Many thanks. Here's my ComboFix log (HijackThis log follows below):
ComboFix 09-08-10.06 - Steve 12/08/2009 19:22.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1726.1196 [GMT 1:00]
Running from: c:\documents and settings\Steve\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\1243a5c.msi
c:\windows\Installer\6299e1.msi
c:\windows\system32\drivers\hjgruiuibvdcox.sys
c:\windows\system32\hjgruilog.dat
c:\windows\system32\hjgruimwlthqob.dat
c:\windows\system32\hjgruivlskwkwr.dat
c:\windows\system32\hjgruivmpxovuy.dll
c:\windows\system32\hjgruixhvimpdx.dll
c:\windows\system32\mdm.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_hjgruilamycmqf
-------\Legacy_hjgruilamycmqf
((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.
2009-08-01 11:53 . 2009-08-01 11:53 -------- d-----w- c:\program files\Trend Micro
2009-07-30 08:02 . 2009-07-30 08:02 -------- d-----w- c:\program files\AxBx
2009-07-29 21:12 . 2009-07-29 21:12 -------- d-----w- c:\documents and settings\Steve\Application Data\.clamwin
2009-07-29 21:12 . 2009-07-29 21:12 -------- d-----w- c:\program files\ClamWin
2009-07-29 21:12 . 2009-07-29 21:12 -------- d-----w- c:\documents and settings\Steve\.clamwin
2009-07-29 19:07 . 2009-07-29 19:07 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-29 06:58 . 2009-07-29 06:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-29 06:58 . 2009-07-29 06:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-28 21:41 . 2009-07-28 21:41 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes
2009-07-28 21:41 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 21:41 . 2009-07-28 21:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 21:41 . 2009-07-28 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-28 21:41 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-28 08:11 . 2009-07-28 08:11 -------- d-sh--w- c:\documents and settings\Steve\IECompatCache
2009-07-26 11:42 . 2009-07-26 11:42 -------- d-----w- c:\program files\VS Revo Group
2009-07-25 16:02 . 2009-07-25 16:02 -------- d-sh--w- c:\documents and settings\Steve\PrivacIE
2009-07-22 21:55 . 2009-07-22 21:55 -------- d-----w- c:\documents and settings\Steve\Application Data\Canneverbe_Limited
2009-07-21 09:56 . 2009-07-21 09:56 -------- d-----w- c:\program files\Apple Software Update
2009-07-21 09:55 . 2009-07-21 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-21 09:54 . 2009-07-21 09:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-21 09:54 . 2009-07-21 09:54 -------- d-----w- c:\program files\QuickTime
2009-07-21 09:50 . 2009-07-21 09:50 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-21 08:56 . 2009-07-21 08:56 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-21 08:56 . 2009-07-21 08:56 -------- d-sh--w- c:\documents and settings\Steve\IETldCache
2009-07-21 08:56 . 2009-07-21 08:56 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-21 08:51 . 2009-07-21 08:51 -------- d-----w- c:\windows\ie8updates
2009-07-21 08:50 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-21 08:50 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-21 08:49 . 2009-07-21 08:50 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 18:19 . 2006-07-29 12:03 1660 ----a-w- c:\windows\bthservsdp.dat
2009-08-12 18:19 . 2006-05-28 17:09 -------- d-----w- c:\documents and settings\Steve\Application Data\Skype
2009-08-12 18:19 . 2006-05-24 18:50 -------- d-----w- c:\program files\WinTV
2009-08-12 18:11 . 2006-08-06 10:01 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-06 18:44 . 2007-09-01 09:35 -------- d-----w- c:\documents and settings\Steve\Application Data\uTorrent
2009-08-05 18:49 . 2006-04-28 22:05 -------- d-----w- c:\documents and settings\Steve\Application Data\OpenOffice.org2
2009-08-04 20:59 . 2007-07-16 12:15 -------- d-----w- c:\documents and settings\Steve\Application Data\U3
2009-07-31 07:39 . 2007-12-03 08:59 1354375 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-07-30 08:19 . 2007-10-02 08:22 -------- d-----w- c:\documents and settings\Steve\Application Data\com.zipeg
2009-07-28 21:38 . 2008-06-13 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-26 22:13 . 2007-06-17 10:05 -------- d-----r- c:\program files\Skype
2009-07-25 23:41 . 2009-07-26 08:04 214528 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2009-07-25 23:40 . 2007-07-14 11:12 -------- d-----w- c:\program files\a-squared Free
2009-07-25 16:27 . 2006-05-26 19:51 -------- d-----w- c:\documents and settings\Steve\Application Data\LimeWire
2009-07-22 21:54 . 2007-12-07 22:16 -------- d-----w- c:\program files\CDBurnerXP
2009-07-22 21:47 . 2009-07-09 12:35 -------- d-----w- c:\program files\NCH Swift Sound
2009-07-21 09:55 . 2005-09-03 18:08 -------- d-----w- c:\program files\iTunes
2009-07-21 09:55 . 2008-05-24 19:03 -------- d-----w- c:\program files\Common Files\Apple
2009-07-21 09:55 . 2005-09-03 18:08 -------- d-----w- c:\program files\iPod
2009-07-19 21:56 . 2009-07-20 07:13 62976 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2009-07-18 09:53 . 2009-07-18 10:07 3531264 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2009-07-18 09:53 . 2009-07-18 10:07 3570688 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2009-07-18 08:41 . 2007-02-07 10:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 11:42 . 2008-06-13 21:56 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-16 09:49 . 2009-07-16 09:49 20919210 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_thread_2009_07_16_10_42_25_full.dmp.zip
