Thanks here is the Combofix report. I did exit Bitdefender and end it's process in process manager too.
ComboFix 09-01-19.01 - HOME 2009-01-19 18:46:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.560 [GMT 0:00]
Running from: c:\documents and settings\HOME\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)
FW: Bitdefender Firewall *enabled*
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\HOME\Application Data\ShoppingReport
c:\documents and settings\HOME\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\HOME\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\HOME\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\HOME\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\HOME\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\HOME\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\HOME\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\windows\IE4 Error Log.txt
c:\windows\system32\aseziyiy.ini
c:\windows\system32\davotudo.dll
c:\windows\system32\ekeyiwup.ini
c:\windows\system32\fawekoke.dll
c:\windows\system32\fegopuyi.dll
c:\windows\system32\igekafos.ini
c:\windows\system32\iloyedas.ini
c:\windows\system32\lifuteza.dll
c:\windows\system32\livimuvo.dll
c:\windows\system32\mizoluyi.dll
c:\windows\system32\muzevudo.dll
c:\windows\system32\noripipi.dll
c:\windows\system32\ovumivil.ini
c:\windows\system32\pujusotu.dll
c:\windows\system32\rekoyehe.dll
c:\windows\system32\sibifoza.dll
c:\windows\system32\tinunadu.dll
c:\windows\system32\trhkqh.dll
c:\windows\system32\tvdasf.dll
c:\windows\system32\upbvcn.dll
c:\windows\system32\vipukeyu.dll
c:\windows\system32\yiyizesa.dll
c:\windows\system32\zijaputa.dll
c:\windows\system32\zojepiha.dll
----- BITS: Possible infected sites -----
hxxp://77.74.48.105.
((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.
2009-01-16 10:03 . 2009-01-16 10:03 2,713 ---hs---- c:\windows\system32\titumeri.dll
2009-01-16 10:03 . 2009-01-16 10:03 2,713 ---hs---- c:\windows\system32\fepuhegu.dll
2009-01-16 10:02 . 2009-01-16 10:02 2,713 ---hs---- c:\windows\system32\runijolu.dll
2009-01-15 20:58 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-01-15 20:01 . 2009-01-15 20:01 <DIR> d-------- c:\program files\Lavasoft
2009-01-15 20:00 . 2009-01-15 20:00 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-12 16:14 . 2009-01-12 16:14 2,713 ---hs---- c:\windows\system32\hubejibo.exe
2009-01-11 17:10 . 2009-01-11 17:10 18 --a------ C:\cookies.dat
2009-01-10 21:28 . 2009-01-10 21:28 2,713 ---hs---- c:\windows\system32\pajujabo.exe
2009-01-08 17:58 . 2009-01-08 17:58 2,713 ---hs---- c:\windows\system32\fatilebi.exe
2009-01-07 10:25 . 2009-01-07 10:25 <DIR> d-------- c:\program files\Common Files\PACE Anti-Piracy
2009-01-07 10:25 . 2009-01-07 10:25 <DIR> d-------- c:\documents and settings\HOME\Application Data\PACE Anti-Piracy
2009-01-07 10:25 . 2009-01-07 10:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2009-01-07 10:21 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-01-07 00:52 . 2006-12-08 22:50 16,384 --a------ c:\windows\system32\drivers\DigiFilt.sys
2009-01-07 00:51 . 2007-10-31 00:34 196,608 --a------ c:\windows\system32\Digi32.dll
2009-01-07 00:50 . 2009-01-07 00:50 <DIR> d-------- c:\program files\InterLok
2009-01-07 00:50 . 2009-01-07 00:50 <DIR> d-------- c:\program files\Digidesign
2009-01-07 00:49 . 2009-01-07 00:49 <DIR> d-------- c:\documents and settings\HOME\Application Data\InstallShield
2009-01-07 00:26 . 2009-01-07 00:26 <DIR> d-------- c:\program files\Kreatives.org
2009-01-05 07:53 . 2009-01-05 07:53 2,713 ---hs---- c:\windows\system32\sikenojo.exe
2008-12-23 10:38 . 2008-12-23 10:38 2,713 ---hs---- c:\windows\system32\fafejeyi.exe
2008-12-21 22:13 . 2008-12-21 22:13 2,713 ---hs---- c:\windows\system32\zutokewa.exe
2008-12-19 20:32 . 2008-12-19 20:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BitDefender
2008-12-19 20:27 . 2008-07-16 18:21 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intel
2008-12-19 20:27 . 2008-12-19 20:27 <DIR> d-------- c:\documents and settings\Administrator
2008-12-19 19:51 . 2008-12-19 19:51 45 --a------ c:\windows\system32\RPVersion.ini
2008-12-19 19:48 . 2008-12-19 19:54 <DIR> d-------- c:\program files\RegistryPatrol3.0
2008-12-19 15:00 . 2009-01-15 20:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 18:49 81,984 ----a-w c:\windows\system32\bdod.bin
2009-01-16 10:03 127,775 ----a-w c:\windows\system32\vabesima.dll
2009-01-15 21:02 127,956 ----a-w c:\windows\system32\ninavepo.dll
2009-01-07 00:50 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-04 15:02 --------- d-----w c:\program files\PeerGuardian2
2008-12-18 19:21 --------- d-----w c:\program files\Trend Micro
2008-10-28 14:27 737,280 ----a-w c:\windows\iun6002.exe
.
