Several problems with this laptop.
A message box "the instrruction at 0x00000000 '0x00000000' referenced memory" occurred every time a program tried to run. Also a spooler error.
I restored the system back to beginning of December via safe mode, and that seemed to cure the memory errors. Ran malwarebytes and found 15 viruses (including trojans). Installed AVG 2011. Ran AVG scan, and Malwarebytes which showed up more viruses.
Now got the laptop to a state that I could run D-A-L instructions, and I have attached logs.
Any advice much appreciated.

alwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5471

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2011-01-07 11:58:08
mbam-log-2011-01-07 (11-58-07).txt

Scan type: Quick scan
Objects scanned: 148719
Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo rer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo rer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Value: UID -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-01-07 13:39:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2100AH_PL rev.004200A0
Running: m4t0f8hw.exe; Driver: C:\DOCUME~1\CATHER~1\LOCALS~1\Temp\uftcypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xEB6086C0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xEB608770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xEB608810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xEB6088B0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR

---- EOF - GMER 1.0.15 ----


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 145):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7BE4000 \WINDOWS\system32\KDCOM.DLL
0xF7AF4000 \WINDOWS\system32\BOOTVID.dll
0xF7695000 ACPI.sys
0xF7BE6000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7684000 pci.sys
0xF76E4000 isapnp.sys
0xF7AF8000 compbatt.sys
0xF7AFC000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7CAC000 pciide.sys
0xF7964000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7666000 pcmcia.sys
0xF76F4000 MountMgr.sys
0xF7647000 ftdisk.sys
0xF7BE8000 dmload.sys
0xF7621000 dmio.sys
0xF7B00000 ACPIEC.SYS
0xF7CAD000 \WINDOWS\SYSTEM32\DRIVERS\OPRGHDLR.SYS
0xF796C000 PartMgr.sys
0xF7704000 VolSnap.sys
0xF7609000 atapi.sys
0xF7714000 disk.sys
0xF7724000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF75E9000 fltmgr.sys
0xF75D7000 sr.sys
0xF75C0000 KSecDD.sys
0xF7533000 Ntfs.sys
0xF7506000 NDIS.sys
0xF74A7000 timntr.sys
0xF747B000 VVBackd5.sys
0xF7460000 snapman.sys
0xF7734000 RITCPT.sys
0xF7446000 Mup.sys
0xF7974000 avgrkx86.sys
0xF7744000 AVGIDSEH.Sys
0xF7784000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7356000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6991000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF697D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7A84000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6959000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A8C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7794000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7A94000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xF77A4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77B4000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6936000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A9C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF690E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF77C4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF734E000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0xF7AA4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF68DF000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7C0A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7AAC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF68CB000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF6845000 \SystemRoot\system32\DRIVERS\ar5211.sys
0xF6831000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF7AB4000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF77D4000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF67E5000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF7DF9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77E4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF733E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF67A6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77F4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7804000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7ABC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6795000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7814000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7AC4000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7ACC000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6765000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7824000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7C0C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6707000 \SystemRoot\system32\DRIVERS\update.sys
0xF7322000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6BA4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF6B74000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xEE557000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7AD4000 \SystemRoot\System32\Drivers\Modem.SYS
0xEE121000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xEE0FD000 \SystemRoot\system32\drivers\portcls.sys
0xF6B64000 \SystemRoot\system32\drivers\drmk.sys
0xEE0E6000 \SystemRoot\system32\drivers\SamsungEDS.sys
0xF6B34000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF79A4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7E06000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7E09000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF7C14000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7E10000 \SystemRoot\System32\Drivers\Null.SYS
0xF7C16000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79B4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF79BC000 \SystemRoot\System32\drivers\vga.sys
0xF7C18000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C1A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79C4000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79CC000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF73FE000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE0B3000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE05A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEDFEA000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xEDFC4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF6B24000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEDF9C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEDF7A000 \SystemRoot\System32\drivers\afd.sys
0xF6B14000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDF4F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDEDF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7834000 \SystemRoot\System32\Drivers\Fips.SYS
0xEDEA3000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF79DC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF67C9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7844000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF67BD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7864000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEDD4B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C1E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEDDD7000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79F4000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CDD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF055000 \SystemRoot\System32\ati2cqag.dll
0xBF094000 \SystemRoot\System32\atikvmag.dll
0xBF0CA000 \SystemRoot\System32\ati3duag.dll
0xBF355000 \SystemRoot\System32\ativvaxx.dll
0xF7A0C000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xF7E27000 \??\C:\WINDOWS\system32\MEMIO.SYS
0xEBB43000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEB8C6000 \SystemRoot\system32\drivers\wdmaud.sys
0xEBA23000 \SystemRoot\system32\drivers\sysaudio.sys
0xEB0A1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEB606000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xF7C8C000 \??\C:\WINDOWS\system32\drivers\FBAPI.sys
0xEB6EF000 \SystemRoot\System32\Drivers\HTTP.sys
0xF72B6000 \SystemRoot\system32\DRIVERS\srv.sys
0xEB4BE000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xF7132000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xBA2E5000 \??\C:\DOCUME~1\CATHER~1\LOCALS~1\Temp\uftcypow.sy s
0xF7C46000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
0xB9B36000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
656 C:\WINDOWS\system32\smss.exe
860 csrss.exe
900 C:\WINDOWS\system32\winlogon.exe
944 C:\WINDOWS\system32\services.exe
956 C:\WINDOWS\system32\lsass.exe
1124 C:\WINDOWS\system32\ati2evxx.exe
1140 C:\WINDOWS\system32\svchost.exe
1204 svchost.exe
1244 C:\WINDOWS\system32\svchost.exe
1332 svchost.exe
1364 svchost.exe
1628 C:\WINDOWS\system32\spoolsv.exe
1812 C:\WINDOWS\system32\ati2evxx.exe
1948 C:\WINDOWS\explorer.exe
456 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
464 C:\Program Files\Java\jre6\bin\jusched.exe
472 C:\WINDOWS\SM1bg.exe
480 C:\WINDOWS\RTHDCPL.exe
500 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
520 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
528 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
568 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIA BE.EXE
560 C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
1084 C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
1312 C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
1060 C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe
1392 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
1416 C:\WINDOWS\AGRSMMSG.exe
1424 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
1464 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
1476 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
1488 C:\Program Files\Samsung\DisplayManager\dmhkcore.exe
1724 C:\Program Files\iTunes\iTunesHelper.exe
1780 C:\Program Files\AVG\AVG10\avgtray.exe
1796 C:\WINDOWS\system32\ctfmon.exe
1840 C:\Program Files\Messenger\msmsgs.exe
2296 C:\Program Files\Logitech\SetPoint\SetPoint.exe
2560 C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
2568 C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
2744 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
3188 svchost.exe
3224 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
3244 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3260 C:\Program Files\AVG\AVG10\avgwdsvc.exe
3316 C:\Program Files\Bonjour\mDNSResponder.exe
3360 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
3456 C:\Program Files\Java\jre6\bin\jqs.exe
3564 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3740 C:\Program Files\Samsung\Samsung Network Manager\SNMWLANService.exe
3832 C:\WINDOWS\system32\svchost.exe
3936 wdfmgr.exe
2040 C:\Program Files\Canon\CAL\CALMAIN.exe
3644 C:\Program Files\iPod\bin\iPodService.exe
1000 alg.exe
3624 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
3088 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
5324 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
5616 C:\Program Files\AVG\AVG10\avgemcx.exe
5708 C:\Program Files\AVG\AVG10\avgnsx.exe
5728 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
4756 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
5820 C:\Program Files\AVG\AVG10\avgcsrvx.exe
4524 C:\Program Files\Internet Explorer\iexplore.exe
3368 C:\Program Files\Internet Explorer\iexplore.exe
4184 C:\Program Files\Internet Explorer\iexplore.exe
1080 C:\Documents and Settings\Catherine Haigh\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2100AHPL, Rev: 004200A0

