malware experts please take look

[one for the road]

ComboFix 10-07-27.05 - MIke 28/07/2010  21:13:13.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.44.1033.18.2013.1079 [GMT 1:00]
Running from: c:\users\MIke\Desktop\commy.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\MIke\AppData\Roaming\.#
c:\users\MIke\AppData\Roaming\inst.exe
c:\users\MIke\AppData\Roaming\System32
c:\users\MIke\AppData\Roaming\System32\database.dat
c:\windows\struct~.ini
c:\windows\system32\%appdata%
c:\windows\system32\drivers\npf.sys
c:\windows\system32\ernel32.dll
c:\windows\system32\NTIMP3.dll
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\UA000106.DLL

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


(((((((((((((((((((((((((   Files Created from 2010-06-28 to 2010-07-28  )))))))))))))))))))))))))))))))
.

2010-07-28 20:37 . 2010-07-28 20:39   --------   d-----w-   c:\users\MIke\AppData\Local\temp
2010-07-28 20:37 . 2010-07-28 20:37   --------   d-----w-   c:\users\LogMeInRemoteUser\AppData\Local\temp
2010-07-27 22:48 . 2010-04-29 14:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 22:47 . 2010-07-27 22:48   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-07-27 22:47 . 2010-04-29 14:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-07-26 17:55 . 2010-07-26 17:55   --------   d-----w-   c:\users\MIke\AppData\Local\Windows Live Writer
2010-07-26 17:55 . 2010-07-26 17:55   --------   d-----w-   c:\users\MIke\AppData\Roaming\Windows Live Writer
2010-07-26 17:51 . 2010-07-27 06:40   --------   d-----w-   c:\users\MIke\Tracing
2010-07-26 16:44 . 2010-07-26 16:44   --------   d-----w-   c:\windows\PCHEALTH
2010-07-20 12:13 . 2010-07-20 19:49   --------   d-----w-   c:\program files\AVS4YOU
2010-07-16 11:45 . 2010-07-16 11:45   214925   ----a-w-   c:\windows\system\tubelist.dat
2010-07-14 18:33 . 2010-06-07 19:30   282928   ----a-w-   c:\windows\system32\HMIPCore.dll
2010-07-14 18:33 . 2010-07-16 22:29   --------   d-----w-   c:\program files\Common Files\IE
2010-07-14 17:47 . 2010-07-27 08:31   --------   d-----w-   c:\windows\vf_hip
2010-07-07 20:53 . 2010-07-07 20:53   --------   d-----w-   c:\users\MIke\AppData\Roaming\DAEMON Tools Pro