2009-07-09 19:11 . 2009-07-09 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-07-09 19:05 . 2009-03-18 22:31 -------- d-----w- c:\program files\MediaMonkey
2009-07-09 14:20 . 2009-07-09 14:20 -------- d-----w- c:\documents and settings\Steve\Application Data\Recordpad
2009-07-09 12:35 . 2009-07-09 12:35 -------- d-----w- c:\documents and settings\Steve\Application Data\NCH Swift Sound
2009-07-09 12:35 . 2009-07-09 12:35 -------- d-----w- c:\program files\NCH Software
2009-07-09 11:24 . 2007-11-29 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-07-04 08:45 . 2009-07-04 08:45 118411 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_04_09_24_19_small.dmp.zip
2009-07-04 08:24 . 2009-07-04 08:40 3493888 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2009-07-03 17:09 . 2004-08-04 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-22 20:09 . 2008-06-13 21:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-22 20:09 . 2006-12-04 16:50 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-21 15:07 . 2006-05-02 19:49 -------- d-----w- c:\program files\LimeWire
2009-06-20 20:33 . 2007-05-14 23:18 -------- d-----w- c:\program files\Joost
2009-06-20 17:51 . 2005-09-03 18:18 -------- d-----w- c:\program files\Google
2009-06-20 16:51 . 2009-06-20 16:51 -------- d-----w- c:\documents and settings\Steve\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2009-06-20 16:51 . 2009-06-20 16:51 -------- d-----w- c:\program files\BBC iPlayer Desktop
2009-06-20 16:51 . 2009-06-20 16:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-20 16:50 . 2009-06-20 16:51 38208 ----a-w- c:\documents and settings\Steve\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-14 22:35 . 2005-09-03 18:05 -------- d-----w- c:\program files\Hp
2009-06-14 21:47 . 2009-06-14 21:50 3454976 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2009-06-14 21:35 . 2009-06-14 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-23 11:49 . 2009-05-23 11:48 20854992 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_thread_2009_05_23_12_41_25_full.dmp.zip
2009-05-18 09:05 . 2008-06-13 21:56 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2006-05-01 21:42 . 2006-05-01 21:42 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2009-06-11 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 344064]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-22 1948440]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-14 1071472]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"Run StartupMonitor"="StartupMonitor.exe" - c:\windows\StartupMonitor.exe [2000-05-20 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
c:\documents and settings\Ally\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-3-10 139776]
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-1-25 61440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-22 20:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [10/10/2008 12:19 38448]
R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [22/11/2008 09:31 17264]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/06/2008 22:56 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/06/2008 22:56 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [22/06/2009 21:09 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [22/06/2009 21:09 298776]
R3 HCW77BDA;Hauppauge Nova-T Stick DVB-T Tuner;c:\windows\system32\drivers\hcw70bda.sys [06/04/2006 12:21 118850]
R3 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\system32\drivers\hcw99rc.sys [06/04/2006 12:22 56792]
S2 a2freeaawservice;a-squared Free Service a2freeaawservice;c:\windows\TEMP\mcvkjdtcca.exe service --> c:\windows\TEMP\mcvkjdtcca.exe service [?]
S2 xoofkdkehfcdovb;xoofkdkehfcdovb;\??\c:\windows\system32\drivers\gmfvuut.sys --> c:\windows\system32\drivers\gmfvuut.sys [?]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [03/04/2006 18:12 14032]
S4 YFRHMJL;YFRHMJL;c:\docume~1\Steve\LOCALS~1\Temp\YFRHMJL.exe --> c:\docume~1\Steve\LOCALS~1\Temp\YFRHMJL.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2006-06-23 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 15:46]
2009-08-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 17:12]
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL =
hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxFF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\pvnsbuk9.default\
FF - prefs.js: browser.startup.homepage -
www.google.co.ukFF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Copernic Desktop Search 2\FirefoxConnector\components\CSPXPCOMBridge.dll
FF - component: c:\program files\Copernic Desktop Search 2\Toolbar\FirefoxContainer\components\CCLCXPCOMBridge.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppstart.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-12 19:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-12 19:37
ComboFix-quarantined-files.txt 2009-08-12 18:36
Pre-Run: 40,033,308,672 bytes free
Post-Run: 40,330,416,128 bytes free
276 --- E O F --- 2009-07-28 23:41
AND NOW HERE'S THE HIJACK THIS LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:11, on 12/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000048.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) -
http://appdirectory.messenger.msn.com/A ... gWXMSN.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: a-squared Free Service a2freeaawservice (a2freeaawservice) - Unknown owner - C:\WINDOWS\TEMP\mcvkjdtcca.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8040 bytes