Size Device Name MBR Status
--------------------------------------------
86 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


DDS (Ver_10-12-12.02) - NTFSx86
Run by Catherine Haigh at 13:43:46.87 on 2011-01-07
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.166 [GMT 0:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA BE.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Samsung\DisplayManager\dmhkcore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Catherine Haigh\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Google Update] "c:\documents and settings\catherine haigh\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RestoreIT!] "c:\program files\phoenix technologies ltd\recoverpro_xp\VBPTASK.EXE" VBStart
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [farstone]
mRun: [EPSON Stylus D88 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATIA BE.EXE /P32 "EPSON Stylus D88 Series (Copy 1)" /O6 "USB001" /M "Stylus D88"
mRun: [EPSON Stylus D88 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIA BE.EXE /P23 "EPSON Stylus D88 Series" /O7 "printer" /M "Stylus D88"
mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe
mRun: [DMHotKey] c:\program files\samsung\displaymanager\DMLoader.exe
mRun: [DisplayManager] c:\program files\samsung\displaymanager\DisplayManager.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [AVStation Premium 3.75] c:\program files\samsung\avstation premium 3.75\AVSAgent.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ado ber~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\log ite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: msn
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGI DSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.S YS [2006-8-31 43512]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBa ckd5.sys [2007-9-5 183159]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2006-8-31 4300]
R2 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [2006-8-31 5088]
R2 SNM WLAN Service;SNM WLAN Service;c:\program files\samsung\samsung network manager\SNMWLANService.exe [2005-5-28 36864]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\driv ers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\driv ers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\ AVGIDSShim.sys [2010-8-19 26192]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\ SamsungEDS.SYS [2006-3-29 27648]
S1 otgrxwxn;otgrxwxn;\??\c:\windows\system32\drivers\ otgrxwxn.sys --> c:\windows\system32\drivers\otgrxwxn.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\toolbarbroker.exe --> c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [?]
S3 SSB2413;SSB2413 Wireless Network Adapter Service;c:\windows\system32\drivers\SSB2413.sys [2006-8-31 470112]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2008-1-28 19840]

=============== Created Last 30 ================

2011-01-06 21:23:06 794 ----a-w- c:\windows\system32\drivers\nlqjawco.dat
2011-01-06 21:22:47 11648 ----a-w- c:\windows\system32\drivers\ACPIEC.SYS
2011-01-06 20:24:48 -------- d-----w- c:\docume~1\cather~1\locals~1\applic~1\Temp
2011-01-06 20:24:31 -------- d-----w- c:\docume~1\cather~1\locals~1\applic~1\Google
2011-01-06 19:48:52 -------- d-----w- c:\docume~1\cather~1\applic~1\AVG10
2011-01-06 19:47:13 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-01-06 19:45:00 -------- d-----w- c:\windows\system32\drivers\AVG
2011-01-06 19:45:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-01-06 19:42:58 -------- d-----w- c:\windows\system32\MpEngineStore
2011-01-06 19:13:27 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-06 19:12:44 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-06 18:29:47 -------- d--h--w- C:\$AVG
2011-01-06 14:05:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-01-06 14:03:46 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-01-06 14:03:46 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-01-06 14:00:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-06 14:00:09 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-06 13:26:29 -------- d-----w- C:\spoolerlogs
2010-12-18 14:09:03 -------- d-----w- c:\program files\MyOffice.NET
2010-12-10 08:51:37 -------- d--h--w- c:\windows\system32\GroupPolicy

