simple observation

gorest fump

Hi. i have been working on a friends laptop to remove malware -which i had achieved thanks to the sticky's (aiden & actor esp.) subsequently i downloaded vundo.fix for some resason and would appreciate if you could advise how i can get rid of it please as it seems to be rubbish. Also, and i hope you don't mind but i will post a dss log (from before i installed vundo) just to see if you can recommend any simple observations for me. Thank you.
I am no pro but would be able to follow instruction.

Best regard's

[the dss linky is not workng right now btw ]

>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<,


Deckard's System Scanner v20071014.68
Run by martin on 2008-08-17 23:14:20
Computer is in Normal Mode.

---

-- Last 5 Restore Point(s) --
10: 2008-08-17 01:10:29 UTC - RP163 - Advanced Registry Optimizer Sun, Aug 17, 08 02:10
9: 2008-08-17 01:02:24 UTC - RP161 - ADVANCED REGISTRY OPTIMIZER - FIRST RUN
8: 2008-08-16 21:18:51 UTC - RP159 - Installed SUPERAntiSpyware Free Edition
7: 2008-08-14 15:36:46 UTC - RP158 - Windows Update
6: 2008-08-13 12:15:08 UTC - RP157 - Windows Update

-- First Restore Point --
1: 2008-08-12 16:44:48 UTC - RP149 - Configured PC VGA Camer@ Plus

Performed disk cleanup.

-- HijackThis Clone

---

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-17 23:14:55
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\System32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
C:\Users\martin\Desktop\dss.exe
C:\Windows\System32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\martin\AppData\Local\Temp\efcbcDSl.dll,c
O4 - HKCU\..\Run: [BM7db19f5f] Rundll32.exe "C:\Users\martin\AppData\Local\Temp\kjrvqrfd.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\System32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13047 bytes
-- File Associations

---

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 TNaviSrv (TOSHIBA Navi Support Service) - c:\program files\toshiba\toshiba dvd player\tnavisrv.exe <Not Verified; TOSHIBA Corporation; TOSHIBA DVD Player>
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>

-- Device Manager: Disabled

---

No disabled devices found.

-- Process Modules

---

C:\Windows\explorer.exe (pid 3724)
2007-01-18 09:30:00 94208 --a

---

C:\Program Files\IDM\Desktop SMS\oehook.dll

-- Scheduled Tasks

---

2008-08-17 21:36:49 420 --ah

---

C:\Windows\Tasks\User_Feed_Synchronization-{E42EDD8A-98E9-4F8E-9719-423BFFC8A057}.job
2008-08-04 20:00:27 548 --a

---

C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - martin.job
2008-03-07 21:47:43 256 --a

---

C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job

-- Files created between 2008-07-17 and 2008-08-17

---

2008-08-17 22:56:44 0 d

---

C:\Users\All Users\TEMP
2008-08-17 22:56:36 0 d

---

C:\Program Files\SpywareBlaster
2008-08-17 02:01:45 0 d

---

C:\Program Files\Advanced Registry Optimizer
2008-08-16 22:21:24 0 d

---

C:\Users\All Users\SUPERAntiSpyware.com
2008-08-16 22:19:37 0 d

---

C:\Program Files\SUPERAntiSpyware
2008-08-16 22:18:16 0 d

---

C:\Program Files\Common Files\Wise Installation Wizard
2008-08-16 22:18:03 0 d

---

C:\Users\All Users\Malwarebytes
2008-08-16 22:18:03 0 d

---

C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 20:37:44 0 d

---

C:\Temp
2008-08-12 17:27:01 0 d

---

C:\Program Files\Common Files\ArcSoft
2008-08-12 17:26:59 11776 --a

---

C:\Windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
2008-08-12 17:26:24 212480 --a

---

C:\Windows\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-08-12 17:26:21 0 d

