win32/cryptor

Hi can you please help I have been away a few days & my grand daughter has been using the pc. Everytime I turn it on it says AVG has found win32/crptor. I run a scan but it says it can't delete it, please can you help. Yours sincerely Reg :oops:

Hello.
Please read here and post a Hijack This log.

http://www.geekpolice.net/virus-spyware-malware-removal-f11/read-this-before-posting-t3821.htm

Sorry I forgot to post hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:38, on 07/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\InkSaver\InkSaver.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Reg\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=1008&m=imedia_x2416
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=1008&m=imedia_x2416
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [InkSaver] C:\Program Files\InkSaver\InkSaver.exe hide
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: SpeedTester.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1232397151_ed5c83eb3f2c86c41a46a70d1dfaaba3&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Partner Service - Google Inc. - c:\programdata\partner\partner.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\Windows\system32\wwSecure.exe

--
End of file - 9458 bytes

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Here is the log it says nothing detected

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 6.0.6001 Service Pack 1

07/02/2009 22:39:50
mbam-log-2009-02-07 (22-39-50).txt

Scan type: Quick Scan
Objects scanned: 57471
Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MBAM found nothing, lets take a look around the machine.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  Link 3
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Save the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

heres the first part

DDS (Ver_09-02-01.01) - NTFSx86
Run by Reg at 23:07:10.95 on 07/02/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.44.1033.18.3070.1737 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wwSecure.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\InkSaver\InkSaver.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Users\Reg\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.orange.co.uk/
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=1008&m=imedia_x2416
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=1008&m=imedia_x2416
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
uRun: [c:\program files\netmeter\netmeter.exe] c:\program files\netmeter\NetMeter.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [eRecoveryService]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [InkSaver] c:\program files\inksaver\InkSaver.exe hide
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\reg\appdata\roaming\micros~1\windows\startm~1\programs\startup\speedt~1.lnk - c:\users\reg\appdata\roaming\microsoft\installer\{32729ff3-ad6a-45cc-8e55-e1916420f7f1}\_7EA94809FE219030A883C8.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1232397151_ed5c83eb3f2c86c41a46a70d1dfaaba3&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,avgrsstx.dll c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL

================= FIREFOX ===================

FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-7 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-19 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-29 107272]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-10 124832]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-19 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-19 298264]
R2 ETService;Empowering Technology Service;c:\program files\packardbell\packard bell recovery management\service\ETService.exe [2008-10-30 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-7-31 44576]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-30 30192]
S3 Partner Service;Partner Service;c:\programdata\partner\partner.exe [2009-1-19 110576]