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2003-08-27 14:19:18 36963 -c--a-r- c:\program files\common files\SM1updtr.dll

============= FINISH: 13:44:42.89 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2007-02-21 04:22:47
System Uptime: 2011-01-07 12:18:10 (1 hours ago)

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R40/R41
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | U2E1 | 1666/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 77 GiB total, 57.511 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1036: 2010-10-10 09:29:42 - System Checkpoint
RP1037: 2010-10-11 10:23:37 - System Checkpoint
RP1038: 2010-10-12 10:34:07 - System Checkpoint
RP1039: 2010-10-13 11:24:42 - System Checkpoint
RP1040: 2010-10-14 14:23:10 - System Checkpoint
RP1041: 2010-10-15 03:00:18 - Software Distribution Service 3.0
RP1042: 2010-10-16 07:31:31 - System Checkpoint
RP1043: 2010-10-17 08:57:53 - System Checkpoint
RP1044: 2010-10-18 09:59:33 - System Checkpoint
RP1045: 2010-10-19 10:51:38 - System Checkpoint
RP1046: 2010-10-20 10:57:13 - System Checkpoint
RP1047: 2010-10-21 16:46:27 - System Checkpoint
RP1048: 2010-10-22 19:03:40 - System Checkpoint
RP1049: 2010-10-23 19:40:50 - System Checkpoint
RP1050: 2010-10-24 20:40:50 - System Checkpoint
RP1051: 2010-10-25 20:59:51 - System Checkpoint
RP1052: 2010-10-26 21:27:42 - System Checkpoint
RP1053: 2010-10-27 23:07:51 - System Checkpoint
RP1054: 2010-10-28 23:46:31 - System Checkpoint
RP1055: 2010-10-30 09:32:11 - System Checkpoint
RP1056: 2010-10-31 08:45:26 - System Checkpoint
RP1057: 2010-11-01 09:31:20 - System Checkpoint
RP1058: 2010-11-02 14:41:24 - System Checkpoint
RP1059: 2010-11-03 16:20:52 - System Checkpoint
RP1060: 2010-11-04 17:30:17 - System Checkpoint
RP1061: 2010-11-05 19:35:24 - System Checkpoint
RP1062: 2010-11-06 19:55:20 - System Checkpoint
RP1063: 2010-11-07 20:34:24 - System Checkpoint
RP1064: 2010-11-09 1014 - System Checkpoint
RP1065: 2010-11-10 08:13:09 - Software Distribution Service 3.0
RP1066: 2010-11-11 08:34:08 - System Checkpoint
RP1067: 2010-11-12 08:35:52 - System Checkpoint
RP1068: 2010-11-13 09:09:15 - System Checkpoint
RP1069: 2010-11-14 10:18:28 - System Checkpoint
RP1070: 2010-11-15 10:55:13 - System Checkpoint
RP1071: 2010-11-16 17:41:34 - System Checkpoint
RP1072: 2010-11-17 18:58:46 - System Checkpoint
RP1073: 2010-11-18 19:39:23 - System Checkpoint
RP1074: 2010-11-19 23:04:42 - System Checkpoint
RP1075: 2010-11-20 23:16:04 - System Checkpoint
RP1076: 2010-11-22 00:16:27 - System Checkpoint
RP1077: 2010-11-23 01:04:25 - System Checkpoint
RP1078: 2010-11-24 02:04:24 - System Checkpoint
RP1079: 2010-11-25 08:57:24 - System Checkpoint
RP1080: 2010-11-26 10:08:34 - System Checkpoint
RP1081: 2010-11-27 14:32:03 - System Checkpoint
RP1082: 2010-11-28 15:13:51 - System Checkpoint
RP1083: 2010-11-29 15:46:39 - System Checkpoint
RP1084: 2010-11-30 16:13:51 - System Checkpoint
RP1085: 2010-12-01 17:17:22 - System Checkpoint
RP1086: 2010-12-02 1758 - System Checkpoint
RP1087: 2010-12-03 18:23:02 - System Checkpoint
RP1088: 2010-12-04 1957 - System Checkpoint
RP1089: 2010-12-05 23:57:42 - System Checkpoint
RP1090: 2010-12-07 17:44:30 - System Checkpoint
RP1091: 2010-12-09 0033 - System Checkpoint
RP1092: 2010-12-10 0906 - System Checkpoint
RP1093: 2010-12-11 10:14:56 - System Checkpoint
RP1094: 2010-12-13 23:02:29 - System Checkpoint
RP1095: 2010-12-14 23:45:20 - System Checkpoint
RP1096: 2010-12-16 02:48:55 - System Checkpoint
RP1097: 2010-12-17 08:03:47 - System Checkpoint
RP1098: 2010-12-18 08:50:26 - System Checkpoint
RP1099: 2010-12-18 14:09:01 - Installed MyOffice.NET
RP1100: 2010-12-19 14:50:23 - System Checkpoint
RP1101: 2010-12-21 09:06:02 - System Checkpoint
RP1102: 2010-12-22 10:02:33 - System Checkpoint
RP1103: 2010-12-23 10:08:53 - System Checkpoint
RP1104: 2010-12-25 1506 - System Checkpoint
RP1105: 2010-12-26 16:13:22 - System Checkpoint
RP1106: 2011-01-02 13:54:52 - System Checkpoint
RP1107: 2011-01-03 14:07:37 - System Checkpoint
RP1108: 2011-01-04 14:44:40 - System Checkpoint
RP1109: 2011-01-06 13:59:13 - Restore Operation
RP1110: 2011-01-06 14:45:28 - Removed AVG Free 8.5
RP1111: 2011-01-06 18:28:04 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP1112: 2011-01-06 18:28:22 - Installed AVG 2011
RP1113: 2011-01-06 18:29:47 - Removed AVG Free 8.5
RP1114: 2011-01-06 18:30:03 - Removed AVG 2011
RP1115: 2011-01-06 18:46:55 - Avg8 Update
RP1116: 2011-01-06 18:48:07 - Avg8 Update
RP1117: 2011-01-06 19:01:05 - Removed AVG Free 8.5
RP1118: 2011-01-06 19:01:26 - Removed Logitech Desktop Messenger
RP1119: 2011-01-06 19:24:31 - Software Distribution Service 3.0
RP1120: 2011-01-06 19:44:38 - Installed AVG 2011