---

C:\Program Files\ArcSoft
2008-08-12 17:22:44 0 d

---

C:\Program Files\Common Files\PAC7302
2008-08-10 15:00:04 0 --a

---

C:\Windows\nsreg.dat
2008-08-10 14:59:24 0 d

---

C:\Program Files\Common Files\xing shared
2008-08-10 14:59:01 0 d

---

C:\Program Files\Real
2008-08-10 14:58:54 0 d

---

C:\Program Files\Common Files\Real
2008-07-18 19:34:32 586240 --a

---

C:\Windows\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>

-- Find3M Report

---

2008-08-17 23:15:56 0 d

---

C:\Users\martin\AppData\Roaming\LimeWire
2008-08-17 16:59:21 0 d

---

C:\Users\martin\AppData\Roaming\Malwarebytes
2008-08-17 16:18:04 0 d

---

C:\Users\martin\AppData\Roaming\skypePM
2008-08-17 02:02:14 0 d

---

C:\Users\martin\AppData\Roaming\Sammsoft
2008-08-16 22:19:37 0 d

---

C:\Users\martin\AppData\Roaming\SUPERAntiSpyware.com
2008-08-16 22:18:16 0 d

---

C:\Program Files\Common Files
2008-08-16 17:53:02 0 d

---

C:\Users\martin\AppData\Roaming\ArcSoft
2008-08-16 17:36:03 0 d

---

C:\Users\martin\AppData\Roaming\Skype
2008-08-14 16:48:54 0 d

---

C:\Program Files\Windows Mail
2008-08-13 12:58:12 0 d

---

C:\Program Files\Java
2008-08-13 12:39:42 0 d--h

---

C:\Program Files\InstallShield Installation Information
2008-08-10 15:01:05 0 d

---

C:\Users\martin\AppData\Roaming\Talkback
2008-08-10 14:59:59 0 d

---

C:\Users\martin\AppData\Roaming\Mozilla
2008-08-10 14:59:50 0 d

---

C:\Users\martin\AppData\Roaming\Real
2008-07-30 19:30:43 0 d

---

C:\Program Files\Norton Internet Security
2008-07-10 23:21:36 174 --ahs---- C:\Program Files\desktop.ini
2008-06-23 21:49:11 0 d

---

C:\Program Files\LimeWire

-- Registry Dump

---

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
04/07/2008 13:04 2055960 --a

---

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [04/07/2008 13:04 2055960]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/09/2007 18:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [25/05/2007 12:55]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [25/05/2007 12:55]
"Persistence"="C:\Windows\system32\igfxpers.exe" [25/05/2007 12:55]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/08/2007 14:31]
"RtHDVCpl"="RtHDVCpl.exe" [09/08/2007 18:26 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 22:59]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [10/07/2007 09:24]
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [18/06/2007 10:51]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [29/03/2007 10:39]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [03/04/2007 16:52]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [22/05/2007 16:32]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [04/05/2007 12:05]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 18:38]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/07/2008 13:04]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [03/11/2006 11:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/08/2008 14:58]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [30/07/2008 20:07]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/01/2008 19:02]
"TOSCDSPD"="TOSCDSPD.EXE" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:35]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [01/02/2008 17:22]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [29/04/2008 10:45]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\ARO.exe" [09/04/2008 14:22]
"cmds"="C:\Users\martin\AppData\Local\Temp\efcbcDSl.dll,c" []
"BM7db19f5f"="C:\Users\martin\AppData\Local\Temp\kjrvqrfd.dll,s" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [18/06/2008 19:46:56]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@=&quot;Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@=&quot;Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@=&quot;Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=&quot;Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@=&quot;Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@=&quot;Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@=&quot;Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@=&quot;Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@=&quot;Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@=&quot;Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@=&quot;Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@=&quot;Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=&quot;Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@=&quot;IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@=&quot;SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@=&quot;SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1661ab37-b648-11dc-9b1d-0016447f2019}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2144f52-ed13-11dc-b0e2-00a0d18e9514}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-08-17 23:20:01

---

ActorSeeksJob

Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

gorest fump

Thank you Actor.