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 20:32 . 2009-06-09 08:38   --------   d-----w-   c:\users\MIke\AppData\Roaming\uTorrent
2010-07-28 19:01 . 2009-06-20 07:34   --------   d-----w-   c:\users\MIke\AppData\Roaming\Media Player Classic
2010-07-28 08:45 . 2009-06-08 06:38   --------   d-----w-   c:\programdata\Microsoft Help
2010-07-27 22:01 . 2009-11-12 19:54   --------   d-----w-   c:\program files\uTorrent
2010-07-27 19:06 . 2009-08-17 17:30   --------   d-----w-   c:\program files\IObit
2010-07-27 18:42 . 2010-07-27 18:42   180736   ----a-w-   c:\programdata\Microsoft\Windows Defender\LocalCopy\{8E6310E1-8DA5-080A-FB23-12804F4F9D6C}-Ysq.exe
2010-07-27 18:09 . 2010-07-27 18:09   180736   ----a-w-   c:\programdata\Microsoft\Windows Defender\LocalCopy\{1F019097-7968-4D78-8782-EFF76FF12D36}-Ysq.exe
2010-07-27 17:31 . 2010-07-27 17:31   180736   ----a-w-   c:\programdata\Microsoft\Windows Defender\LocalCopy\{22BA253D-EBBD-3381-2225-387AE923EBC8}-Ysq.exe
2010-07-27 15:33 . 2010-07-27 15:33   180736   ----a-w-   c:\programdata\Microsoft\Windows Defender\LocalCopy\{CCD3CF61-EF75-B71F-DC5C-5AD1D3E350BD}-Ysq.exe
2010-07-27 15:19 . 2010-03-23 17:04   --------   d-----w-   c:\program files\LG PC Suite II
2010-07-27 15:09 . 2010-07-27 15:09   180736   ----a-w-   c:\programdata\Microsoft\Windows Defender\LocalCopy\{848FED6C-7EE6-B846-4B66-E366B89EFB2F}-Ysq.exe
2010-07-27 14:19 . 2010-07-27 14:19   180736   ----a-w-   c:\programdata\Microsoft\Windows Defender\LocalCopy\{F18A2A99-0612-C888-89E5-E358A416E5F8}-Ysq.exe
2010-07-27 13:10 . 2010-07-27 13:10   180736   ----a-w-   c:\programdata\Microsoft\Windows Defender\LocalCopy\{84DF0411-6CB8-A026-252D-C1F771139F12}-Ysq.exe
2010-07-27 09:41 . 2009-11-26 22:08   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-07-27 09:35 . 2010-07-27 09:35   180736   ----a-w-   c:\programdata\Microsoft\Windows Defender\LocalCopy\{D9D213B0-7DC2-BF4E-4A04-96EB8240C685}-Ysq.exe
2010-07-27 06:54 . 2010-07-27 06:54   180736   ----a-w-   c:\programdata\Microsoft\Windows Defender\LocalCopy\{F63BE560-7D6D-1B70-A0F9-3A4641ED788E}-Ysq.exe
2010-07-26 23:14 . 2009-06-08 13:07   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2010-07-26 22:56 . 2010-07-26 22:56   180736   ----a-w-   c:\programdata\Microsoft\Windows Defender\LocalCopy\{E4B5338A-5E0E-AEDA-46AD-0E07A226FD3F}-Ysq.exe
2010-07-26 22:24 . 2010-07-26 22:24   180736   ----a-w-   c:\programdata\Microsoft\Windows Defender\LocalCopy\{658DEAB3-8448-2ED9-D639-73170FE3AA80}-Ysq.exe
2010-07-26 22:15 . 2010-07-26 22:15   180736   ----a-w-   c:\programdata\Microsoft\Windows Defender\LocalCopy\{F8002272-7755-E239-F93C-18E3CFF674EB}-Ysq.exe
2010-07-26 20:23 . 2010-07-26 20:23   180736   ----a-w-   c:\programdata\Microsoft\Windows Defender\LocalCopy\{48BAA9FB-AC17-3E5C-5D25-C936C2C6BF11}-Ysq.exe
2010-07-26 20:17 . 2010-07-26 20:17   180736   ----a-w-   c:\programdata\Microsoft\Windows Defender\LocalCopy\{18AFC62B-E554-C9F2-E1AB-00E1128067A5}-Ysq.exe
2010-07-26 19:24 . 2009-10-23 07:44   166160   ----a-w-   c:\users\MIke\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-26 19:23 . 2010-07-26 19:23   180736   ----a-w-   c:\programdata\Microsoft\Windows Defender\LocalCopy\{1DF5473F-13A1-0163-A135-458D392DB557}-Ysq.exe
2010-07-26 18:45 . 2009-07-14 04:52   --------   d-----w-   c:\program files\MSBuild
2010-07-26 17:18 . 2009-10-20 18:10   --------   d-----w-   c:\users\MIke\AppData\Roaming\DivX
2010-07-26 16:40 . 2009-10-11 09:25   --------   d-----w-   c:\program files\Microsoft
2010-07-26 16:23 . 2009-06-08 00:10   --------   d-----w-   c:\users\MIke\AppData\Roaming\Skype
2010-07-21 17:30 . 2009-06-08 00:11   --------   d-----w-   c:\users\MIke\AppData\Roaming\skypePM
2010-07-21 07:51 . 2009-10-18 12:24   --------   d-----w-   c:\users\MIke\AppData\Roaming\vlc
2010-07-20 19:48 . 2010-01-17 13:35   --------   d-----w-   c:\program files\Common Files\AVSMedia
2010-07-20 12:15 . 2010-01-17 13:37   --------   d-----w-   c:\users\MIke\AppData\Roaming\AVS4YOU
2010-07-16 23:56 . 2009-08-29 21:31   --------   d-----w-   c:\users\MIke\AppData\Roaming\FrostWire
2010-07-14 19:11 . 2010-06-16 23:37   --------   d-----w-   c:\program files\Hide IP Platinum
2010-07-14 17:43 . 2010-01-03 09:26   --------   d-----w-   c:\users\MIke\AppData\Roaming\Hide IP NG
2010-07-07 20:57 . 2009-08-03 17:20   721904   ----a-w-   c:\windows\system32\drivers\sptd.sys
2010-06-30 07:26 . 2009-06-09 17:46   --------   d-----w-   c:\programdata\P4G
2010-06-28 14:03 . 2009-06-08 06:43   --------   d-----w-   c:\program files\Microsoft.NET
2010-06-27 10:39 . 2010-06-27 10:39   501936   ----a-w-   c:\programdata\Google\Google Toolbar\Update\gtb41E1.tmp.exe
2010-06-15 18:01 . 2009-06-08 20:33   --------   d-----w-   c:\program files\CCleaner
2010-06-10 07:48 . 2010-06-10 07:48   --------   d-----w-   c:\programdata\Comodo Downloader
2010-06-04 10:12 . 2010-05-26 06:53   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-06-01 12:22 . 2009-12-08 22:23   --------   d-----w-   c:\program files\Java
2010-05-27 07:24 . 2010-06-11 16:30   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 16:30   293888   ----a-w-   c:\windows\system32\atmfd.dll
2010-05-21 13:14 . 2009-10-03 22:41   221568   ------w-   c:\windows\system32\MpSigStub.exe