==== Installed Programs ======================

Acronis*True*Image*Home
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros WLAN Client
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
AVG 2011
AVStation Premium 3.75
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities ZoomBrowser EX
CCleaner
Citrix Presentation Server Client
Cypress USB Mass Storage Driver Installation
DisplayManager
EasyBox
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan Assistant
EPSON Web-To-Page
ESPR240 User's Guide
FinePixViewer Ver.4.3
FUJIFILM USB Driver
Google Chrome
High Definition Audio Driver Package - KB888111
HMRC Employer CD-ROM 2009
HMRC Employer CD-ROM 2010 - April Update 2.0.3
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PROSet/Wireless Software
iTunes
J2SE Runtime Environment 5.0
Java(TM) 6 Update 11
LightScribe 1.4.67.1
Logitech SetPoint
Magic Doctor
Magic Keyboard
Malwarebytes' Anti-Malware
Management Center
mDriver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH® Jukebox
Napster
PowerDVD
PowerStarter
QuickTime
RAW FILE CONVERTER LE
Realtek High Definition Audio Driver
Recover Pro
Roxio Burn Engine
Safari
Samsung Battery Manager
Samsung EDS
Samsung Network Manager 2.0
Samsung Update Plus
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SENS LT56ADW Modem
Synaptics Pointing Device Driver
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Adapter FX (SM1)
User's Guide
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

2011-01-07 11:45:35, error: Service Control Manager [7034] - The Samsung Update Plus service terminated unexpectedly. It has done this 1 time(s).
2011-01-06 19:40:42, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2011-01-06 19:35:23, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2011-01-06 19:28:36, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2011-01-06 19:26:36, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2011-01-06 19:24:39, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2011-01-06 19:22:43, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2011-01-06 1924, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Print Spooler service, but this action failed with the following error: An instance of the service is already running.
2011-01-06 19:20:24, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2011-01-06 19:11:12, error: Service Control Manager [7034] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s).
2011-01-06 19:03:23, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
2011-01-06 16:04:26, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 001377335954 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
2011-01-06 15:59:43, error: Dhcp [1002] - The IP address lease 192.168.0.5 for the Network Card with network address 001377335954 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
2011-01-06 14:36:32, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
2011-01-06 14:08:27, error: Service Control Manager [7034] - The SNM WLAN Service service terminated unexpectedly. It has done this 1 time(s).
2011-01-06 14:08:27, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
2011-01-06 14:08:27, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2011-01-06 14:08:27, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
2011-01-06 14:08:27, error: Service Control Manager [7034] - The EPSON V3 Service4(01) service terminated unexpectedly. It has done this 1 time(s).
2011-01-06 14:08:27, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
2011-01-06 14:08:27, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
2011-01-06 14:08:27, error: Service Control Manager [7034] - The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
2011-01-06 14:08:26, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
2011-01-06 14:08:26, error: Service Control Manager [7034] - The Acronis Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).
2011-01-06 14:08:26, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2011-01-06 14:08:26, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2011-01-06 13:57:23, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
2011-01-06 1331, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2011-01-06 1316, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2011-01-06 1301, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
2011-01-06 1301, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
2011-01-06 13:31:24, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2011-01-06 13:26:35, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2011-01-06 1341, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0016E3A3C8FF has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== ==========================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

