Virtumonde infection - help!!

[rhonda]

I have had problems with PC simpley stopping dead, no blue screen even, just stops. Eventually i found it had Virtumonde infection and have used all tools available on internet to kill it. Although i am supposed to be cleaned, im still having problems so could someone look at my HJT or combofix logs please.
---------------------------------------------------------------------
BEFORE CLEANED

--- Report generated: 2009-06-17 22:43 ---

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, fixed)
C:\WINDOWS\system32\_000006_.tmp.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, fixed)
C:\WINDOWS\system32\_000007_.tmp.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E


--- Spybot - Search & Destroy version: 1.6.1 (build: 20090120) ---

2009-01-24 blindman.exe (1.0.0.8)
2009-01-24 SDFiles.exe (1.6.1.7)
2009-01-24 SDMain.exe (1.0.0.6)
2009-01-24 SDShred.exe (1.0.2.5)
2009-01-24 SDUpdate.exe (1.6.0.12)
2008-07-07 SDWinSec.exe (1.0.0.12)
2009-01-24 SpybotSD.exe (1.6.1.44)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-04 unins000.exe (51.49.0.0)
2009-01-24 Update.exe (1.6.0.7)
2009-01-24 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-06-09 Includes\HijackersC.sbi (*)
2009-06-16 Includes\Keyloggers.sbi (*)
2009-06-16 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-06-10 Includes\Malware.sbi (*)
2009-06-16 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-06-17 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-06-02 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-06-17 Includes\Trojans.sbi (*)
2009-06-17 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



Malwarebytes' Anti-Malware 1.37
Database version: 2291
Windows 5.1.2600 Service Pack 3

17/06/2009 02:51:51
mbam-log-2009-06-17 (02-51-51).txt

Scan type: Quick Scan
Objects scanned: 140347
Time elapsed: 29 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\kcudiyix (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------------------------------------------------
AFTER CLEANED

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:08, on 19/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CGreenPrintPDF Object - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPIEPlugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [GPPrinterNotify] "C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tesco] "C:\Program Files\Tesco Internet Phone\TescoIP.exe" /autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: GreenPrint Printer Notify.lnk = C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe
O4 - Global Startup: GreenPrint TrayIcon.lnk = C:\Program Files\GreenPrint Technologies\GreenPrint World\GPTray.exe
O9 - Extra button: GreenPrint - {554099FE-3856-4d93-86B5-0024AEF63BC7} - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1195261529640
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8887 bytes
------------------------------------------------------------------------