2010-05-21 07:24 . 2010-05-21 07:24   86016   ----a-w-   c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-05-21 05:18 . 2010-06-11 16:31   977920   ----a-w-   c:\windows\system32\wininet.dll
2010-05-09 09:14 . 2010-06-26 15:57   641536   ----a-w-   c:\windows\system32\CPFilters.dll
2010-05-09 09:14 . 2010-06-26 15:57   417792   ----a-w-   c:\windows\system32\msdri.dll
2010-05-01 14:49 . 2010-06-11 16:31   2326528   ----a-w-   c:\windows\system32\win32k.sys
2009-06-10 21:26 . 2009-07-14 02:04   9633792   --sha-r-   c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42   396800   --sha-w-   c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-08 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^MIke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^MIke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^MIke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\MIke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^MIke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WordWeb Pro.lnk]
backup=c:\windows\pss\WordWeb Pro.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\opqiabs
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPLive
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06   976832   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04   35760   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2008-07-15 10:29   7651328   ----a-w-   c:\program files\ASUS\ATKOSD2\ATKOSD2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-18 18:52   104936   ----a-w-   c:\program files\CyberLink\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
2009-07-21 11:50   84464   ----a-w-   c:\program files\Roxio 2010\5.0\CPMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-23 01:18   494064   ----a-w-   c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2009-07-14 01:14   144384   ----a-w-   c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-05 08:34   135664   ----atw-   c:\users\MIke\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44   31072   ----a-w-   c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2008-01-11 21:40   98304   ----a-w-   c:\program files\ASUS\ATK Hotkey\HControlUser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-08 16:26   174104   ------w-   c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-08 16:27   141848   ------w-   c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-08-25 10:11   221184   ----a-w-   c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-08-25 10:11   81920   ----a-w-   c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 14:39   1090952   ----a-w-   c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 14:39   437584   ----a-w-   c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57   153136   ----a-w-   c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-13 17:11   210216   ----a-w-   c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-08 16:27   151064   ------w-   c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2008-01-25 17:32   778240   ----a-w-   c:\program files\P4P\P4P.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
2010-02-04 05:37   173512   ----a-w-   c:\program files\Common Files\PPLiveNetwork\PPAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPLiveVA]
2009-12-30 09:15   71152   ----a-w-   c:\program files\PPLive\PPVA\PPLiveVA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05   200704   ----a-w-   c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-24 08:33   240112   ----a-w-   c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-05-22 23:22   7514656   ----a-w-   c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14   1173504   ----a-w-   c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 16:57   26192168   ----a-r-   c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-05-22 23:22   1833504   ----a-w-   c:\program files\Realtek\Audio\HDA\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 09:07   827392   ----a-w-   c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43   248040   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-16 22:53   2403568   ----a-w-   c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-08 22:02   39408   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tesco]
2009-08-19 16:24   7809024   ----a-w-   c:\program files\Tesco Internet Phone\TescoIP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-07-27 21:41   327472   ----a-w-   c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-07-14 01:14   660480   ----a-w-   c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-07-14 01:16   859648   ----a-w-   c:\windows\System32\OobeFldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-07-14 01:14   65024   ----a-w-   c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-07 721904]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-02-21 151552]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-01-20 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-01-20 8456]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-23 12872]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1343400]
R3 XG762_VS;ZyXEL 802.11g XG762 1211 Vista Driver;c:\windows\system32\DRIVERS\WlanGZG.sys [2007-08-20 873472]
S0 SahdIa32;HDD Filter Driver;c:\windows\System32\Drivers\SahdIa32.sys [2009-06-02 21488]
S0 SaibIa32;Volume Filter Driver;c:\windows\System32\Drivers\SaibIa32.sys [2009-06-02 15856]
S1 aswSP;avast! Self Protection;