heres second part

=============== Created Last 30 ================

2009-02-07 20:03 --d----- c:\users\reg\appdata\roaming\Malwarebytes
2009-02-07 20:03 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-07 20:03 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 20:03 --d----- c:\programdata\Malwarebytes
2009-02-07 20:03 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-07 20:03 --d----- c:\progra~2\Malwarebytes
2009-02-07 17:39 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-02-07 17:39 --d----- c:\program files\Panda Security
2009-02-07 15:10 --d----- c:\users\reg\appdata\roaming\True Sword
2009-02-07 15:07 81,920 a------- c:\windows\eSellerateControl350.dll
2009-02-07 15:07 --d----- c:\program files\True Sword 5
2009-02-07 14:46 --d----- c:\program files\freshplay
2009-02-07 14:44 343 ---shr-- C:\autorun.inf
2009-02-07 14:32 --d----- c:\program files\InkSaver
2009-02-07 14:23 --d----- c:\users\reg\appdata\roaming\Webroot
2009-02-07 14:23 --d----- c:\program files\Webroot
2009-02-07 14:23 --d----- c:\program files\common files\Webroot Shared
2009-02-07 14:22 487,936 a------- c:\windows\system32\wwSecure.exe
2009-02-07 14:22 57,344 a------- c:\windows\Unwash6.exe
2009-02-06 12:37 --d-h--- C:\$AVG8.VAULT$
2009-02-05 22:53 0 a------- c:\windows\hpqemlsz.INI
2009-02-05 22:51 --d----- c:\users\reg\appdata\roaming\Printer Info Cache
2009-02-05 22:50 --d----- c:\program files\common files\HP
2009-02-05 22:49 --d----- c:\programdata\HP Product Assistant
2009-02-05 22:49 --d----- c:\program files\common files\Hewlett-Packard
2009-02-05 22:49 --d----- c:\program files\HP
2009-02-05 22:48 115,349 a------- c:\windows\hpgins21.dat
2009-02-05 22:48 282 -------- c:\windows\hpgmdl21.dat
2009-02-05 22:48 --d----- c:\programdata\HP
2009-02-05 21:06 --d----- c:\programdata\PC Drivers HeadQuarters
2009-02-05 21:06 --d----- c:\program files\PC Drivers HeadQuarters
2009-02-05 21:06 --d----- c:\progra~2\PC Drivers HeadQuarters
2009-02-05 20:22 0 a------- C:\temp.html
2009-02-05 20:20 45,056 a------- c:\windows\system32\prnunins.exe
2009-02-05 20:20 306,688 a------- c:\windows\IsUninst.exe
2009-02-05 20:20 924 a------- c:\windows\hpinfo.lnk
2009-02-05 20:20 --d----- c:\program files\hp deskjet 5550 series
2009-02-05 20:19 147,512 a------- c:\windows\system32\hpzlnt06.dll
2009-01-31 09:09 189,053,222 a------- c:\windows\MEMORY.DMP
2009-01-29 19:50 --d----- c:\program files\Broadband Choices
2009-01-29 19:04 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-27 07:07 --d----- c:\windows\pss
2009-01-25 11:59 --d----- c:\users\reg\appdata\roaming\KodakCredentialStore
2009-01-25 11:54 --d----- c:\users\reg\appdata\roaming\Skinux
2009-01-25 11:52 --d----- c:\programdata\ArcSoft
2009-01-25 11:52 --d----- c:\progra~2\ArcSoft
2009-01-25 11:51 --d----- c:\program files\common files\Kodak
2009-01-25 11:51 --d----- c:\program files\Kodak
2009-01-25 11:51 --d----- c:\program files\common files\MSSoap
2009-01-25 11:40 --d----- c:\programdata\Kodak
2009-01-25 11:40 --d----- c:\progra~2\Kodak
2009-01-23 07:32 --d----- c:\program files\ScanSoft
2009-01-23 07:28 --d----- c:\program files\Microsoft AutoRoute
2009-01-20 21:21 --d----- c:\users\reg\appdata\roaming\proDAD
2009-01-20 21:21 --d----- c:\program files\proDAD
2009-01-20 21:21 90,112 a------- c:\windows\unvise32.exe
2009-01-20 21:21 --d----- c:\program files\LooksBuilderSE
2009-01-20 21:20 237,568 a----r-- c:\windows\system32\qtmlClient.dll
2009-01-20 21:20 69,632 a------- c:\windows\system32\MtxPreview.dll
2009-01-20 21:20 49,152 a------- c:\windows\system32\MtxParhBFXPreview.dll
2009-01-20 21:20 49,152 a------- c:\windows\system32\CvoAPI.dll
2009-01-20 21:20 45,056 a------- c:\windows\system32\BFXSrcFilter.ax
2009-01-20 21:20 0 a------- c:\windows\Graffiti5.2Pin.ini
2009-01-20 21:20 --d----- c:\program files\Boris FX, Inc
2009-01-20 21:16 --d----- c:\program files\SureThing Express Labeler
2009-01-20 21:16 --d----- c:\program files\common files\SureThing Shared
2009-01-20 21:14 --d----- c:\program files\common files\Pinnacle
2009-01-20 21:14 --d----- c:\programdata\Pinnacle Studio Ultimate
2009-01-20 21:14 --d----- c:\progra~2\Pinnacle Studio Ultimate