2011/01/08 10:17:12.0640 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/08 10:17:12.0640 ================================================== ==============================
2011/01/08 10:17:12.0640 SystemInfo:
2011/01/08 10:17:12.0640
2011/01/08 10:17:12.0640 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/08 10:17:12.0656 Product type: Workstation
2011/01/08 10:17:12.0656 ComputerName: CATHERINE
2011/01/08 10:17:12.0656 UserName: Catherine Haigh
2011/01/08 10:17:12.0656 Windows directory: C:\WINDOWS
2011/01/08 10:17:12.0656 System windows directory: C:\WINDOWS
2011/01/08 10:17:12.0656 Processor architecture: Intel x86
2011/01/08 10:17:12.0656 Number of processors: 2
2011/01/08 10:17:12.0656 Page size: 0x1000
2011/01/08 10:17:12.0656 Boot type: Normal boot
2011/01/08 10:17:12.0656 ================================================== ==============================
2011/01/08 10:17:13.0046 Initialize success
2011/01/08 10:17:23.0046 ================================================== ==============================
2011/01/08 10:17:23.0046 Scan started
2011/01/08 10:17:23.0046 Mode: Manual;
2011/01/08 10:17:23.0046 ================================================== ==============================
2011/01/08 10:17:24.0125 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/08 10:17:24.0218 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.SYS
2011/01/08 10:17:24.0343 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/08 10:17:24.0453 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/08 10:17:24.0671 AgereSoftModem (90456051c422e09bc36e6340dd891f0c) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/01/08 10:17:25.0125 AR5211 (89873aebbf0309393f0737e26d891209) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/01/08 10:17:25.0406 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/08 10:17:25.0500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/08 10:17:25.0671 ati2mtag (d371d3f40051a1f602c85cef5c787d76) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/01/08 10:17:25.0859 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/08 10:17:26.0031 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/08 10:17:26.0140 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/01/08 10:17:26.0234 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/01/08 10:17:26.0265 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/01/08 10:17:26.0328 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/01/08 10:17:26.0390 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/01/08 10:17:26.0484 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/01/08 10:17:26.0562 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/01/08 10:17:26.0609 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/01/08 10:17:26.0687 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/08 10:17:26.0781 BTWUSB (d2fc32f56b04847094eba46c2d3ae531) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/01/08 10:17:26.0921 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/08 10:17:27.0015 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/08 10:17:27.0078 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/08 10:17:27.0156 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/01/08 10:17:27.0218 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/01/08 10:17:27.0265 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/08 10:17:27.0359 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/08 10:17:27.0406 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/08 10:17:27.0562 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/08 10:17:27.0671 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/08 10:17:27.0796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/08 10:17:27.0875 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/08 10:17:28.0000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/08 10:17:28.0093 DNSeFilter (459a946c0766aa3d342d0f0ded90cf8d) C:\WINDOWS\system32\drivers\SamsungEDS.sys
2011/01/08 10:17:28.0187 DOSMEMIO (8a4cb9438571814b128b6dc30d698064) C:\WINDOWS\system32\MEMIO.SYS
2011/01/08 10:17:28.0312 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/01/08 10:17:28.0406 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/08 10:17:28.0531 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/08 10:17:28.0640 FBAPI (47c5ac0b87567b0876081183de9a4704) C:\WINDOWS\system32\drivers\FBAPI.sys
2011/01/08 10:17:28.0687 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/08 10:17:28.0718 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/08 10:17:28.0750 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/08 10:17:28.0812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/08 10:17:28.0859 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/08 10:17:28.0937 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/08 10:17:29.0062 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/08 10:17:29.0156 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/08 10:17:29.0250 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/08 10:17:29.0281 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/08 10:17:29.0390 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/08 10:17:29.0468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/08 10:17:29.0500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/08 10:17:29.0843 IntcAzAudAddService (2389f12f0ed506176b7c29c8144cea09) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/01/08 10:17:30.0140 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/08 10:17:30.0218 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/08 10:17:30.0312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/08 10:17:30.0453 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/08 10:17:30.0500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/08 10:17:30.0546 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/08 10:17:30.0609 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/08 10:17:30.0718 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/08 10:17:30.0843 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/08 10:17:30.0953 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/08 10:17:31.0015 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/08 10:17:31.0171 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/08 10:17:31.0250 L8042Kbd (702e5ffd2dd24b4b00f798953320fc20) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/01/08 10:17:31.0359 LHidKe (04540f5b4c0760bf6d78311b04439afa) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
2011/01/08 10:17:31.0437 LHidUsbK (1c9414f926e5a8546a58b0e8e1bc5ddc) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
2011/01/08 10:17:31.0531 LMouKE (d98216e171e82524d0b9d8f13f7c96ea) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/01/08 10:17:31.0593 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/08 10:17:31.0671 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/08 10:17:31.0781 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/08 10:17:31.0890 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/08 10:17:31.0953 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/08 10:17:32.0078 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/08 10:17:32.0187 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/08 10:17:32.0343 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/08 10:17:32.0375 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/08 10:17:32.0453 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/08 10:17:32.0546 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/08 10:17:32.0656 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/08 10:17:32.0703 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/08 10:17:32.0812 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/01/08 10:17:33.0000 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/08 10:17:33.0062 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/08 10:17:33.0093 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/08 10:17:33.0125 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/08 10:17:33.0218 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/08 10:17:33.0312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/08 10:17:33.0406 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/08 10:17:33.0531 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/08 10:17:33.0609 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/08 10:17:33.0734 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/08 10:17:33.0812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/08 10:17:33.0859 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/08 10:17:33.0937 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/01/08 10:17:33.0968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/08 10:17:34.0046 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/08 10:17:34.0078 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/08 10:17:34.0125 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/08 10:17:34.0156 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/01/08 10:17:34.0390 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/08 10:17:34.0546 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/08 10:17:34.0625 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/08 10:17:34.0937 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/08 10:17:34.0968 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/08 10:17:35.0000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/08 10:17:35.0046 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/08 10:17:35.0125 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/08 10:17:35.0187 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/08 10:17:35.0250 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/08 10:17:35.0421 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/08 10:17:35.0515 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/08 10:17:35.0656 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/01/08 10:17:35.0687 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/01/08 10:17:35.0750 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/01/08 10:17:35.0828 RITCPT (f76971070b64a4e7ea3da23b772ca356) C:\WINDOWS\system32\drivers\RITCPT.sys
2011/01/08 10:17:35.0937 RTL8023xp (7988bfe882bcd94199225b5c3482f1bd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/01/08 10:17:36.0000 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/01/08 10:17:36.0156 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/01/08 10:17:36.0250 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/08 10:17:36.0390 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/08 10:17:36.0484 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/08 10:17:36.0546 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/01/08 10:17:36.0640 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/01/08 10:17:36.0750 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/08 10:17:36.0859 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/01/08 10:17:36.0937 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/08 10:17:36.0968 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/08 10:17:37.0078 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/08 10:17:37.0171 SSB2413 (50f32945c148d5a866c1f55bd89097e5) C:\WINDOWS\system32\DRIVERS\SSB2413.sys
2011/01/08 10:17:37.0312 SUEPD (c0137b5947ae3d3fc1c17ba6fdfb3dad) C:\WINDOWS\system32\DRIVERS\SUE_PD.sys
2011/01/08 10:17:37.0468 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/08 10:17:37.0546 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/08 10:17:37.0765 SynTP (91ce9afbbd011ff6b0ae15ee3a62edcc) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/01/08 10:17:37.0859 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/08 10:17:38.0015 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/08 10:17:38.0156 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/08 10:17:38.0234 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/08 10:17:38.0312 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/08 10:17:38.0406 tifsfilter (d352fff2a623b916c08ceacbfc8b5c32) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/01/08 10:17:38.0453 timounter (64694b2a5c772e1c61feac300ed90ca6) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/01/08 10:17:38.0593 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/08 10:17:38.0765 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/08 10:17:38.0906 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/08 10:17:39.0062 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/08 10:17:39.0187 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/08 10:17:39.0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/08 10:17:39.0375 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/01/08 10:17:39.0453 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/08 10:17:39.0500 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/08 10:17:39.0531 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/08 10:17:39.0578 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/08 10:17:39.0656 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/08 10:17:39.0718 VVBackd5 (f27235b5cc6d457a9e39f8fad3366ee3) C:\WINDOWS\system32\drivers\VVBackd5.sys
2011/01/08 10:17:39.0796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/08 10:17:39.0859 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/08 10:17:40.0078 ================================================== ==============================
2011/01/08 10:17:40.0078 Scan finished
2011/01/08 10:17:40.0078 ================================================== ==============================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

