adaware.virtuemondapplication Help please

[Geeza]

Hi

I recently contracted this annoying little virus. Have read previous post on the forums and done the appropriate log reports but as I'm pretty new to this whole affair I don't know which files I need to isolate in order to delete the virus. Please help

Thanks

Reports:

ComboFix 08-04-20.5 - ADS 2008-04-22 8:02:57.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.526 [GMT -5:00]

Running from: C:\Documents and Settings\ADS\Desktop\ComboFix.exe

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\bawlxqtv.dll

C:\WINDOWS\system32\ejppakpi.dll

C:\WINDOWS\system32\hagmnlcm.ini

C:\WINDOWS\system32\hjkmp.ini

C:\WINDOWS\system32\hjkmp.ini2

C:\WINDOWS\system32\ipkappje.ini

C:\WINDOWS\system32\mclnmgah.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mgjimjuy.dll

C:\WINDOWS\system32\owpqubsi.dll

C:\WINDOWS\system32\oxrdbmhl.dll

C:\WINDOWS\system32\rominixy.dll

C:\WINDOWS\system32\uwscvutp.dll

.

((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))

.

2008-04-22 08:09 . 2008-04-22 08:09 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-04-22 08:09 . 2008-04-22 08:09 <DIR> d-------- C:\Program Files\microsoft frontpage

2008-04-21 20:25 . 2008-04-21 20:25 <DIR> d-------- C:\WINDOWS\Sun

2008-04-21 19:26 . 2008-04-21 19:26 68,300 --ah----- C:\WINDOWS\system32\mlfcache.dat

2008-04-21 18:48 . 2008-04-21 19:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-21 18:48 . 2008-04-21 18:48 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-21 16:03 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-04-21 16:03 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-04-21 16:03 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-04-21 07:44 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg

2008-04-21 07:44 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg

2008-04-20 21:02 . 2008-04-20 21:02 <DIR> d-------- C:\Documents and Settings\ADS\Contacts

2008-04-20 21:00 . 2008-04-20 21:01 <DIR> d-------- C:\Program Files\Windows Live

2008-04-20 21:00 . 2008-04-20 21:00 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-04-20 20:59 . 2008-04-20 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-04-20 08:35 . 2008-04-21 08:38 1,541,269 --ahs---- C:\WINDOWS\system32\vflsqixg.ini

2008-04-19 08:30 . 2008-04-20 08:31 1,540,969 --ahs---- C:\WINDOWS\system32\eejsbqir.ini

2008-04-18 18:26 . 2008-04-19 19:17 <DIR> d-------- C:\Documents and Settings\ADS\Application Data\Cool Record Edit Pro

2008-04-18 17:45 . 2008-04-18 17:46 <DIR> d-------- C:\Program Files\Free Sound Recorder

2008-04-18 17:16 . 2008-04-18 17:16 <DIR> d-------- C:\Program Files\FREE Hi-Q Recorder

2008-04-18 10:52 . 2008-04-18 10:52 <DIR> d-------- C:\Program Files\uTorrent

2008-04-18 10:52 . 2008-04-22 07:28 <DIR> d-------- C:\Documents and Settings\ADS\Application Data\uTorrent

2008-04-18 08:29 . 2008-04-18 08:30 1,528,793 --ahs---- C:\WINDOWS\system32\gxwbxxng.ini

2008-04-18 08:27 . 2008-04-21 08:28 109,734 --a------ C:\WINDOWS\BM9312bdc6.xml

2008-04-17 08:28 . 2008-04-18 08:30 1,522,282 --ahs---- C:\WINDOWS\system32\niygkhsp.ini

2008-04-15 10:38 . 2008-04-15 10:38 <DIR> d-------- C:\Documents and Settings\All Users\SonicStage

2008-04-15 09:59 . 2001-08-31 15:07 27,255 --------- C:\WINDOWS\system32\drivers\NWWMUSB.sys

2008-04-15 09:58 . 2008-04-15 09:58 <DIR> d-------- C:\Program Files\Sony Corporation