S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVd32.sys [2009-06-02 25584]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-23 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-07-16 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-02 457200]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


--- Other Services/Drivers In Memory ---

*Deregistered* - cmdGuard
*Deregistered* - cmdHlp
*Deregistered* - inspect
*Deregistered* - MBAMProtector

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 17:53   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-28 c:\windows\Tasks\d3572b34.job
- c:\users\MIke\AppData\Roaming\d3572b34.exe [2005-05-14 00:00]

2010-07-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-08 12:43]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:34]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:34]

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108769527-2725615563-1048934146-1000Core.job
- c:\users\MIke\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-13 08:34]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108769527-2725615563-1048934146-1000UA.job
- c:\users\MIke\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-13 08:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://tiscali.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
TCP: 030313630313142314736414 = 156.154.70.22,156.154.71.22
TCP: 14572756F6C6D284F64756C6 = 156.154.70.22,156.154.71.22
TCP: 244564F4E4 = 156.154.70.22,156.154.71.22
TCP: 2445F40756E6A7F6E656 = 156.154.70.22,156.154.71.22
TCP: 377796373736F6D6 = 156.154.70.22,156.154.71.22
TCP: A5978554C4 = 156.154.70.22,156.154.71.22
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-108769527-2725615563-1048934146-1000\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:e2,c9,d3,19,1d,de,68,b5,98,11,33,59,b6,5c,9c,45,2b,d9,bb,d0,
   f7,a7,f5,52,76,95,6d,e4,ec,0e,aa,81,02,f6,28,02,7c,c7,51,4f,a1,41,7b,dc,f2,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\P4G\BatteryLife.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2010-07-28  21:45:01 - machine was rebooted
ComboFix-quarantined-files.txt  2010-07-28 20:45

Pre-Run: 201,904,472,064 bytes free
Post-Run: 201,422,614,528 bytes free

- - End Of File - - E87A98F7B84E2E9894D550C11ABD3E01

[Crush]

IObit was recently accused by Malwarebytes, for stealing the MBAM database.

See these links for more info on the situation:

Relevant link 1: http://forums.malwarebytes.org/index.php?showtopic=30989&view=findpost&p=157535

Relevant link 2: http://forums.malwarebytes.org/index.php?showtopic=30989&view=findpost&p=158735

I recommend to change your security program to something more trusted, but that option is up to you. If you would like help finding a new security program, please let me know.
=======

Re-running ComboFix to remove infections:

   

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
     

  File::
  c:\windows\Tasks\d3572b34.job
  
     
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
     
  
     
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
     
• Please post the contents of the log in your next reply.

[/list]

[one for the road]

Thanks for your time and help
Problem solved ,backed up files etc ,reinstalled windows 7 ,there were under lying issues that are also solved nothing to do with viruses
Put files and docs back on ,couple of hours back to normal job done
oftr

[Crush]

Ok. Thanks for letting me know