ComboFix 11-01-08.05 - Catherine Haigh 2011-01-09 17:10:19.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.533 [GMT 0:00] Running from: c:\documents and settings\Catherine Haigh\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Catherine Haigh\Recent\Thumbs.db c:\windows\system32\config\systemprofile\Applicati on Data\Beizgi c:\windows\system32\config\systemprofile\Applicati on Data\Beizgi\nouqo.faw . ((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 ))))))))))))))))))))))))))))))) . 2011-01-06 21:23 . 2011-01-06 21:23 794 ----a-w- c:\windows\system32\drivers\nlqjawco.dat 2011-01-06 21:22 . 2011-01-06 21:22 11648 ----a-w- c:\windows\system32\drivers\ACPIEC.SYS 2011-01-06 20:24 . 2011-01-06 20:26 -------- d-----w- c:\documents and settings\Catherine Haigh\Local Settings\Application Data\Temp 2011-01-06 20:24 . 2011-01-06 20:28 -------- d-----w- c:\documents and settings\Catherine Haigh\Local Settings\Application Data\Google 2011-01-06 19:48 . 2011-01-06 19:48 -------- d-----w- c:\documents and settings\Catherine Haigh\Application Data\AVG10 2011-01-06 19:47 . 2011-01-06 19:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2011-01-06 19:45 . 2011-01-09 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2011-01-06 19:42 . 2011-01-06 21:23 -------- d-----w- c:\windows\system32\MpEngineStore 2011-01-06 19:13 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-06 19:12 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2011-01-06 18:29 . 2011-01-06 18:29 -------- d-----w- C:\$AVG 2011-01-06 14:05 . 2011-01-06 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-01-06 14:03 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2011-01-06 14:03 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll 2011-01-06 14:00 . 2011-01-06 14:00 -------- d-----w- c:\windows\system32\wbem\Repository 2011-01-06 13:26 . 2011-01-06 13:26 -------- d-----w- C:\spoolerlogs 2010-12-18 14:09 . 2011-01-06 13:59 -------- d-----w- c:\program files\MyOffice.NET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2010-12-20 18:09 . 2009-02-02 17:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 18:08 . 2009-02-02 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-18 18:12 . 2006-08-31 18:50 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26 . 2006-08-31 18:29 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26 . 2006-08-31 18:29 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26 . 2006-08-31 18:29 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25 . 2006-08-31 18:29 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2006-08-31 18:29 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2006-08-31 18:29 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2006-08-31 18:29 1853312 ----a-w- c:\windows\system32\win32k.sys 2003-08-27 14:19 . 2007-02-21 04:24 36963 -c--a-r- c:\program files\Common Files\SM1updtr.dll . ------- Sigcheck ------- [-] 2004-08-11 08:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2004-08-11 08:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\MsPMSNSv.dll [-] 2004-08-11 08:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\MsPMSNSv.dll [7] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "Google Update"="c:\documents and settings\Catherine Haigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-01-06 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-07 761947] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600] "SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208] "RTHDCPL"="RTHDCPL.EXE" [2006-04-05 16120832] "RestoreIT!"="c:\program files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" [2004-09-23 114688] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248] "MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-04-20 118784] "mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-20 53248] "MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-18 151552] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 28160] "EPSONStylus D88 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_ FATIABE.EXE" [2005-01-27 98304] "EPSON Stylus D88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_FATIABE.EXE" [2005-01-27 98304] "EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2006-03-28 634880] "DMHotKey"="c:\program files\Samsung\DisplayManager\DMLoader.exe" [2005-11-23 356352] "DisplayManager"="c:\program files\Samsung\DisplayManager\DisplayManager.exe" [2006-05-04 413696] "BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2006-04-25 2764800] "AVStation Premium 3.75"="c:\program files\Samsung\AVStation Premium 3.75\AVSAgent.exe" [2006-05-13 159744] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056] "AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 1164912] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 1941784] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 87584] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-2-22 438272] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.S YS [2006-08-31 43512] R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBa ckd5.sys [2007-09-05 183159] R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2006-08-31 4300] R2 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [2006-08-31 5088] R2 SNM WLAN Service;SNM WLAN Service;c:\program files\Samsung\Samsung Network Manager\SNMWLANService.exe [2005-05-28 36864] R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\ SamsungEDS.SYS [2006-03-29 27648] S1 otgrxwxn;otgrxwxn;\??\c:\windows\system32\drivers\ otgrxwxn.sys --> c:\windows\system32\drivers\otgrxwxn.sys [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?] S3 SSB2413;SSB2413 Wireless Network Adapter Service;c:\windows\system32\drivers\SSB2413.sys [2006-08-31 470112] S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2008-01-28 19840] . Contents of the 'Scheduled Tasks' folder 2010-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2011-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-332887907-4197182999-1442650478-1005Core.job - c:\documents and settings\Catherine Haigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-06 20:24] 2011-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-332887907-4197182999-1442650478-1005UA.job - c:\documents and settings\Catherine Haigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-06 20:24] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyServer = http=127.0.0.1:9090 uInternet Settings,ProxyOverride = *.local; uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s Trusted Zone: msn Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll HKLM-Run-farstone - (no file) Notify-avgrsstarter - avgrsstx.dll ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-01-09 17:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(696) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3396) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\RTHDCPL.EXE c:\windows\AGRSMMSG.exe c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Samsung\Samsung Update Plus\SLUBackgroundService.exe c:\windows\system32\wdfmgr.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\iPod\bin\iPodService.exe . ************************************************** ************************ . Completion time: 2011-01-09 1718 - machine was rebooted ComboFix-quarantined-files.txt 2011-01-09 17:21 Pre-Run: 61,869,330,432 bytes free Post-Run: 61,779,492,864 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - CE751F29C7B488405EB848CA02D3F2A8