2008-04-15 09:58 . 2002-09-11 10:20 11,510 --------- C:\WINDOWS\system32\drivers\VMCUSB.sys

2008-04-15 09:57 . 2005-03-21 20:32 757,760 --a------ C:\WINDOWS\system32\CDDBUI.dll

2008-04-15 09:57 . 2005-03-21 20:32 630,784 --a------ C:\WINDOWS\system32\CDDBControl.dll

2008-04-15 09:57 . 2001-09-13 02:15 90,112 --------- C:\WINDOWS\snymsico.dll

2008-04-15 09:57 . 2002-08-08 15:51 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys

2008-04-15 09:57 . 2003-11-10 12:31 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys

2008-04-15 09:57 . 2003-04-01 18:55 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys

2008-04-15 09:56 . 2008-04-15 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation

2008-04-15 09:54 . 2008-04-15 10:38 <DIR> d-------- C:\Documents and Settings\ADS\Application Data\Sony Corporation

2008-04-12 21:57 . 2008-04-13 02:01 <DIR> d-------- C:\Program Files\Subliminal Mind

2008-04-12 21:57 . 2008-04-12 21:57 720,896 --a------ C:\WINDOWS\iun6002.exe

2008-04-12 20:08 . 2008-04-12 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-04-10 21:50 . 2008-04-10 21:50 <DIR> d-------- C:\Program Files\Common Files\DirectX

2008-04-07 21:53 . 2008-04-07 21:53 <DIR> d-------- C:\Documents and Settings\ADS\Application Data\Canon

2008-04-07 21:49 . 2008-04-07 21:49 <DIR> d-------- C:\Program Files\Canon

2008-04-07 21:48 . 2008-04-07 21:48 <DIR> d-------- C:\Program Files\Common Files\Canon

2008-04-07 18:55 . 2008-04-07 19:07 <DIR> d-------- C:\Program Files\Yahoo!

2008-04-06 13:44 . 2002-11-22 01:00 221,184 --a------ C:\WINDOWS\system32\DartSock.dll

2008-04-06 13:44 . 2002-11-25 01:00 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll

2008-04-06 13:44 . 2000-10-10 01:00 49,152 --a------ C:\WINDOWS\system32\DartObjects.dll

2008-04-06 13:40 . 2008-04-06 13:40 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE

2008-04-06 13:37 . 2008-04-07 12:28 24 --a------ C:\WINDOWS\LogonStudio.ini

2008-04-06 13:13 . 2008-04-06 13:13 0 --a------ C:\WINDOWS\windowfx2.ini

2008-04-06 13:12 . 2008-04-06 13:12 0 --a------ C:\WINDOWS\windowfx3.ini

2008-04-06 13:07 . 2008-04-06 13:07 <DIR> d-------- C:\Program Files\WinCustomize

2008-04-06 13:07 . 2000-10-10 13:01 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-04-06 13:07 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll

2008-04-06 12:46 . 2000-10-20 00:05 25,088 --a------ C:\WINDOWS\system32\msxml3a.dll

2008-04-06 12:02 . 2008-04-06 12:02 <DIR> d-------- C:\Program Files\CursorXP

2008-04-06 00:13 . 2008-04-06 00:13 <DIR> d-------- C:\Program Files\Spyware Doctor

2008-04-06 00:13 . 2008-04-06 00:13 <DIR> d-------- C:\Documents and Settings\ADS\Application Data\PC Tools

2008-04-06 00:13 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-04-06 00:13 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-04-06 00:13 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-04-06 00:13 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-04-06 00:11 . 2008-04-17 08:19 <DIR> d-------- C:\Program Files\DAP

2008-04-06 00:11 . 2008-04-06 00:11 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx

2008-04-06 00:11 . 2008-04-06 00:11 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx

2008-04-06 00:11 . 2008-04-06 00:11 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll

2008-04-04 16:57 . 2008-04-04 16:58 <DIR> d-------- C:\Documents and Settings\ADS\Application Data\Autodesk

2008-04-04 16:54 . 2008-04-04 16:54 <DIR> d-------- C:\Program Files\turbo squid tentacles