------- Sigcheck -------
2004-08-12 14:06 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-14 00:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 00:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
2008-04-14 00:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\system32\svchost.exe
2005-03-02 18:19 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 15:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 15:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\$NtServicePackUninstall$\user32.dll
2004-08-12 14:08 577024 c72661f8552ace7c5c85e16a3cf505c4 c:\windows\$NtUninstallKB890859$\user32.dll
2005-03-02 18:09 577024 de2db164bbb35db061af0997e4499054 c:\windows\$NtUninstallKB925902$\user32.dll
2008-04-14 00:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\ServicePackFiles\i386\user32.dll
2008-04-14 00:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\user32.dll
2008-04-14 00:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\system32\user32.dll
2004-08-12 14:10 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-04-14 00:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-14 00:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll
2008-04-14 00:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\system32\ws2_32.dll
2004-08-12 14:09 502272 01c3346c241652f43aed8e2149881bfe c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-14 00:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-14 00:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
2008-04-14 00:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\system32\winlogon.exe
2004-08-12 14:01 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 19:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 19:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys
2008-04-13 19:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys
2004-08-12 13:58 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 18:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 18:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip6fw.sys
2008-04-13 18:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys
2005-03-02 00:36 2056832 d8aba3eab509627e707a3b14f00fbb6b c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 09:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 08:38 2015744 a58ac1c6199ef34228abee7fc057ae09 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-12 14:06 2015232 fb142b7007ca2eea76966c6c5cc12150 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 00:34 2015232 3cd941e472ddf3534e53038535719771 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-13 18:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-13 18:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntkrnlpa.exe
2008-08-14 09:22 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntkrnlpa.exe
2008-08-14 09:18 2062976 63ec865dff6ccfc7bef94b5c50297cad c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntkrnlpa.exe
2008-08-14 09:33 2066048 4ac58f03eb94a72809949d757fc39d80 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntkrnlpa.exe
2008-08-14 15:39 2066048 a25e9b86effb2af33bf51e676b68bfb0 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntkrnlpa.exe
2008-04-13 18:31 2023936 7f653a89f6e89e3ae0d49830eece35d4 c:\windows\system32\ntkrnlpa.exe
2005-03-02 01:04 2179456 28187802b7c368c0d3aef7d4c382aabb c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 09:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 09:08 2136064 1220faf071dea8653ee21de7dcda8bfd c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-12 14:02 2148352 626309040459c3915997ef98ec1c8d40 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 00:57 2135552 48b3e89af7074cee0314a3e0c7faffdb c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-13 19:27 2188928 0c89243c7c3ee199b96fcc16990e0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-04-13 19:27 2188928 0c89243c7c3ee199b96fcc16990e0679 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntoskrnl.exe
2008-08-14 10:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntoskrnl.exe
2008-08-14 09:57 2185984 ce69dbd54221f2d40e49ff6db77c6507 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntoskrnl.exe
2008-08-14 10:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntoskrnl.exe
2008-08-14 16:11 2189184 31914172342bff330063f343ac6958fe c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntoskrnl.exe
2008-04-13 19:24 2145280 40f8880122a030a7e9e1fedea833b33d c:\windows\system32\ntoskrnl.exe
2008-04-14 00:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\explorer.exe
2007-06-13 11:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 10:23 1033216 97bd6515465659ff8f3b7be375b2ea87 c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-12 13:57 1032192 a0732187050030ae399b241436565e64 c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 00:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\ServicePackFiles\i386\explorer.exe
2008-04-14 00:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
2004-08-12 14:05 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\$NtServicePackUninstall$\services.exe
2008-04-14 00:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\ServicePackFiles\i386\services.exe
2008-04-14 00:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\services.exe
2008-04-14 00:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\system32\services.exe
2004-08-12 13:59 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-14 00:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-14 00:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe
2008-04-14 00:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\system32\lsass.exe
2004-08-12 13:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 00:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 00:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