I can't read your log.
You did something wrong.
Please, re-run Combofix.

Sorry, don't know what happened with the cut and paste.
Below is a copy of the txt file in the C: drive.


ComboFix 11-01-08.05 - Catherine Haigh 2011-01-09 17:10:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.533 [GMT 0:00]
Running from: c:\documents and settings\Catherine Haigh\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Catherine Haigh\Recent\Thumbs.db
c:\windows\system32\config\systemprofile\Applicati on Data\Beizgi
c:\windows\system32\config\systemprofile\Applicati on Data\Beizgi\nouqo.faw

.
((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-06 21:23 . 2011-01-06 21:23 794 ----a-w- c:\windows\system32\drivers\nlqjawco.dat
2011-01-06 21:22 . 2011-01-06 21:22 11648 ----a-w- c:\windows\system32\drivers\ACPIEC.SYS
2011-01-06 20:24 . 2011-01-06 20:26 -------- d-----w- c:\documents and settings\Catherine Haigh\Local Settings\Application Data\Temp
2011-01-06 20:24 . 2011-01-06 20:28 -------- d-----w- c:\documents and settings\Catherine Haigh\Local Settings\Application Data\Google
2011-01-06 19:48 . 2011-01-06 19:48 -------- d-----w- c:\documents and settings\Catherine Haigh\Application Data\AVG10
2011-01-06 19:47 . 2011-01-06 19:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-06 19:45 . 2011-01-09 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-01-06 19:42 . 2011-01-06 21:23 -------- d-----w- c:\windows\system32\MpEngineStore
2011-01-06 19:13 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-06 19:12 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-06 18:29 . 2011-01-06 18:29 -------- d-----w- C:\$AVG
2011-01-06 14:05 . 2011-01-06 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-06 14:03 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-01-06 14:03 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-01-06 14:00 . 2011-01-06 14:00 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-06 13:26 . 2011-01-06 13:26 -------- d-----w- C:\spoolerlogs
2010-12-18 14:09 . 2011-01-06 13:59 -------- d-----w- c:\program files\MyOffice.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-12-20 18:09 . 2009-02-02 17:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2009-02-02 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2006-08-31 18:50 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2006-08-31 18:29 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2006-08-31 18:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2006-08-31 18:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2006-08-31 18:29 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-08-31 18:29 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2006-08-31 18:29 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2006-08-31 18:29 1853312 ----a-w- c:\windows\system32\win32k.sys
2003-08-27 14:19 . 2007-02-21 04:24 36963 -c--a-r- c:\program files\Common Files\SM1updtr.dll
.

------- Sigcheck -------

[-] 2004-08-11 08:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-11 08:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\MsPMSNSv.dll
[-] 2004-08-11 08:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\MsPMSNSv.dll
[7] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="c:\documents and settings\Catherine Haigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-01-06 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-07 761947]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-05 16120832]
"RestoreIT!"="c:\program files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" [2004-09-23 114688]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-04-20 118784]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-20 53248]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-18 151552]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 28160]
"EPSON Stylus D88 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_ FATIABE.EXE" [2005-01-27 98304]
"EPSON Stylus D88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_FATIABE.EXE" [2005-01-27 98304]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2006-03-28 634880]
"DMHotKey"="c:\program files\Samsung\DisplayManager\DMLoader.exe" [2005-11-23 356352]
"DisplayManager"="c:\program files\Samsung\DisplayManager\DisplayManager.exe" [2006-05-04 413696]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2006-04-25 2764800]
"AVStation Premium 3.75"="c:\program files\Samsung\AVStation Premium 3.75\AVSAgent.exe" [2006-05-13 159744]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 1164912]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 1941784]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 87584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-2-22 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.S YS [2006-08-31 43512]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBa ckd5.sys [2007-09-05 183159]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2006-08-31 4300]
R2 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [2006-08-31 5088]
R2 SNM WLAN Service;SNM WLAN Service;c:\program files\Samsung\Samsung Network Manager\SNMWLANService.exe [2005-05-28 36864]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\ SamsungEDS.SYS [2006-03-29 27648]
S1 otgrxwxn;otgrxwxn;\??\c:\windows\system32\drivers\ otgrxwxn.sys --> c:\windows\system32\drivers\otgrxwxn.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
S3 SSB2413;SSB2413 Wireless Network Adapter Service;c:\windows\system32\drivers\SSB2413.sys [2006-08-31 470112]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2008-01-28 19840]
.
Contents of the 'Scheduled Tasks' folder