He no-longer has the vista cd - i notice its possible to download the disk for xp but i can't find the link for vista ?

windows updates wants to install sevice pack 1 . should i leave that unyil after i completed what you have asked ?

Much thanks.

ActorSeeksJob

Don't worry about the recovery console step then

Leave SP1 for the time being

Just go and run ComboFix on the PC

gorest fump

Hi actor . Thanks for all your help so far, I am learning loads.
First will be the combo log followed by a final runscanner log.
I Don't know how you do it, But it is greatly appreciated.

>>>>>>>>>>>>>>>>>>>>>>>>>()<<<<<<<<<<<<<<<<<<<<<<<<<<

ComboFix 08-08-17.05 - martin 2008-08-18 20:02:24.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1018 [GMT 1:00]
Running from: C:\Users\martin\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\MSINET.oca
.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 19:07

---

d

---

w C:\Users\martin\AppData\Roaming\LimeWire
2008-08-18 17:41

---

d

---

w C:\Users\martin\AppData\Roaming\skypePM
2008-08-17 22:08

---

d

---

w C:\Program Files\SpywareBlaster
2008-08-17 21:56

---

d

---

w C:\ProgramData\TEMP
2008-08-17 15:59

---

d

---

w C:\Users\martin\AppData\Roaming\Malwarebytes
2008-08-17 15:59

---

d

---

w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-17 01:02

---

d

---

w C:\Users\martin\AppData\Roaming\Sammsoft
2008-08-17 01:01

---

d

---

w C:\Program Files\Advanced Registry Optimizer
2008-08-16 21:21

---

d

---

w C:\ProgramData\SUPERAntiSpyware.com
2008-08-16 21:19

---

d

---

w C:\Users\martin\AppData\Roaming\SUPERAntiSpyware.com
2008-08-16 21:19

---

d

---

w C:\Program Files\SUPERAntiSpyware
2008-08-16 21:18

---

d

---

w C:\ProgramData\Malwarebytes
2008-08-16 21:18

---

d

---

w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-16 16:53

---

d

---

w C:\Users\martin\AppData\Roaming\ArcSoft
2008-08-16 16:36

---

d

---

w C:\Users\martin\AppData\Roaming\Skype
2008-08-14 15:48

---

d

---

w C:\Program Files\Windows Mail
2008-08-13 11:58

---

d

---

w C:\Program Files\Java
2008-08-13 11:39

---

d--h--w C:\Program Files\InstallShield Installation Information
2008-08-13 11:38

---

d

---

w C:\Program Files\Common Files\PAC7302
2008-08-12 16:27

---

d

---

w C:\Program Files\Common Files\ArcSoft
2008-08-12 16:26

---

d

---

w C:\Program Files\ArcSoft
2008-08-10 14:01

---

d

---

w C:\Users\martin\AppData\Roaming\Talkback
2008-08-10 13:59

---

d

---

w C:\Program Files\Real
2008-08-10 13:59

---

d

---

w C:\Program Files\Common Files\xing shared
2008-08-10 13:59

---

d

---

w C:\Program Files\Common Files\Real
2008-08-04 21:56

---

d

---

w C:\ProgramData\Symantec
2008-07-30 19:07 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-07-30 19:07 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-30 18:30

---

d

---

w C:\Program Files\Norton Internet Security
2008-07-30 16:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-07-30 16:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-07-30 16:28 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-07-18 18:34 586,240 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 22:21 174 --sha-w C:\Program Files\desktop.ini
2008-07-04 12:05 69,128 ----a-w C:\Windows\system32\drivers\avgwfpx.sys
2008-07-04 12:04 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2008-07-04 12:04 10,520 ----a-w C:\Windows\System32\avgrsstx.dll
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-23 20:49

