ComboFix 09-04-17.01 - Eric Ong 04/16/2009 19:06.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.991.410 [GMT -4:00]
Running from: c:\documents and settings\Eric Ong\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Eric Ong\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\bsnzafqa.bin
c:\windows\system32\cfg.dat
c:\windows\wiaserviv.log
D:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2009-03-16 to 2009-04-16  )))))))))))))))))))))))))))))))
.

2009-04-16 22:59 . 2009-04-16 22:59	--------	d-----w	c:\program files\Trend Micro
2009-04-15 20:35 . 2009-04-15 20:35	--------	d-----w	c:\documents and settings\Eric Ong\Application Data\Malwarebytes
2009-04-15 20:35 . 2009-04-06 19:32	15504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-04-15 20:35 . 2009-04-06 19:32	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-15 20:35 . 2009-04-15 20:35	--------	d-----w	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-15 20:35 . 2009-04-15 20:35	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-04-15 15:42 . 2009-04-15 15:42	--------	d-----w	C:\ERDNT
2009-03-30 00:18 . 2009-03-30 00:19	--------	d-----w	c:\program files\Windows Live Safety Center
2009-03-23 21:22 . 2009-04-16 20:17	--------	d--h--w	C:\$AVG8.VAULT$
2009-03-23 21:01 . 2009-03-23 21:01	10520	----a-w	c:\windows\system32\avgrsstx.dll
2009-03-23 21:01 . 2009-03-27 15:19	108552	----a-w	c:\windows\system32\drivers\avgtdix.sys
2009-03-23 21:01 . 2009-03-23 21:01	325640	----a-w	c:\windows\system32\drivers\avgldx86.sys
2009-03-23 21:01 . 2009-04-16 19:30	--------	d-----w	c:\windows\system32\drivers\Avg
2009-03-23 21:01 . 2009-03-23 21:01	--------	d-----w	c:\program files\AVG
2009-03-23 21:01 . 2009-03-27 22:53	--------	d-----w	c:\documents and settings\All Users\Application Data\avg8
2009-03-22 19:18 . 2009-03-22 19:18	--------	d-----w	c:\documents and settings\Eric Ong\Local Settings\Application Data\{B73B15CD-1431-4F36-AB86-61F5DCC7604A}