2010-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2011-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-332887907-4197182999-1442650478-1005Core.job
- c:\documents and settings\Catherine Haigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-06 20:24]

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-332887907-4197182999-1442650478-1005UA.job
- c:\documents and settings\Catherine Haigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-06 20:24]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: msn
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
HKLM-Run-farstone - (no file)
Notify-avgrsstarter - avgrsstx.dll



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-01-09 17:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3396)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Completion time: 2011-01-09 1718 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-09 17:21

Pre-Run: 61,869,330,432 bytes free
Post-Run: 61,779,492,864 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - CE751F29C7B488405EB848CA02D3F2A8

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

FCopy::
c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll | c:\windows\system32\MsPMSNSv.dll
c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll | c:\windows\system32\dllcache\MsPMSNSv.dll

File::
c:\windows\system32\drivers\nlqjawco.dat
c:\windows\system32\drivers\otgrxwxn.sys


DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uInternet Settings,ProxyOverride = *.local;<local>


Driver::
otgrxwxn


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

ComboFix 11-01-08.05 - Catherine Haigh 2011-01-09 22:54:29.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.537 [GMT 0:00]
Running from: c:\documents and settings\Catherine Haigh\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Catherine Haigh\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\drivers\nlqjawco.dat"
"c:\windows\system32\drivers\otgrxwxn.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\nlqjawco.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_otgrxwxn


((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-06 21:22 . 2011-01-06 21:22 11648 ----a-w- c:\windows\system32\drivers\ACPIEC.SYS
2011-01-06 20:24 . 2011-01-06 20:26 -------- d-----w- c:\documents and settings\Catherine Haigh\Local Settings\Application Data\Temp
2011-01-06 20:24 . 2011-01-06 20:28 -------- d-----w- c:\documents and settings\Catherine Haigh\Local Settings\Application Data\Google
2011-01-06 19:48 . 2011-01-06 19:48 -------- d-----w- c:\documents and settings\Catherine Haigh\Application Data\AVG10
2011-01-06 19:47 . 2011-01-06 19:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-06 19:45 . 2011-01-09 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-01-06 19:42 . 2011-01-06 21:23 -------- d-----w- c:\windows\system32\MpEngineStore
2011-01-06 19:13 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-06 19:12 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-06 18:29 . 2011-01-06 18:29 -------- d-----w- C:\$AVG
2011-01-06 14:05 . 2011-01-06 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-06 14:03 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-01-06 14:03 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-01-06 14:00 . 2011-01-06 14:00 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-06 13:26 . 2011-01-06 13:26 -------- d-----w- C:\spoolerlogs
2010-12-18 14:09 . 2011-01-06 13:59 -------- d-----w- c:\program files\MyOffice.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-12-20 18:09 . 2009-02-02 17:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2009-02-02 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2006-08-31 18:50 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2006-08-31 18:29 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2006-08-31 18:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2006-08-31 18:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2006-08-31 18:29 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-08-31 18:29 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2006-08-31 18:29 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2006-08-31 18:29 1853312 ----a-w- c:\windows\system32\win32k.sys
2003-08-27 14:19 . 2007-02-21 04:24 36963 -c--a-r- c:\program files\Common Files\SM1updtr.dll
.

------- Sigcheck -------

[-] 2004-08-11 08:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-11 08:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\MsPMSNSv.dll
[-] 2004-08-11 08:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\MsPMSNSv.dll
[7] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="c:\documents and settings\Catherine Haigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-01-06 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-07 761947]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-05 16120832]
"RestoreIT!"="c:\program files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" [2004-09-23 114688]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-04-20 118784]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-20 53248]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-18 151552]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 28160]
"EPSON Stylus D88 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_ FATIABE.EXE" [2005-01-27 98304]
"EPSON Stylus D88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_FATIABE.EXE" [2005-01-27 98304]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2006-03-28 634880]
"DMHotKey"="c:\program files\Samsung\DisplayManager\DMLoader.exe" [2005-11-23 356352]
"DisplayManager"="c:\program files\Samsung\DisplayManager\DisplayManager.exe" [2006-05-04 413696]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2006-04-25 2764800]
"AVStation Premium 3.75"="c:\program files\Samsung\AVStation Premium 3.75\AVSAgent.exe" [2006-05-13 159744]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 1164912]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 1941784]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 87584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-2-22 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.S YS [2006-08-31 43512]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBa ckd5.sys [2007-09-05 183159]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2006-08-31 4300]
R2 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [2006-08-31 5088]
R2 SNM WLAN Service;SNM WLAN Service;c:\program files\Samsung\Samsung Network Manager\SNMWLANService.exe [2005-05-28 36864]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\ SamsungEDS.SYS [2006-03-29 27648]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
S3 SSB2413;SSB2413 Wireless Network Adapter Service;c:\windows\system32\drivers\SSB2413.sys [2006-08-31 470112]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2008-01-28 19840]
.
Contents of the 'Scheduled Tasks' folder

2010-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2011-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-332887907-4197182999-1442650478-1005Core.job
- c:\documents and settings\Catherine Haigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-06 20:24]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-332887907-4197182999-1442650478-1005UA.job
- c:\documents and settings\Catherine Haigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-06 20:24]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: msn
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-01-09 23:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(928)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Samsung\DisplayManager\dmhkcore.exe
c:\windows\AGRSMMSG.exe
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2011-01-09 23:08:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-09 23:08
ComboFix2.txt 2011-01-09 17:21

Pre-Run: 61,771,026,432 bytes free
Post-Run: 61,775,106,048 bytes free

- - End Of File - - 6941EC9616BA522D452DCCD23730C50B

Looks good

How is computer doing?

You can reinstall AVG now.

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.