2009-01-20 21:11 --d----- c:\programdata\Studio 12
2009-01-20 21:11 --d----- c:\programdata\Pinnacle Studio Plus
2009-01-20 21:11 --d----- c:\program files\Pinnacle
2009-01-20 21:11 --d----- c:\program files\common files\Yahoo!
2009-01-20 21:11 --d----- c:\progra~2\Studio 12
2009-01-20 21:11 --d----- c:\progra~2\Pinnacle Studio Plus
2009-01-20 21:07 --d----- c:\programdata\Pinnacle
2009-01-20 17:39 69 a------- c:\windows\NeroDigital.ini
2009-01-20 13:09 --d----- c:\programdata\FLEXnet
2009-01-19 23:08 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-01-19 23:08 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-01-19 23:08 --d----- c:\program files\OpenAL
2009-01-19 23:08 --d----- c:\users\reg\appdata\roaming\flightgear.org
2009-01-19 23:06 --d----- c:\program files\FlightGear
2009-01-19 22:03 --d----- c:\programdata\WindowsSearch
2009-01-19 21:14 --d----- c:\users\reg\appdata\roaming\NetMeter
2009-01-19 21:14 --d----- c:\program files\NetMeter
2009-01-19 21:01 --d----- c:\programdata\Azureus
2009-01-19 21:01 --d----- c:\progra~2\Azureus
2009-01-19 21:01 --d----- c:\users\reg\appdata\roaming\Azureus
2009-01-19 21:01 --d----- c:\program files\AskSBar
2009-01-19 20:51 --d----- c:\program files\Vuze
2009-01-19 20:24 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-19 19:44 --d----- c:\programdata\DVD Shrink
2009-01-19 19:44 --d----- c:\program files\DVD Shrink
2009-01-19 19:42 --d----- c:\program files\DVD Decrypter
2009-01-19 19:42 --d----- c:\users\reg\appdata\roaming\DVD Shrink
2009-01-19 19:23 170,496 a------- c:\windows\system32\tcpipcfg.dll
2009-01-19 19:23 22,528 a------- c:\windows\system32\netiougc.exe
2009-01-19 19:23 1,221,008 a------- c:\windows\system32\zpeng25.dll
2009-01-19 19:14 293,776 a------- c:\windows\system32\drivers\vsdatant.sys
2009-01-19 19:14 --d----- c:\windows\system32\ZoneLabs
2009-01-19 19:14 --d----- c:\programdata\CheckPoint
2009-01-19 19:14 --d----- c:\program files\Zone Labs
2009-01-19 19:14 --d----- c:\progra~2\CheckPoint
2009-01-19 19:14 348,370 a---h--- c:\windows\system32\drivers\vsconfig.xml
2009-01-19 19:13 --d----- c:\windows\Internet Logs
2009-01-19 19:00 --d----- c:\program files\Seagate
2009-01-19 18:56 376 a------- c:\windows\ODBC.INI
2009-01-19 18:55 --d----- c:\program files\Microsoft ActiveSync
2009-01-19 18:18 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-19 18:18 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-19 18:18 --d----- c:\windows\system32\drivers\Avg
2009-01-19 18:18 --d----- c:\programdata\avg8
2009-01-19 18:18 --d----- c:\program files\AVG
2009-01-19 18:18 --d----- c:\progra~2\avg8
2009-01-19 17:51 1,414,440 a------- c:\windows\system32\ShellManager310E2D762.dll
2009-01-19 17:51 773,120 a------- c:\windows\system32\NEROINSTAEC43759.DB
2009-01-19 17:51 0 a------- c:\windows\Irremote.ini
2009-01-19 17:15 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-01-19 17:11 --d----- c:\program files\MSXML 4.0
2009-01-19 17:10 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-01-19 17:10 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-01-19 17:10 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-01-19 17:08 2,868,736 a------- c:\windows\system32\mf.dll
2009-01-19 17:08 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-01-19 17:08 94,720 a------- c:\windows\system32\logagent.exe
2009-01-19 17:08 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2009-01-19 17:08 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2009-01-19 17:08 1,645,568 a------- c:\windows\system32\connect.dll
2009-01-19 17:07 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-01-19 17:04 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-01-19 17:04 83,456 a------- c:\windows\system32\wudriver.dll
2009-01-19 17:03 162,064 a------- c:\windows\system32\wuwebv.dll
2009-01-19 17:03 31,232 a------- c:\windows\system32\wuapp.exe
2009-01-19 13:27 --d----- c:\program files\EasyBits For Kids
2009-01-19 13:26 --d----- c:\users\reg\appdata\roaming\Symantec
2009-01-19 13:22 --d----- c:\programdata\Partner
2009-01-19 13:22 --d----- c:\progra~2\Partner
2009-01-19 13:21 --d----- c:\programdata\Google
2009-01-19 13:21 --d----- c:\users\Reg

