\Application Data\Search Settings
2010-07-28 01:07 . 2010-07-28 01:07 -------- d-----w- c:\documents and settings\USER\Application Data\YouTube Downloader
2010-07-27 21:11 . 2010-07-27 21:11 -------- d-----w- c:\program files\Application Updater
2010-07-15 14:21 . 2010-04-02 13:18 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 14:21 . 2010-07-15 14:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 14:21 . 2010-04-02 13:18 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-11 15:06 . 2010-07-11 14:40 977 ----a-w- c:\windows\eReg.dat
2008-04-14 12:42 . 2008-04-14 12:42 6144 --sha-r- c:\windows\system32\csrss.exe
.

------- Sigcheck -------

[-] 2009-01-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 02:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 07:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-05-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-05-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-05-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-05-05 455168]
"QuickTime Task"="d:\quicktime\QTTask.exe" [2009-11-10 417792]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"[email protected]"="domain.exe" [2010-07-26 389632]
"[email protected]"="domain.exe" [2010-07-26 389632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]

c:\documents and settings\USER\Start Menu\Programs\Startup\
uTorrent.exe [2010-4-23 321328]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 14:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^USER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\USER\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^USER^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\USER\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 00:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-10-12 06:49 163840 ----a-w- c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 17:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 08:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-04-18 00:03 170520 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 08:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-04-18 00:03 150040 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2007-09-29 00:03 75136 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-19 02:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 23:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-04-18 00:03 141848 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-02-19 12:27 974848 ----a-w- c:\program files\YouTube Downloader Toolbar\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"wuauserv"=2 (0x2)
"MyWebSearchService"=2 (0x2)
"Autorun CDROM Monitor"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Application Updater"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Zuma Deluxe\\Zuma.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\USER\\Start Menu\\Programs\\Startup\\uTorrent.exe"=
"d:\\CS Source\\Counter-Strike Source\\hl2.exe"=
"d:\\NBA2K10\\Nba\\nba2k10.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\GENERALS\\zero_hour\\game.dat"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/2/2010 9:18 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/2/2010 9:18 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 10:21 PM 308136]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [9/9/2010 2:17 PM 430152]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2/19/2010 7:43 PM 380928]
S4 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe --> c:\windows\system32\SupportAppXL\cdrom_mon.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 07:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\cxtha57i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\cxtha57i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\USER\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\USER\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\cxtha57i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin2.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin3.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin4.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin5.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin6.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
AddRemove-Zuma Deluxe_is1 - d:\zuma deluxe\ReflexiveArcade\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 21:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-09-23 21:51:28
ComboFix-quarantined-files.txt 2010-09-23 13:51

Pre-Run: 28,168,790,016 bytes free
Post-Run: 32,479,490,048 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 3E0D73147F9E43D878AA4E9769C8A0F1

[Advertisements]

don't post the logs like that


Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  c:\windows\system32\domain.exe
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [EMPTYFLASH]
  [Reboot]
  

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  
  
  • c:\windows\system32\sfcfiles.dll
• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

[Rorschach112]

don't post the logs like that


Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  c:\windows\system32\domain.exe
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [EMPTYFLASH]
  [Reboot]
  

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  
  
  • c:\windows\system32\sfcfiles.dll
• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

[idapnam]

had to remove [resethosts] again to be able to run the command.
here goes the results:

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\USER\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\USER\Desktop\cmd.txt deleted successfully.
c:\windows\system32\domain.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 2908531 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Guest
->Temp folder emptied: 3690 bytes
->Temporary Internet Files folder emptied: 112094 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92559688 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 19017 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: USER
->Temp folder emptied: 854506 bytes
->Temporary Internet Files folder emptied: 308702 bytes
->Java cache emptied: 50206129 bytes
->FireFox cache emptied: 40662437 bytes
->Apple Safari cache emptied: 4799488 bytes
->Opera cache emptied: 16971533 bytes
->Flash cache emptied: 256236 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64396 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 202.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.16.1 log created on 09242010_234155

Files moved on Reboot...

Registry entries deleted on Reboot...

[idapnam]

VirSCAN.org Scanned Report :
Scanned time : 2010/09/24 23:58:57 (PHT)
Scanner results: Scanners did not find malware!
File Name : sfcfiles.dll
File Size : 1614848 byte
File Type : PE32 executable for MS Windows (DLL) (console) Intel 80386 3
MD5 : 362bc5af8eaf712832c58cc13ae05750
SHA1 : c8c2d44f34115f27f10bc435dd986d4eff00fe3f
Online report : http://virscan.org/r...16e9e3bba3.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.19 20100922232349 2010-09-22 6.18 -
AhnLab V3 2010.09.16.01 2010.09.16 2010-09-16 2.29 -
AntiVir 8.2.4.66 7.10.12.29 2010-09-24 0.29 -
Antiy 2.0.18 20100923.5237653 2010-09-23 0.02 -
Arcavir 2009 201006281601 2010-06-28 0.01 -
Authentium 5.1.1 201009240438 2010-09-24 1.34 -
AVAST! 4.7.4 100923-1 2010-09-23 0.08 -
AVG 8.5.850 271.1.1/3156 2010-09-24 0.27 -
BitDefender 7.90123.6451632 7.34018 2010-09-24 4.73 -
ClamAV 0.96.1 12018 2010-09-24 0.26 -
Comodo 4.0 6166 2010-09-22 1.28 -
CP Secure 1.3.0.5 2010.09.24 2010-09-24 0.45 -
Dr.Web 5.0.2.3300 2010.09.24 2010-09-24 9.77 -
F-Prot 4.4.4.56 20100923 2010-09-23 1.38 -
F-Secure 7.02.73807 2010.09.24.05 2010-09-24 0.18 -
Fortinet 4.1.143 12.381 2010-09-22 0.23 -
GData 21.885/21.352 20100923 2010-09-23 9.26 -
ViRobot 20100922 2010.09.22 2010-09-22 0.11 -
Ikarus T3.1.32.15.0 2010.09.24.76795 2010-09-24 4.92 -
JiangMin 13.0.900 2010.08.30 2010-08-30 1.74 -
Kaspersky 5.5.10 2010.09.24 2010-09-24 0.13 -
KingSoft 2009.2.5.15 2010.9.22.7 2010-09-22 1.06 -
McAfee 5400.1158 6115 2010-09-23 32.60 -
Microsoft 1.6201 2010.09.23 2010-09-23 6.41 -
Norman 6.05.11 6.05.00 2010-09-02 8.01 -
Panda 9.05.01 2010.09.21 2010-09-21 4.98 -
Trend Micro 9.120-1004 7.488.06 2010-09-24 0.08 -
Quick Heal 11.00 2010.09.21 2010-09-21 3.63 -
Rising 20.0 22.66.00.07 2010-09-20 2.03 -
Sophos 3.11.2 4.57 2010-09-24 4.83 -
Sunbelt 3.9.2450.2 6908 2010-09-21 14.19 -
Symantec 1.3.0.24 20100923.003 2010-09-23 0.10 -
nProtect 20100922.02 9169085 2010-09-22 10.19 -
The Hacker 6.7.0.0 v00027 2010-09-21 1.90 -
VBA32 3.12.14.1 20100924.0943 2010-09-24 3.23 -
VirusBuster 4.5.11.10 10.128.8/2035165 2010-09-23 2.51 -

[idapnam]

anyone who can help pls?