ComboFix 09-06-18.02 - mine 19/06/2009 17:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.392 [GMT 1:00]
Running from: c:\documents and settings\mine\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\emMON.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-19 13:09 . 2009-06-19 13:09 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-06-19 12:57 . 2009-06-19 12:57 -------- d-----w- c:\windows\ERUNT
2009-06-19 12:55 . 2009-06-19 13:12 -------- d-----w- C:\SDFix
2009-06-19 11:52 . 2009-06-19 11:52 -------- d-----w- c:\documents and settings\Guest Family Freinds\Application Data\Malwarebytes
2009-06-18 21:05 . 2009-06-18 21:05 -------- d-----w- C:\3783380e24551cf3850c3242f3df5246
2009-06-17 19:50 . 2009-06-17 19:50 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 01:17 . 2009-06-17 01:17 -------- d-----w- C:\VundoFix Backups
2009-06-17 01:15 . 2009-06-17 01:15 -------- d-----w- c:\documents and settings\mine\Application Data\Malwarebytes
2009-06-17 01:15 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 01:15 . 2009-06-17 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-17 01:15 . 2009-06-17 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 01:15 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-17 20:05 . 2008-01-03 22:17 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-06-08 15:51 . 2007-11-18 12:44 -------- d-----w- c:\program files\VoipCheapCom
2009-06-01 00:35 . 2009-01-14 21:08 -------- d-----w- c:\program files\Nero
2009-05-07 15:32 . 2002-08-29 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 11:18 . 2008-12-02 17:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-05 11:18 . 2008-12-02 17:49 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-05 11:18 . 2008-12-02 17:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-05 11:18 . 2008-12-02 17:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-04 20:19 . 2009-05-04 20:19 299352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-05-04 20:19 . 2009-05-04 20:19 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-05-04 20:19 . 2009-05-04 20:19 165728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-05-04 20:19 . 2009-05-04 20:19 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-05-04 20:19 . 2009-05-04 20:19 343888 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-05-04 20:19 . 2009-05-04 20:19 289632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-05-04 20:19 . 2009-05-04 20:19 82784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-05-04 20:18 . 2009-05-04 20:18 1629024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-05-04 20:18 . 2009-05-04 20:18 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-05-04 20:18 . 2009-05-04 20:18 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-05-04 20:18 . 2009-05-04 20:18 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-05-04 20:18 . 2009-04-20 20:16 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-04 20:18 . 2009-05-04 20:18 632680 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-05-04 20:16 . 2009-05-04 20:16 539512 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-05-04 20:16 . 2009-05-04 20:16 552808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-05-04 20:16 . 2009-05-04 20:16 2324808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-05-04 20:16 . 2009-05-04 20:16 626000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-05-04 20:16 . 2009-05-04 20:16 516440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-05-04 20:16 . 2009-05-04 20:16 953168 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-04-29 04:56 . 2002-08-29 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2007-11-16 07:19 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 23:48 . 2009-04-23 23:48 -------- d-----w- c:\documents and settings\Shannon.RHONDA-Z2XJVJZN\Application Data\DivX
2009-04-23 09:32 . 2009-04-20 18:47 218 ----a-w- c:\windows\Uhogunuhogaj.dat
2009-04-22 11:39 . 2009-04-20 18:51 -------- d-----w- c:\program files\Windows Desktop Search
2009-04-22 01:06 . 2007-11-17 14:56 -------- d-----w- c:\documents and settings\mine\Application Data\Apple Computer
2009-04-22 01:01 . 2007-12-16 14:03 -------- d-----w- c:\documents and settings\mine\Application Data\SoundSpectrum
2009-04-22 00:52 . 2007-11-16 17:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-21 13:00 . 2009-04-21 13:00 -------- d-----w- c:\documents and settings\Shannon.RHONDA-Z2XJVJZN\Application Data\Windows Desktop Search
2009-04-21 12:56 . 2009-04-21 12:54 -------- d-----w- c:\program files\Tesco Internet Phone
2009-04-20 19:54 . 2009-04-20 19:54 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-20 19:53 . 2008-03-31 12:07 -------- d-----w- c:\program files\Lavasoft
2009-04-20 19:32 . 2009-04-20 19:32 -------- d-----w- c:\documents and settings\mine\Application Data\Windows Search
2009-04-17 12:26 . 2002-08-29 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2002-08-29 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 01:32 . 2009-04-15 01:32 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-04 14:50 . 2008-09-10 19:14 62120 ----a-w- c:\documents and settings\Guest Family Freinds\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-04 14:03 . 2008-04-04 15:56 62120 ----a-w- c:\documents and settings\Shannon.RHONDA-Z2XJVJZN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-26 14:23 . 2009-04-15 01:36 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-26 14:23 . 2008-10-30 21:19 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-23 21:21 . 2007-11-16 07:23 62120 ----a-w- c:\documents and settings\mine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-09-12 01:27 . 2008-02-11 22:13 88 --sh--r- c:\windows\system32\C56B890A9D.sys
2008-09-12 01:27 . 2008-02-11 21:58 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2006-12-15 590728]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Tesco"="c:\program files\Tesco Internet Phone\TescoIP.exe" [2009-01-16 7376896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PhiBtn"="c:\windows\System32\drivers\PhiBtn.e xe" [2005-09-12 155648]
"TrayMin900"="c:\windows\System32\drivers\Tray900. exe" [2005-09-12 266240]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"GPPrinterNotify"="c:\program files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe" [2008-01-18 589824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-05 1947928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-04 516440]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-08-14 16050176]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2008-09-17 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE [2009-3-23 135680]
GreenPrint Printer Notify.lnk - c:\program files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe [2008-1-30 589824]
GreenPrint TrayIcon.lnk - c:\program files\GreenPrint Technologies\GreenPrint World\GPTray.exe [2008-1-30 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-05 11:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"VoipCheapCom"="c:\program files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
"Tesco"="c:\program files\Tesco Internet Phone\TescoIP.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"<NO NAME>"=c:\program files\Tesco Internet Phone\TescoIP.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.ex e
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\KWorld Multimedia\\DVB-T PLUS\\DTVR\\DTVR.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr .exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"4569:TCP"= 4569:TCP:TESCO
"4569:UDP"= 4569:UDP:TESCO
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20/04/2009 21:16 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02/12/2008 18:49 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02/12/2008 18:49 108552]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 00:45 124832]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02/12/2008 18:49 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/12/2008 18:49 298776]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [29/08/2002 13:00 14336]
R3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [07/12/2007 02:28 1240576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 953168]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [17/06/2009 02:15 38160]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17fil t.sys [20/03/2006 18:34 1452032]
S3 Uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\system32\drivers\uac4pdt.sys [24/02/2005 12:35 15232]
S4 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [07/04/2009 02:40 1693128]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1FD7781A-51FA-8D7D-F460-56BD21C4507A}]
c:\windows\system32:explorer.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:16]

2009-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 17:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2009-06-19 17:55
ComboFix-quarantined-files.txt 2009-06-19 16:55

Pre-Run: 182,085,885,952 bytes free
Post-Run: 182,545,317,888 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
redirect=usebiossettings
redirectbaudrate=
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="widow s xp new" /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
203 --- E O F --- 2009-06-17 19:56