==================== Find3M ====================

2009-02-05 20:28 86,016 a------- c:\windows\inf\infstrng.dat
2009-02-05 20:28 51,200 a------- c:\windows\inf\infpub.dat
2009-02-05 20:28 86,016 a------- c:\windows\inf\infstor.dat
2009-01-19 13:27 8,164 a------- c:\windows\system32\ezdigsgn.dat
2009-01-19 13:27 268,288 a------- c:\windows\system32\ezSetup.exe
2009-01-19 13:27 111,104 a------- c:\windows\system32\ezShellStart.exe
2009-01-19 13:27 91,136 a------- c:\windows\system32\ezUninst.exe
2009-01-19 13:27 49,152 a------- c:\windows\system32\ezUPBHook.dll
2009-01-19 13:27 15,872 a------- c:\windows\system32\ezMAPIHelper.exe
2008-12-16 02:42 288,768 a------- c:\windows\system32\drivers\srv.sys
2008-08-21 20:54 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 02:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:07:45.23 ===============

Hello.
Do you have any flash drives? (usb stick, external hardrive, etc)

not connected at the moment no.

But you do have some? how many? they maybe infected too.

Please plug them in, and let me know what drive letters they use.

ok plugged in portable hard drive letter I thats all i have

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  C:\autorun.inf
  I:\autorun.inf
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== FILES ==========
File move failed. C:\autorun.inf scheduled to be moved on reboot.
File move failed. I:\Autorun.inf scheduled to be moved on reboot.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02072009_234744

Files moved on Reboot...
File move failed. C:\autorun.inf scheduled to be moved on reboot.
File move failed. I:\Autorun.inf scheduled to be moved on reboot.

I had to reboot & on restart it said trojan found in
c:\windows\system32\gaopdxfyarcxfq.dll.
Hope this helps you. Regrds Reg

Hi I have just noticed its every time I open internet explorer AVG detects the virus, hope it helps

Hello.
We need to use Combofix here, I will post the instructions for them here shortly.
First, I see you have Zonealarm installed. This isn't really needed in Vista, because the Vista firewall blocks incoming/outgoing traffic from programs, including malware. Plus, Zonealarm will get in the way with Combofix. I would advice you to uninstall Zonealarm. If not, right click the zonealarm icon in the tray and exit it while we do this.

• Download combofix from here - combofix.exe
  
• Please disable your local AV. In AVG8:
  Double click the AVG8 icon in the tray to open the interface.
  Double click on "Resident Shiled" and untick "Resident Shield Active"
  Close the interface.
  
• Double click on ComboFix.exe.
  
• Follow the prompts.
  NOTE:
  
• Tell Combofix NOT to download the recovery console(If prompted...).
  
• Accept the End-User License Agreement.
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

here it is first half
ComboFix 09-02-06.04 - Reg 2009-02-08 0:30:21.2 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.3070.2121 [GMT 0:00]
Running from: c:\users\Reg\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gaopdxjptptsnq.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxfyarcxfq.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 )))))))))))))))))))))))))))))))
.