2008-04-04 16:50 . 2008-04-04 16:50 231 --a------ C:\WINDOWS\system32\3dsmax.ini

2008-04-04 16:50 . 2008-04-04 16:50 43 --a------ C:\WINDOWS\system32\InstallSettings.ini

2008-04-04 16:49 . 2008-04-04 16:50 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared

2008-04-04 16:48 . 2008-04-04 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk

2008-04-04 16:47 . 2008-04-04 16:50 <DIR> d-------- C:\Program Files\Autodesk

2008-04-04 12:22 . 2008-04-04 12:22 <DIR> d-------- C:\Documents and Settings\ADS\Application Data\Flock

2008-04-04 09:58 . 2008-04-04 12:39 <DIR> d-------- C:\Program Files\Neuro-Programmer 2 Professional

2008-04-04 09:58 . 2008-04-21 13:10 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-04-04 00:10 . 2008-04-04 00:10 <DIR> d-------- C:\Program Files\Mini-stream Ripper

2008-04-03 23:48 . 2008-04-03 23:48 <DIR> d-------- C:\Program Files\Efficient WMA MP3 Converter

2008-04-03 23:48 . 2006-07-11 18:43 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll

2008-04-03 23:48 . 2006-07-11 18:35 503,808 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-04-03 23:48 . 2006-07-11 18:35 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-04-03 22:09 . 2008-04-03 22:09 <DIR> d-------- C:\Documents and Settings\ADS\WINDOWS

2008-04-03 22:09 . 2008-04-04 09:43 821 --a------ C:\WINDOWS\VIP.INI

2008-04-03 22:08 . 2008-04-03 22:10 <DIR> d-------- C:\Program Files\Oshobooks

2008-04-03 19:36 . 2008-04-03 19:36 <DIR> d-------- C:\Documents and Settings\ADS\Application Data\Nero

2008-04-02 21:45 . 2008-04-02 21:45 <DIR> d-------- C:\Program Files\SHARM 1.4

2008-04-02 21:28 . 2008-04-04 09:30 <DIR> d-------- C:\Program Files\MB Free Subliminal Message Software

2008-04-02 16:51 . 2008-04-16 18:46 <DIR> d-------- C:\Program Files\DOSBox-0.72

2008-04-02 15:13 . 2008-04-02 15:13 <DIR> d-------- C:\Documents and Settings\ADS\Application Data\Talkback

2008-04-02 15:13 . 2008-04-02 15:13 0 --a------ C:\WINDOWS\nsreg.dat

2008-04-02 13:40 . 2008-04-06 13:38 131 --------- C:\WINDOWS\WB.ini

2008-04-02 13:29 . 2008-04-02 13:29 <DIR> d-------- C:\Documents and Settings\ADS\Application Data\AEVITA

2008-04-02 13:28 . 2008-04-02 13:30 <DIR> d-------- C:\Program Files\AEVITA Wipe & Delete

2008-04-02 13:26 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll

2008-04-02 13:26 . 2005-01-22 18:05 20,480 --a------ C:\WINDOWS\system32\wbload.dll

2008-04-01 15:55 . 2008-04-01 15:55 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-04-01 15:49 . 2008-04-01 15:49 <DIR> d-------- C:\Program Files\PowerISO

2008-04-01 11:39 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-04-01 11:35 . 2008-04-01 11:35 <DIR> d-------- C:\Program Files\Microsoft Works

2008-04-01 11:34 . 2008-04-01 11:34 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-04-01 11:31 . 2008-04-01 11:31 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8

2008-04-01 11:29 . 2008-04-01 11:34 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-04-01 11:28 . 2008-04-21 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-04-01 11:27 . 2008-04-01 11:27 <DIR> dr-h----- C:\MSOCache

2008-03-28 18:39 . 2008-03-28 18:39 <DIR> d-------- C:\Program Files\Power Tab Software

2008-03-27 11:35 . 2008-04-03 10:42 <DIR> d-------- C:\Program Files\Advanced WMA Workshop