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 23:15 . 2006-09-19 22:36	2021	----a-w	C:\hpqp.ini
2009-04-16 23:12 . 2006-09-19 22:36	39	----a-w	C:\XP_TV.ini
2009-04-16 22:59 . 2006-11-25 05:11	--------	d-----w	c:\documents and settings\Eric Ong\Application Data\U3
2009-04-16 22:58 . 2007-02-12 04:26	--------	d-----w	c:\documents and settings\Eric Ong\Application Data\tunebite
2009-04-13 21:58 . 2009-01-26 00:14	93420	----a-w	c:\windows\system32\drivers\d5461be5.sys
2009-04-03 07:05 . 2006-11-25 05:22	--------	d-----w	c:\documents and settings\Eric Ong\Application Data\uTorrent
2009-03-28 14:52 . 2009-03-07 03:39	--------	d-----w	c:\documents and settings\Eric Ong\Application Data\dvdcss
2009-03-24 01:26 . 2006-12-04 20:15	--------	d-----w	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-23 21:04 . 2006-12-04 20:15	--------	d-----w	c:\program files\Spybot - Search & Destroy
2009-03-08 03:00 . 2009-03-08 03:00	--------	d-----w	c:\documents and settings\All Users\Application Data\TVU Networks
2009-03-02 16:39 . 2009-03-02 16:28	--------	d-----w	c:\documents and settings\Eric Ong\Application Data\vlc
2009-03-02 16:27 . 2009-03-02 16:27	--------	d-----w	c:\program files\VideoLAN
2009-02-27 12:07 . 2008-02-18 20:47	--------	d-----w	c:\program files\Microsoft Silverlight
2009-02-27 00:21 . 2008-03-23 21:55	--------	d-----w	c:\documents and settings\Eric Ong\Application Data\Move Networks
2009-02-26 18:55 . 2007-08-27 23:22	38528	----a-w	c:\windows\system32\drivers\savonaccessfilter.sys
2009-02-26 18:55 . 2007-08-27 23:22	110848	----a-w	c:\windows\system32\drivers\savonaccesscontrol.sys
2009-02-18 22:38 . 2009-02-18 22:38	157062	----a-w	c:\program files\12639-utorrent.a5ee.dmp
2009-02-16 07:34 . 2009-02-16 07:34	--------	d-----w	c:\documents and settings\Eric Ong\Application Data\InstallShield
2009-02-09 11:13 . 2008-10-14 20:28	1846784	------w	c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2006-03-16 04:00	1846784	----a-w	c:\windows\system32\win32k.sys
2009-02-06 05:13 . 2006-11-25 05:20	270128	-c--a-w	c:\program files\utorrent.exe
2009-01-26 00:55 . 2009-01-26 00:56	410984	----a-w	c:\windows\system32\deploytk.dll
2009-01-17 02:35 . 2006-09-14 08:31	3594752	----a-w	c:\windows\system32\dllcache\mshtml.dll
2008-03-01 21:19 . 2006-11-25 13:18	8224	-c--a-w	c:\documents and settings\Eric Ong\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-11-25 13:18 . 2006-11-25 13:18	131	----a-w	c:\documents and settings\Eric Ong\Local Settings\Application Data\fusioncache.dat
2006-09-19 23:16 . 2006-09-19 22:05	51192	-c--a-w	c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-09-19 22:05 . 2006-09-19 22:05	136	-c--a-w	c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2008-08-24 12:16 . 2008-08-24 12:16	32768	-csha-w	c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082420080825\index.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"tunebite.exe"="c:\program files\Tunebite\tunebite.exe" [2007-02-12 2695168]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-19 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-26 136600]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-23 1932568]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-12 185784]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]

c:\documents and settings\Eric Ong\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-10-16 3450608]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-1-28 245760]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-23 21:01	10520	----a-w	c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\utorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7524:TCP"= 7524:TCP:BitComet 7524 TCP
"7524:UDP"= 7524:UDP:BitComet 7524 UDP
"27364:TCP"= 27364:TCP:BitComet 27364 TCP
"27364:UDP"= 27364:UDP:BitComet 27364 UDP

R1 d5461be5;d5461be5;c:\windows\System32\drivers\d5461be5.sys [2009-04-13 93420]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam  ;c:\windows\system32\Drivers\5U870CAP.sys [2006-06-06 61952]
R3 w600bus;Sony Ericsson W600 driver (WDM);c:\windows\system32\DRIVERS\w600bus.sys [2005-08-15 60928]
R3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w600mdfl.sys [2005-08-15 8336]
R3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;c:\windows\system32\DRIVERS\w600mdm.sys [2005-08-15 96672]
R3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\w600mgmt.sys [2005-08-15 88080]
R3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\w600obex.sys [2005-08-15 85952]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2008-09-30 14976]
S1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-23 325640]
S1 avgtdix;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-03-27 108552]
S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys [2009-02-26 110848]
S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys [2009-02-26 38528]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-23 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-23 298264]
S2 savadminservice;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2008-10-27 69632]
S2 savservice;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2008-09-30 98304]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5553175-ee43-11dc-8bfe-0016369fcbdc}]
\Shell\AutoRun\command - "G:\Install FreeAgent Tools.exe" /run
.
Contents of the 'Scheduled Tasks' folder

2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
- - - - ORPHANS REMOVED - - - -

Notify-cbxndwxo - cbXNDwXo.dll
Notify-gebqnkhw - geBqnkHw.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 19:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????O??????Y?@?????<?@ 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1160)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LVCOMSX.EXE
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Vongo\VongoService.exe
c:\windows\system32\searchindexer.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-04-16 19:23 - machine was rebooted
ComboFix-quarantined-files.txt  2009-04-16 23:22

Pre-Run: 3,782,033,408 bytes free
Post-Run: 9,523,064,832 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

241	--- E O F ---	2009-03-21 18:44