2009-02-07 23:47 . 2009-02-07 23:47 d-------- C:\_OTMoveIt
2009-02-07 20:03 . 2009-02-07 20:03 d-------- c:\users\Reg\AppData\Roaming\Malwarebytes
2009-02-07 20:03 . 2009-02-07 20:03 d-------- c:\users\All Users\Malwarebytes
2009-02-07 20:03 . 2009-02-07 20:03 d-------- c:\programdata\Malwarebytes
2009-02-07 20:03 . 2009-02-07 22:19 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-07 20:03 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-07 20:03 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-07 17:39 . 2009-02-07 17:39 d-------- c:\program files\Panda Security
2009-02-07 17:39 . 2008-06-19 16:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2009-02-07 15:10 . 2009-02-07 15:10 d-------- c:\users\Reg\AppData\Roaming\True Sword
2009-02-07 15:07 . 2009-02-07 19:27 d-------- c:\program files\True Sword 5
2009-02-07 15:07 . 2003-06-06 11:21 81,920 --a------ c:\windows\eSellerateControl350.dll
2009-02-07 14:32 . 2009-02-07 14:32 d-------- c:\program files\InkSaver
2009-02-07 14:23 . 2009-02-07 14:23 d-------- c:\users\Reg\AppData\Roaming\Webroot
2009-02-07 14:23 . 2009-02-07 14:23 d-------- c:\program files\Webroot
2009-02-07 14:23 . 2009-02-07 14:23 d-------- c:\program files\Common Files\Webroot Shared
2009-02-07 14:22 . 2005-04-20 10:34 487,936 --a------ c:\windows\System32\wwSecure.exe
2009-02-07 14:22 . 2005-04-18 13:49 57,344 --a------ c:\windows\Unwash6.exe
2009-02-06 12:37 . 2009-02-07 23:09 d--h----- C:\$AVG8.VAULT$
2009-02-05 22:53 . 2009-02-05 22:53 0 --a------ c:\windows\hpqemlsz.INI
2009-02-05 22:51 . 2009-02-05 22:51 d-------- c:\users\Reg\AppData\Roaming\Printer Info Cache
2009-02-05 22:51 . 2009-02-05 22:51 d-------- c:\users\Reg\AppData\Roaming\Image Zone Express
2009-02-05 22:51 . 2009-02-05 22:52 d-------- c:\users\Reg\AppData\Roaming\HP
2009-02-05 22:50 . 2009-02-05 22:50 d-------- c:\program files\Common Files\HP
2009-02-05 22:49 . 2009-02-05 22:49 d-------- c:\users\All Users\HP Product Assistant
2009-02-05 22:49 . 2009-02-05 22:49 d-------- c:\programdata\HP Product Assistant
2009-02-05 22:49 . 2009-02-05 22:50 d-------- c:\program files\HP
2009-02-05 22:49 . 2009-02-05 22:49 d-------- c:\program files\Common Files\Hewlett-Packard
2009-02-05 22:48 . 2009-02-05 22:50 d-------- c:\users\All Users\HP
2009-02-05 22:48 . 2009-02-05 22:50 d-------- c:\programdata\HP
2009-02-05 22:48 . 2009-02-05 22:51 115,349 --a------ c:\windows\hpgins21.dat
2009-02-05 22:48 . 2007-05-02 11:39 282 --------- c:\windows\hpgmdl21.dat
2009-02-05 21:06 . 2009-02-05 21:06 d-------- c:\users\All Users\PC Drivers HeadQuarters
2009-02-05 21:06 . 2009-02-05 21:06 d-------- c:\programdata\PC Drivers HeadQuarters
2009-02-05 21:06 . 2009-02-05 21:06 d-------- c:\program files\PC Drivers HeadQuarters
2009-02-05 20:22 . 2009-02-05 20:22 0 --a------ C:\temp.html
2009-02-05 20:20 . 2009-02-05 20:20 d-------- c:\program files\hp deskjet 5550 series
2009-02-05 20:20 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-02-05 20:20 . 2002-01-28 14:32 45,056 --a------ c:\windows\System32\prnunins.exe
2009-02-05 20:20 . 2009-02-05 20:20 924 --a------ c:\windows\hpinfo.lnk
2009-02-05 20:19 . 2002-07-11 12:13 147,512 --a------ c:\windows\System32\hpzlnt06.dll
2009-02-05 20:17 . 2009-02-05 20:20 d-------- c:\program files\Hewlett-Packard
2009-01-31 09:09 . 2009-01-31 09:09 189,053,222 --a------ c:\windows\MEMORY.DMP
2009-01-29 19:50 . 2009-01-29 19:50 d-------- c:\program files\Broadband Choices
2009-01-29 19:04 . 2009-01-29 19:04 107,272 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-01-25 11:59 . 2009-01-25 11:59 d-------- c:\users\Reg\AppData\Roaming\KodakCredentialStore
2009-01-25 11:54 . 2009-01-25 11:54 d-------- c:\users\Reg\AppData\Roaming\Skinux
2009-01-25 11:52 . 2009-01-26 13:05 d-------- c:\users\Reg\AppData\Roaming\Arcsoft