2008-03-27 11:31 . 2008-03-27 11:31 <DIR> d-------- C:\VideoConvert

2008-03-26 10:40 . 2008-03-26 10:40 <DIR> d-------- C:\Program Files\Guitar Pro 5

2008-03-26 09:50 . 2008-03-26 11:00 <DIR> d-------- C:\Program Files\MagicISO

2008-03-26 09:48 . 2008-03-26 09:49 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys

2008-03-26 09:47 . 2008-03-26 09:47 <DIR> d-------- C:\Program Files\Picasa2

2008-03-26 09:47 . 2008-03-26 09:47 <DIR> d-------- C:\Program Files\Google

2008-03-26 09:33 . 2008-04-06 14:07 <DIR> d-------- C:\Wallpapers-Icons

2008-03-25 23:56 . 2008-04-21 18:54 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-25 23:12 . 2008-03-25 23:13 <DIR> d-------- C:\Program Files\Winamp

2008-03-25 23:12 . 2008-03-26 00:03 <DIR> d-------- C:\Documents and Settings\ADS\Application Data\Winamp

2008-03-25 22:49 . 2008-03-25 22:49 <DIR> d-------- C:\Documents and Settings\ADS\Application Data\vlc

2008-03-25 22:08 . 2008-04-07 12:28 <DIR> d-------- C:\Documents and Settings\ADS\Application Data\OpenOffice.org2

2008-03-25 21:10 . 2008-03-30 20:31 <DIR> d-------- C:\Program Files\The Rosetta Stone

2008-03-25 21:10 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe

2008-03-25 20:49 . 2008-03-25 20:49 <DIR> d-------- C:\Program Files\LimeWire

2008-03-25 20:49 . 2008-03-25 20:49 <DIR> d-------- C:\Program Files\Flock

2008-03-25 20:48 . 2008-03-26 09:54 <DIR> d-------- C:\WINDOWS\system32\electricsheep-cache

2008-03-25 20:48 . 2008-03-25 20:48 48,456 --a------ C:\WINDOWS\system32\UninstallElectricSheep.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-11 21:08 90 ----a-w C:\WINDOWS\system32\drivers\sthdae.log

2008-04-06 18:07 --------- d-----w C:\Program Files\Common Files\Stardock

2008-04-06 17:00 --------- d-----w C:\Program Files\Stardock

2008-04-02 19:14 --------- d-----w C:\Program Files\TaskSwitchXP

2008-04-01 16:35 --------- d-----w C:\Program Files\MSBuild

2008-03-26 23:15 --------- d-----w C:\Program Files\Unlocker

2008-03-26 01:39 --------- d-----w C:\Program Files\Java

2008-03-25 21:55 --------- d-----w C:\Documents and Settings\ADS\Application Data\Styler

2008-03-25 21:50 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-03-25 21:48 --------- d-----w C:\Program Files\Sysinternals