---

d

---

w C:\Program Files\LimeWire
2008-06-19 03:25 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-06-19 03:25 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-19 03:25 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-06-19 03:25 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-04-29 10:29 32 ----a-w C:\Users\All Users\ezsid.dat
2008-04-29 10:29 32 ----a-w C:\ProgramData\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 19:02 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-29 10:45 171448]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\ARO.exe" [2008-04-09 14:22 2135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-05-25 12:55 142104]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-05-25 12:55 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-05-25 12:55 138008]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 14:31 102400]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 09:24 581632]
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 10:51 1507328]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 12:05 571024]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 13:04 1232152]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-10 14:58 185896]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-07-30 20:07 1187448]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 18:26 4702208 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-18 19:46:56 147456]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{ECF230E8-D632-4800-AD77-C2E5F9009F3F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{42A5D0BE-E4BB-4352-B4EA-81458BB8C1EB}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{31CEB947-C30D-4346-9C33-9B3010971E38}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"TCP Query User{F33DA72B-11A8-47D4-B511-C7CF5DAE7B65}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{CC134A12-E5D5-43F9-A46B-B9BDB43CC614}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{1830C90F-1A52-45C4-BC38-10D5A0817A50}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{F0753729-04BD-401D-ABBD-EEB4B39CB1D3}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{FA9E0331-4C2F-4ECE-9E2B-D97D1E52A378}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{27B6A537-5A7C-4B86-875F-90918E142E11}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-04 13:04]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080331.001\IDSvix86.sys [2008-02-13 17:18]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 13:04]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 13:04]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-07-04 13:05]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 14:11]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-06-01 12:07]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 14:39]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-01-09 10:00]
S3 PAC207;Trust WB-1400T Webcam;C:\Windows\system32\DRIVERS\PFC027.SYS [2007-05-14 10:26]
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-03-07 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
2008-08-18 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - martin.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 02:09]
2008-08-18 C:\Windows\Tasks\User_Feed_Synchronization-{E42EDD8A-98E9-4F8E-9719-423BFFC8A057}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 10:45]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE

.

---

Supplementary Scan

---

.
FireFox -: Profile - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\cjlvp91t.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
.

---

File Associations (Beta)

---

.
VBEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
VBSFile="%SystemRoot%\System32\WScript.exe" "%1" %*
vbefile\shell\open\command="%SystemRoot%\System32\WScript.exe" "%1" %*
vbsfile\shell\open\command="%SystemRoot%\System32\WScript.exe" "%1" %*
jsefile\shell\open\command=%SystemRoot%\System32\WScript.exe "%1" %*
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 20:06:51
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-18 20:08:52
ComboFix-quarantined-files.txt 2008-08-18 19:08:44
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 35,433,111,552 bytes free
196 --- E O F --- 2008-08-18 18:09:32

NOW THE RUNSCANNER LOG

>>>>>>>>>>>>>>>>>>>>()<<<<<<<<<<<<<<<<<<<<<<


Runscanner logfile http://www.runscanner.net
* = signed file
- = file not found
General info

---

Computer name : MARTIN-PC
Creation time : 18/08/2008 20:24:29
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.6000.16711
OS : Windows Vista (TM) Home Premium
OS Build : 6000
OS SP :
RunScanner Version : 1.7.0.0
User Language : English (Ireland)
User rights : Administrator
Windows folder : C:\Windows
Running processes