2009-01-25 11:52 . 2009-01-25 11:53 d-------- c:\users\All Users\ArcSoft
2009-01-25 11:52 . 2009-01-25 11:53 d-------- c:\programdata\ArcSoft
2009-01-25 11:52 . 2009-01-25 11:52 d-------- c:\program files\Common Files\ArcSoft
2009-01-25 11:52 . 2009-01-25 11:52 d-------- c:\program files\ArcSoft
2009-01-25 11:51 . 2009-01-25 11:51 d-------- c:\program files\Kodak
2009-01-25 11:51 . 2009-01-25 11:51 d-------- c:\program files\Common Files\Kodak
2009-01-25 11:40 . 2009-01-25 11:53 d-------- c:\users\All Users\Kodak
2009-01-25 11:40 . 2009-01-25 11:53 d-------- c:\programdata\Kodak
2009-01-23 21:45 . 2009-01-23 21:45 d-------- c:\users\Reg\AppData\Roaming\Skype
2009-01-23 07:32 . 2009-01-23 07:32 d-------- c:\program files\ScanSoft
2009-01-23 07:31 . 2009-01-23 07:31 dr------- c:\windows\System32\config\systemprofile\Videos
2009-01-23 07:31 . 2009-01-23 07:31 dr------- c:\windows\System32\config\systemprofile\Searches
2009-01-23 07:31 . 2009-01-23 07:31 dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-01-23 07:31 . 2009-01-23 07:31 dr------- c:\windows\System32\config\systemprofile\Pictures
2009-01-23 07:31 . 2009-01-23 07:31 dr------- c:\windows\System32\config\systemprofile\Music
2009-01-23 07:31 . 2009-01-23 07:31 dr------- c:\windows\System32\config\systemprofile\Links
2009-01-23 07:31 . 2009-01-23 07:31 dr------- c:\windows\System32\config\systemprofile\Downloads
2009-01-23 07:31 . 2009-01-23 07:31 dr------- c:\windows\System32\config\systemprofile\Documents
2009-01-23 07:28 . 2009-01-23 07:29 d-------- c:\program files\Microsoft AutoRoute
2009-01-20 21:21 . 2009-01-20 21:21 d-------- c:\users\Reg\AppData\Roaming\proDAD
2009-01-20 21:21 . 2009-01-20 21:21 d-------- c:\program files\proDAD
2009-01-20 21:21 . 2009-01-20 21:21 d-------- c:\program files\LooksBuilderSE
2009-01-20 21:21 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
2009-01-20 21:20 . 2009-01-20 21:20 d-------- c:\program files\Boris FX, Inc
2009-01-20 21:20 . 2003-06-26 10:04 237,568 -ra------ c:\windows\System32\qtmlClient.dll
2009-01-20 21:20 . 2003-07-01 16:49 69,632 --a------ c:\windows\System32\MtxPreview.dll
2009-01-20 21:20 . 2003-07-01 16:49 49,152 --a------ c:\windows\System32\MtxParhBFXPreview.dll
2009-01-20 21:20 . 2003-01-20 09:08 49,152 --a------ c:\windows\System32\CvoAPI.dll
2009-01-20 21:20 . 2003-07-09 10:43 45,056 --a------ c:\windows\System32\BFXSrcFilter.ax
2009-01-20 21:20 . 2007-12-12 19:02 0 --a------ c:\windows\Graffiti5.2Pin.ini
2009-01-20 21:16 . 2009-01-20 21:16 d-------- c:\program files\SureThing Express Labeler
2009-01-20 21:16 . 2009-01-20 21:16 d-------- c:\program files\Common Files\SureThing Shared
2009-01-20 21:14 . 2009-01-20 21:14 d-------- c:\users\All Users\Pinnacle Studio Ultimate
2009-01-20 21:14 . 2009-01-20 21:14 d-------- c:\programdata\Pinnacle Studio Ultimate
2009-01-20 21:14 . 2009-01-20 21:14 d-------- c:\program files\Common Files\Pinnacle
2009-01-20 21:11 . 2009-01-20 21:11 d-------- c:\users\All Users\Studio 12
2009-01-20 21:11 . 2009-01-20 21:11 d-------- c:\users\All Users\Pinnacle Studio Plus
2009-01-20 21:11 . 2009-01-20 21:11 d-------- c:\programdata\Studio 12
2009-01-20 21:11 . 2009-01-20 21:11 d-------- c:\programdata\Pinnacle Studio Plus
2009-01-20 21:11 . 2009-01-20 21:19 d-------- c:\program files\Pinnacle
2009-01-20 21:11 . 2009-01-20 21:11 d-------- c:\program files\Common Files\Yahoo!
2009-01-20 21:07 . 2009-01-20 21:15 d-------- c:\users\All Users\Pinnacle
2009-01-20 21:07 . 2009-01-20 21:15 d-------- c:\programdata\Pinnacle
2009-01-20 17:56 . 2006-11-02 10:23 dr------- c:\users\Regie\Videos
2009-01-20 17:56 . 2006-11-02 10:23 d-------- c:\users\Regie\Saved Games
2009-01-20 17:56 . 2006-11-02 10:23 dr------- c:\users\Regie\Pictures