2008-03-25 21:48 --------- d-----w C:\Program Files\Kristanix

2008-03-25 21:48 --------- d-----w C:\Program Files\Alky for Applications

2008-03-25 21:47 --------- d-----w C:\Program Files\Common Files\Java

2008-03-25 21:45 89 ----a-w C:\WINDOWS\system32\config\systemprofile\Del2124.bat

2008-03-25 21:45 89 ----a-w C:\Documents and Settings\Default User\Del2124.bat

2008-03-25 21:45 89 ----a-w C:\Documents and Settings\ADS\Del2124.bat

2008-03-25 21:44 --------- d-----w C:\Program Files\Reference Assemblies

2008-03-25 21:34 --------- d-----w C:\Program Files\Utilities

2008-03-25 21:34 --------- d-----w C:\Program Files\LClock

2008-03-25 21:34 --------- d-----w C:\Program Files\Desktop

2008-03-25 21:34 --------- d-----w C:\Program Files\CCleaner

2008-03-25 21:33 --------- d-----w C:\Program Files\Attribute Changer

2008-03-19 20:58 58,112 ----a-w C:\WINDOWS\system32\drivers\vdmindvd.sys

2008-03-19 20:58 51,712 ----a-w C:\WINDOWS\system32\drivers\tosdvd.sys

2008-03-19 20:58 262,528 ----a-w C:\WINDOWS\system32\drivers\cinemst2.sys

2008-03-19 20:58 21,376 ----a-w C:\WINDOWS\system32\drivers\tsbvcap.sys

2008-03-19 20:58 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys

2008-03-19 20:58 12,160 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys

2008-03-19 20:58 12,160 ----a-w C:\WINDOWS\system32\drivers\fsvga.sys

2008-03-19 20:58 12,032 ----a-w C:\WINDOWS\system32\drivers\riodrv.sys

2008-03-19 20:58 12,032 ----a-w C:\WINDOWS\system32\drivers\rio8drv.sys

2008-03-19 20:58 12,032 ----a-w C:\WINDOWS\system32\drivers\nikedrv.sys

2008-03-19 20:58 11,776 ----a-w C:\WINDOWS\system32\drivers\cpqdap01.sys

2008-03-19 20:55 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-03-19 20:55 113,664 ----a-w C:\WINDOWS\inf\hdaudio.sys

2008-03-14 06:04 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys

2008-03-07 13:47 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2008-03-07 09:24 1,296,473 ----a-r C:\WINDOWS\SET3.tmp

2008-03-07 09:16 16,674 ----a-r C:\WINDOWS\SET8.tmp

2008-03-07 09:16 1,088,979 ----a-r C:\WINDOWS\SET4.tmp

2008-03-07 07:47 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2008-03-07 07:47 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys

2008-03-07 07:47 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys

2008-03-07 06:54 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-03-07 06:51 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-03-07 06:51 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-03-07 06:50 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-03-07 06:21 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys

2008-03-07 06:21 6,272 ----a-w C:\WINDOWS\system32\drivers\splitter.sys

2008-03-07 06:21 56,576 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys

2008-03-07 06:21 52,864 ----a-w C:\WINDOWS\system32\drivers\DMusic.sys

2008-03-07 06:21 49,280 ----a-w C:\WINDOWS\system32\drivers\stream.sys

2008-03-07 06:21 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys

2008-03-07 06:21 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys

2008-03-07 06:15 7,552 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys

2008-03-07 06:15 4,992 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys

2008-03-07 06:14 5,376 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2008-03-07 06:12 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-03-07 06:12 37,248 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-03-07 06:07 196,224 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys

2008-03-07 04:43 142,592 ----a-w C:\WINDOWS\system32\drivers\aec.sys

2008-03-07 01:21 59,520 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys

2008-03-07 01:21 30,208 ----a-w C:\WINDOWS\system32\drivers\usbehci.sys

2008-03-07 01:21 20,608 ----a-w C:\WINDOWS\system32\drivers\usbuhci.sys

2008-03-07 01:21 143,872 ----a-w C:\WINDOWS\system32\drivers\usbport.sys

2008-03-07 01:15 96,512 ----a-w C:\WINDOWS\system32\drivers\atapi.sys

2008-03-07 01:15 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-03-07 01:15 24,960 ----a-w C:\WINDOWS\system32\drivers\pciidex.sys

2008-03-07 01:12 14,208 ----a-w C:\WINDOWS\system32\drivers\battc.sys

2008-03-07 01:12 13,952 ----a-w C:\WINDOWS\system32\drivers\CmBatt.sys

2008-03-07 01:12 10,240 ----a-w C:\WINDOWS\system32\drivers\compbatt.sys

2008-03-07 01:03 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-03-07 00:55 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-03-07 00:55 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-03-07 00:55 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-03-07 00:54 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-03-07 00:54 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-03-07 00:54 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-03-07 00:54 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-03-07 00:52 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-03-07 00:51 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-03-07 00:51 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-03-07 00:50 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-03-07 00:50 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-03-07 00:50 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-03-07 00:50 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-03-07 00:49 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-03-07 00:49 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-03-07 00:34 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-03-07 00:34 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-03-07 00:31 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-03-07 00:31 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-03-07 00:31 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-03-07 00:31 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-03-07 00:31 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-03-07 00:31 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-03-07 00:31 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-03-07 00:30 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-03-07 00:30 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-03-07 00:30 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

.