2008-04-14 00:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\system32\ctfmon.exe
2005-06-11 00:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 23:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe
2004-08-12 14:06 57856 7435b108b935e42ea92ca94f59c8e717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 00:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 00:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spoolsv.exe
2008-04-14 00:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\system32\spoolsv.exe
2004-08-12 14:08 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 00:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 00:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
2008-04-14 00:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
2004-08-12 14:07 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-14 00:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-14 00:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll
2008-04-14 00:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-22 7585792]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-03-22 925696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 188416]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-15 368640]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"CPMfbb6acde"="c:\windows\system32\vabesima.dll" [2009-01-16 127775]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2008-03-22 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\HOME\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-03-27 3450608]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\vabesima.dll" [2009-01-16 127775]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vabesima.dll [2009-01-16 127775]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= Digi32.dll
"MIDI1"= diomidi.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"btwdins"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\BitDefender\\BitDefender 2008\\vsserv.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\Program Files\\Digidesign\\Drivers\\MMERefresh.exe"=
"c:\\Program Files\\BitDefender\\BitDefender 2008\\bdagent.exe"=
"c:\\Program Files\\Common Files\\BitDefender\\BitDefender Communicator\\xcommsvr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\iFrmewrk.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:SqueezeCenter 9000 tcp (UI)
"9090:TCP"= 9090:TCP:SqueezeCenter 9090 tcp (CLI)
"3483:UDP"= 3483:UDP:SqueezeCenter 3483 udp
"3483:TCP"= 3483:TCP:SqueezeCenter 3483 tcp
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2009-01-07 16384]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-01-25 86792]
R4 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2009-01-07 16400]
R4 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2008-04-27 4300]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2009-01-07 97808]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [2008-10-11 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [2008-10-11 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [2008-10-11 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [2008-10-11 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [2008-10-11 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [2008-10-11 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [2008-10-11 109952]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2008-10-11 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2008-10-11 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2008-10-11 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2008-10-11 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2008-10-11 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2008-10-11 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2008-10-11 115752]
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [2008-03-20 26505]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{495808c8-fa6e-11dc-b20a-001377270451}]
\Shell\1\Command - .\rundll.exe
\Shell\2\Command - .\Rundll.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\Rundll.exe
.
Contents of the 'Scheduled Tasks' folder
2009-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -
BHO-{0b975ea6-1c48-4a7a-b9a7-419178dfd59b} - c:\windows\system32\tvdasf.dll
BHO-{5ac62fff-9792-4054-b6d9-9907ce627034} - c:\windows\system32\trhkqh.dll
BHO-{f2b0951b-731b-4d28-abcb-d7d6ff6e71dc} - c:\windows\system32\noripipi.dll
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
FF - ProfilePath - c:\documents and settings\HOME\Application Data\Mozilla\Firefox\Profiles\fvzi8td2.default\
FF - prefs.js: browser.startup.homepage -
www.google.co.uk.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-19 18:51:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1316)
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\SoftwareDistribution\Download\Install\windows-kb890830-v2.6.exe
c:\
0cc09ca4697177cb3ad2c4598a\mrtstub.exe
c:\windows\system32\MRT.exe
.
**************************************************************************
.
Completion time: 2009-01-19 18:55:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-19 18:55:54
Pre-Run: 33,908,133,888 bytes free
Post-Run: 34,456,219,648 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
332 --- E O F --- 2008-07-19 17:38:56
And the hijackthis log too
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57:23, on 19/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\update\update.exe
C:\Program Files\Trend Micro\HijackThis\anlayse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
http://go.microsoft.com/fwlink/?LinkId=54843R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 2053056562O20 - AppInit_DLLs: c:\windows\system32\vabesima.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vabesima.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vabesima.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8513 bytes
Hope this all helps