2009-01-20 17:56 . 2006-11-02 10:23 dr------- c:\users\Regie\Music
2009-01-20 17:56 . 2006-11-02 10:23 dr------- c:\users\Regie\Links
2009-01-20 17:56 . 2006-11-02 10:23 dr------- c:\users\Regie\Downloads
2009-01-20 17:56 . 2009-01-20 17:56 dr------- c:\users\Regie\Documents
2009-01-20 17:56 . 2006-11-02 12:37 d-------- c:\users\Regie\AppData\Roaming\Media Center Programs
2009-01-20 17:56 . 2006-11-02 11:18 d--h----- c:\users\Regie\AppData
2009-01-20 17:56 . 2009-01-20 17:56 d-------- c:\users\Regie
2009-01-20 17:39 . 2009-01-20 17:40 69 --a------ c:\windows\NeroDigital.ini
2009-01-20 13:09 . 2009-01-20 13:09 d-------- c:\users\All Users\FLEXnet
2009-01-20 13:09 . 2009-01-20 13:09 d-------- c:\programdata\FLEXnet
2009-01-19 23:08 . 2009-01-19 23:11 d-------- c:\users\Reg\AppData\Roaming\flightgear.org
2009-01-19 23:08 . 2009-01-19 23:08 d-------- c:\program files\OpenAL
2009-01-19 23:08 . 2009-01-19 23:08 413,696 --a------ c:\windows\System32\wrap_oal.dll
2009-01-19 23:08 . 2009-01-19 23:08 110,592 --a------ c:\windows\System32\OpenAL32.dll
2009-01-19 23:06 . 2009-01-19 23:08 d-------- c:\program files\FlightGear
2009-01-19 22:03 . 2009-01-19 22:03 d-------- c:\users\All Users\WindowsSearch
2009-01-19 22:03 . 2009-01-19 22:03 d-------- c:\programdata\WindowsSearch
2009-01-19 21:14 . 2009-01-19 21:19 d-------- c:\users\Reg\AppData\Roaming\NetMeter
2009-01-19 21:14 . 2009-01-19 21:14 d-------- c:\program files\NetMeter
2009-01-19 21:01 . 2009-02-07 14:31 d-------- c:\users\Reg\AppData\Roaming\Azureus
2009-01-19 21:01 . 2009-01-19 21:01 d-------- c:\users\All Users\Azureus
2009-01-19 21:01 . 2009-01-19 21:01 d-------- c:\programdata\Azureus
2009-01-19 21:01 . 2009-01-19 21:01 d-------- c:\program files\AskSBar
2009-01-19 20:51 . 2009-02-07 10:03 d-------- c:\program files\Vuze
2009-01-19 20:24 . 2009-01-19 20:24 d-------- c:\windows\Sun
2009-01-19 20:24 . 2009-01-19 20:24 d-------- c:\program files\Java
2009-01-19 20:24 . 2009-01-19 20:24 410,984 --a------ c:\windows\System32\deploytk.dll
2009-01-19 19:44 . 2009-01-19 19:44 d-------- c:\users\All Users\DVD Shrink
2009-01-19 19:44 . 2009-01-19 19:44 d-------- c:\programdata\DVD Shrink
2009-01-19 19:44 . 2009-01-19 19:44 d-------- c:\program files\DVD Shrink
2009-01-19 19:42 . 2009-01-19 19:42 d-------- c:\users\Reg\AppData\Roaming\DVD Shrink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 14:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-06 19:48 --------- d-----w c:\programdata\Nero
2009-01-31 09:07 223,232 ----a-w c:\windows\Internet Logs\xDB7C8E.tmp
2009-01-24 10:14 --------- d-----w c:\program files\Google
2009-01-20 07:39 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-19 18:25 --------- d-----w c:\programdata\NVIDIA
2009-01-19 17:58 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-19 17:57 --------- d-----w c:\program files\Windows Mail
2009-01-19 17:56 --------- d-----w c:\programdata\Symantec
2009-01-19 13:27 91,136 ----a-w c:\windows\System32\ezUninst.exe
2009-01-19 13:27 49,152 ----a-w c:\windows\System32\ezUPBHook.dll
2009-01-19 13:27 268,288 ----a-w c:\windows\System32\ezSetup.exe
2009-01-19 13:27 15,872 ----a-w c:\windows\System32\ezMAPIHelper.exe
2009-01-19 13:27 111,104 ----a-w c:\windows\System32\ezShellStart.exe
2009-01-19 13:22 --------- d-----w c:\program files\PACKARD BELL
2008-12-16 02:42 288,768 ----a-w c:\windows\system32\drivers\srv.sys
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2009-01-23 21:53 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-11-28 19:31 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:31 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:31 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:31 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:31 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