------- Sigcheck -------

2008-03-19 15:55 361344 cef393e4697b14d310320a62c3643f77 C:\WINDOWS\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-07 02:46 15360]

"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:44 140288]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PowerTweak Menu"="C:\WINDOWS\system32\mmm.exe" [2005-07-05 03:04 828416]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-02-27 09:33 15872]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-07 07:26 7557120]

"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]

"NodLogin"="C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [2008-02-09 14:16 299260]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-03-07 02:46 15360]

"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2008-03-19 15:54 124928 C:\WINDOWS\system32\advpack.dll]

"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdcdc]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

VESWinlogon.dll 2006-09-23 15:24 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^ADS^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=C:\Documents and Settings\ADS\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ADS^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]

path=C:\Documents and Settings\ADS\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk

backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-08-03 12:51 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]

--a------ 2004-04-26 16:21 270336 C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]

--a------ 2004-09-19 12:27 65536 C:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]

--a------ 2002-09-03 18:38 987187 C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2008-03-14 18:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]

--a------ 2005-06-03 07:16 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-01-15 17:54 37376 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\WINDOWS\\system32\\ElectricSheep.scr"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=

"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=

"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=

"C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]

R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 13:51]

S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2001-08-23 22:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f4b508d-04fe-11dd-867a-e5f28f64f166}]

\Shell\AutoRun\command - F:\ino6.com

\Shell\explore\Command - F:\ino6.com

\Shell\open\Command - F:\ino6.com

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-22 08:10:22

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

.

**************************************************************************

.

Completion time: 2008-04-22 8:13:24 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-22 13:13:05

Pre-Run: 4,938,088,448 bytes free

Post-Run: 5,068,988,416 bytes free

368 --- E O F --- 2008-04-22 01:47:29

AND NOW HIJACK

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:59:46, on 22/04/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20733)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\WINDOWS\system32\mmm.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Flock\flock\flock.exe

C:\Documents and Settings\ADS\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {11241072-58BB-40CE-9171-0B2BDFB22E97} - C:\WINDOWS\system32\iifdcdc.dll

O2 - BHO: (no name) - {6C7FB8E0-6B8D-4070-B8F4-8A41E73673BA} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Drivers and Cracks\Programs\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [PowerTweak Menu] C:\WINDOWS\system32\mmm.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe

O4 - HKLM\..\Run: [90218e5a] rundll32.exe "C:\WINDOWS\system32\mclnmgah.dll",b

O4 - HKLM\..\Run: [bM9312bdc6] Rundll32.exe "C:\WINDOWS\system32\owpqubsi.dll",s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: iifdcdc - C:\WINDOWS\

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--

End of file - 8484 bytes

THANKS FOR TAKING THE TIME

[JeanInMontana]

Hi Geeza and welcome to Malwarebytes. Never run a tool like ComboFix with out being asked and under supervision. You must have read someone else's instructions. The logs requested in this forum are in the following instructions.

I also wonder how you have SP3 for XP? It's not generally available. My advice is get rid of the P2P C:\Program Files\uTorrent most likely how you got infected. You are still infected so please follow these instructions.

Make sure your running as an administrator on the machine. Allow email from Malwarebytes.org and set your preferences in the user control panel to email notifications for replies to your topics. This ensures you make prompt replies back and we get you cleaned in the fastest way possible.

Please set your system to show

all files; Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

If you haven't already, please get these programs, update and run a complete scan removing all items found.

Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. Be sure to be in advanced mode also.

Please run a full scan of your main drive, usually C with MBAM making sure you check all items found for removal. Please post that log in your next reply.

Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.

Post the logs from the Panda and MBAM scans please, along with a log from this program HiJack This!

You will post three logs. 1. MBAM scan. 2. Panda Active Scan. 3. HiJack This scan. Please run and post the scans in this order. You will finish the MBAM first so go ahead and post that log, then move on to Panda and so forth.

I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said.

Be patient and persistent. These things can take time and many procedures.

[JeanInMontana]

due to lack of response this topic will now be closed.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.