---

* C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe (Adobe Systems, Inc.)
* C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
* C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
* C:\PROGRA~1\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
* C:\PROGRA~1\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
* C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
* C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
* C:\Windows\system32\csrss.exe (Microsoft Corporation)
* C:\Windows\system32\csrss.exe (Microsoft Corporation)
* C:\Windows\system32\conime.exe (Microsoft Corporation)
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
* C:\Windows\system32\Dwm.exe (Microsoft Corporation)
* C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
* C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
* C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
* C:\Windows\System32\hkcmd.exe (Intel Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\igfxsrvc.exe (Intel Corporation)
* C:\Windows\System32\igfxtray.exe (Intel Corporation)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
* C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
* C:\Windows\system32\lsass.exe (Microsoft Corporation)
* C:\Windows\system32\lsm.exe (Microsoft Corporation)
* C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
* C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
* C:\Windows\system32\SLsvc.exe (Microsoft Corporation)
* C:\Windows\system32\SearchFilterHost.exe (Microsoft Corporation)
* C:\Windows\system32\SearchIndexer.exe (Microsoft Corporation)
* C:\Windows\system32\SearchProtocolHost.exe (Microsoft Corporation)
* C:\Windows\System32\igfxpers.exe (Intel Corporation)
* C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
* C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
* C:\Users\martin\Desktop\runscanner\RunScanner.exe (Runscanner.net)
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
* C:\Windows\system32\services.exe (Microsoft Corporation)
C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
* C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
* C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
* C:\Windows\System32\spoolsv.exe (Microsoft Corporation)
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
* C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
* C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
* C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
* C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
* C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
* C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
* C:\Windows\system32\taskeng.exe (Microsoft Corporation)
* C:\Windows\system32\taskeng.exe (Microsoft Corporation)
C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation)
* C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
* C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
* C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
* C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
* C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
* C:\Windows\system32\audiodg.exe (Microsoft Corporation)
* C:\Windows\Explorer.exe (Microsoft Corporation)
* C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
* C:\Windows\system32\winlogon.exe (Microsoft Corporation)
* C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
* C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\Windows\system32\wininit.exe (Microsoft Corporation)
* C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe (Microsoft Corporation)
Unrated items

---

002 * C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
002 C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
002 * C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
002 C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
002 * C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
002 * C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
003 C:\Program Files\Advanced Registry Optimizer\ARO.exe (Sammsoft)
003 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
004 C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
005 C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
006 C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
007 C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
010 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (ConfigFree Service)
010 C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Navi Support Service)
010 C:\Windows\system32\TODDSrv.exe (TOSHIBA Optical Disc Drive Service)
010 * C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Power Saver)
010 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Burning Helper)
011 C:\Windows\system32\drivers\Afc.sys (PPdus ASPI Shell)
011 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV)
011 C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SASENUM)
011 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL)
011 * C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics TouchPad Driver)
031 C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) {E1D2BF42-A96B-11D1-9C6B-0000F875AC61}
031 C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) {E1D2BF42-A96B-11D1-9C6B-0000F875AC61}
031 C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) {E1D2BF40-A96B-11D1-9C6B-0000F875AC61}
042 GUID / CLSID not found {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
042 GUID / CLSID not found {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
042 GUID / CLSID not found {77BF5300-1474-4EC7-9980-D32B190E9B07}
050 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
052 GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045}
061 C:\PROGRA~1\MICROS~2\Office\MLSHEXT.DLL (Microsoft Corporation) {00020d75-0000-0000-c000-000000000046}
061 C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL (Microsoft Corporation) {0006F045-0000-0000-C000-000000000046}
061 C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {BDEADF00-C265-11d0-BCED-00A0C90AB50F}
062 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
067 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
100 SearchUrl HKCU : http://home.microsoft.com/access/autosearch.asp?p=%s
100 Start Page HKCU : http://www.yahoo.com/
105 &Windows Live Search : res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
105 Add to Windows &Live Favorites : http://favorites.live.com/quickadd.aspx
173 GUID / CLSID not found
173 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
221 GUID / CLSID not found
221 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
227 GUID / CLSID not found
227 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
231 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info
Missing files

---

002 NDSTray.exe
011 c:\windows\system32\drivers\blbdrive.sys
011 C:\ComboFix\catchme.sys
011 c:\windows\system32\DRIVERS\ipinip.sys
011 c:\windows\system32\DRIVERS\nwlnkflt.sys
011 c:\windows\system32\DRIVERS\nwlnkfwd.sys
032 rdpclip
042 http:
042 http:

ActorSeeksJob

Looking good

Can you zip the .run file and upload it here

gorest fump

HI Actor , The guy is happy simply with having his internet access back !
So i wont be able to continue. Well if his computer crashes in the future we have done all we can. Much, much thanks to you actor.