second half

((((((((((((((((((((((((((((( SnapShot@2009-02-08_ 0.22.52.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-08 00:18:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-08 00:26:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-08 00:18:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-08 00:26:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-08 00:22:36 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-08 00:27:42 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-08 00:27:42 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-08 00:22:13 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-08 00:31:39 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-08 00:31:39 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-08 00:19:04 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-08 00:26:49 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-08 00:19:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-08 00:26:49 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-08 00:19:04 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-08 00:26:49 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-07 23:54:56 105,448 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-08 00:25:34 105,448 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-07 23:54:56 599,942 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-08 00:25:34 599,942 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-08 00:20:39 4,250 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2281326815-2613409842-3194628472-1000_UserData.bin
+ 2009-02-08 00:28:34 4,274 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2281326815-2613409842-3194628472-1000_UserData.bin
- 2009-02-08 00:20:39 70,452 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-08 00:28:34 70,532 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-08 00:20:37 38,548 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-08 00:28:33 38,858 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2005-04-20 894464]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-23 30192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"InkSaver"="c:\program files\InkSaver\InkSaver.exe" [2006-08-28 589824]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-26 c:\windows\RtHDVCpl.exe]

c:\users\Reg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedTester.lnk - c:\users\Reg\AppData\Roaming\Microsoft\Installer\{32729FF3-AD6A-45CC-8E55-E1916420F7F1}\_7EA94809FE219030A883C8.exe [2009-01-29 33610]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\system32\EZUPBH~1.DLL" [2009-01-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mjpg"= pvmjpg30.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FDB8CDD3-8D5A-4259-84DF-B48EEAD94B67}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{B2C899D1-332C-465D-9D99-2B9334545E45}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{14DF0DC8-6864-43F5-A2AA-45D80107B642}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F90DED55-3F1D-41B2-A5D1-FB82BB7E844F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15AE5B2B-8FC8-4208-826B-D87FF9BC1A05}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{AA264E32-AF85-4FF1-AADF-0F1597D65916}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{15F0C08A-1539-4A2A-AB00-81CF19B7B237}c:\\program files\\packard bell\\updator\\pbupdator.exe"= UDP:c:\program files\packard bell\updator\pbupdator.exe:Packard Bell Updator
"UDP Query User{5CA246E7-771C-4702-92F2-2ABA6185EC6D}c:\\program files\\packard bell\\updator\\pbupdator.exe"= TCP:c:\program files\packard bell\updator\pbupdator.exe:Packard Bell Updator
"{5EC5DDF1-95CC-4009-921B-0ED29428A0C7}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{C03CC9F1-0852-4324-BCC2-CF9B853499E9}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{C51224E4-36A0-462D-9012-EF2441104508}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{C87D04F8-C94D-4753-829A-223E3D5D9B2C}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{0EA94986-3389-4BBA-8DA8-E3425609E9AE}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{CDED82D2-EA22-4DEA-A787-F83CD10007A1}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2009-02-07 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-01-19 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-01-29 107272]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-19 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-19 298264]
R2 ETService;Empowering Technology Service;c:\program files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe [2008-10-30 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-07-31 44576]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-30 30192]
S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2009-01-19 110576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{436c037e-e62b-11dd-b0fd-0021979ea0e6}]
\shell\AutoRun\command - I:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-26 c:\windows\Tasks\EasyShare Registration Task.job
- c:\progra~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.9.30.1.sxt _RegistrationOffer@16 []

2009-02-08 c:\windows\Tasks\Recovery DVD Creator-Reg.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-07-07 15:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.orange.co.uk/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=1008&m=imedia_x2416
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 00:31:49
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-08 0:33:13
ComboFix-quarantined-files.txt 2009-02-08 00:33:11
ComboFix2.txt 2009-02-08 00:24:03

Pre-Run: 404,573,351,936 bytes free
Post-Run: 404,540,284,928 bytes free

328 --- E O F --- 2009-02-05 20:16:59

Hello.
Looks good now.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points and remove OTMoveIt from your machine.
How is the machine now?

Hi thanks, but in vista I dont seem to have the run command. Regards Reg

hi sorry did a search & found it. Yes it all seems to be running ok now. What a wonderfull service you have provided I will recomend you to all my friends. Thanks once again Reg

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.