Webuser Forums: Spyware HELP!!

I Was downloading music from Tesco when it all went wrong, my computer re-booted and now on my desktop is a big warning saying spyware detected and for some reason i now have an AnyiMalware 2009 which i didn't before. I tried to uninstall it but it wouldn't let me, says 5 days of trail left??
Please can you help i still have HJT so i will post a log
Cheers!!

Doug

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:20, on 11/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\Common Files\aol\1182418658\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\rhce1fj0e579\rhce1fj0e579.exe
C:\Windows\system32\pphca1fj0e579.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1182418658\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [lphca1fj0e579] C:\Windows\system32\lphca1fj0e579.exe
O4 - HKLM\..\Run: [SMrhce1fj0e579] C:\Program Files\rhce1fj0e579\rhce1fj0e579.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [lphca1fj0e579] C:\Windows\system32\lphca1fj0e579.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 6971 bytes

Hi the big warning has gone for the moment (after combofix) but i have not tried restarting computer yet, the 'Malware 2009' is still on my computer but here are the logs,
Cheers!!

Doug

ComboFix 08-10-11.04 - Doug and Kirsty 2008-10-13 1:46:58.11 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.133 [GMT 1:00]
Running from: C:\Users\Doug and Kirsty\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\rhce1fj0e579
C:\Users\Doug and Kirsty\AppData\Roaming\rhce1fj0e579
C:\Windows\system32\phca1fj0e579.bmp

.
((((((((((((((((((((((((( Files Created from 2008-09-13 to 2008-10-13 )))))))))))))))))))))))))))))))
.

2008-10-13 01:40 . 2008-10-13 01:41 125,314,927 --a------ C:\Windows\MEMORY.DMP
2008-10-11 21:48 . 2008-10-11 21:52 102,400 --a------ C:\Windows\System32\DC8.tmp
2008-10-11 21:48 . 2008-10-11 21:51 102,400 --a------ C:\Windows\System32\4116.tmp
2008-10-11 21:48 . 2008-10-11 21:48 102,400 --a------ C:\Windows\System32\1BAA.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 17:55 --------- d-----w C:\Users\Doug and Kirsty\AppData\Roaming\AVG7
2008-10-11 20:22 --------- d---a-w C:\ProgramData\TEMP
2008-10-09 22:53 --------- d-----w C:\Program Files\SpywareBlaster
2008-09-16 23:48 --------- d-----w C:\Users\Doug and Kirsty\AppData\Roaming\Packard Bell
2008-09-12 12:27 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 08:43 174 --sha-w C:\Program Files\desktop.ini
2008-09-08 08:34 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-08 08:34 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-09-08 08:34 --------- d-----w C:\Program Files\Windows Mail
2008-09-08 08:34 --------- d-----w C:\Program Files\Windows Journal
2008-09-08 08:34 --------- d-----w C:\Program Files\Windows Defender
2008-09-08 08:34 --------- d-----w C:\Program Files\Windows Collaboration
2008-09-08 08:34 --------- d-----w C:\Program Files\Windows Calendar
2008-09-08 06:21 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-09-08 06:21 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-08-28 20:59 --------- d-----w C:\Program Files\CCleaner
2008-08-27 21:31 --------- d-----w C:\Users\Doug and Kirsty\AppData\Roaming\Malwarebytes
2008-08-27 21:31 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-20 18:29 --------- d-----w C:\ProgramData\avg7
2008-08-17 14:01 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 14:01 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-17 09:36 --------- d-----w C:\ProgramData\khmdqlaf
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 21:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 19:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2007-12-13 23:58 0 ----a-w C:\Users\Doug and Kirsty\AppData\Roaming\wklnhst.dat
2008-01-07 21:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007123120080107\index.dat
2008-01-14 22:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008010720080114\index.dat
2008-01-21 21:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011420080121\index.dat
2008-01-21 21:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012120080122\index.dat
2008-01-23 23:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012320080124\index.dat
2008-01-24 18:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012420080125\index.dat
2008-01-25 21:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012520080126\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-05-03 1116728]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSTray"="C:\Program Files\SiS VGA Utilities\SiSTray.exe" [2007-05-21 548864]
"HostManager"="C:\Program Files\Common Files\AOL\1182418658\ee\AOLSoftware.exe" [2006-11-14 50736]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-21 227328]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 37376]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 579584]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 C:\Windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-23 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2008-03-23 14:25 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5BAB0612-FDF2-4469-AD26-824B130DE243}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{A36F50F6-6F29-478F-98BC-79B667666650}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{7F796B34-9605-4A1A-ACF9-62D2240DB657}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{153E47E8-14D1-455C-AACE-4CAEDE30773C}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{60146CB9-F1EB-44B4-9661-F5C33729311E}"= UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{4CDA64E2-F69E-4394-8A50-57F012D5D85B}"= TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{1C3CD215-96E1-457F-A060-65B6649F4A22}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{DFDC492F-5FD1-455B-86A7-15D2B9CD479E}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{3CCBF03A-EF48-4038-9077-E0E216A4C070}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{61034D2E-4C64-480F-AAD9-B9E9C03A7558}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{ECA61BD5-AACC-4387-9D5F-0C3D9E59C04A}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{6A566F30-BAC9-479E-96C5-0AA0AF8EE207}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{C681CDB4-F125-4250-9C0A-3D7D4EFA7A43}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{0ED50F7C-E618-4D85-B1FB-F86EFDAB1953}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{14CEF885-C117-4721-A142-FED9CA124060}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-23 53768]
R3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-05-21 452984]
S3 LTXMD_VAC;Litex Media Virtual Audio Cabel (WDM);C:\Windows\system32\drivers\lmvac.sys [2008-04-28 18912]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 7680]
.
Contents of the 'Scheduled Tasks' folder

2008-10-13 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

2008-10-03 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Doug and Kirsty.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe []

2007-12-11 C:\Windows\Tasks\PBReg.job
- C:\Program Files\HDReg\HDRegApp.exe [2005-06-21 13:05]

2008-01-25 C:\Windows\Tasks\PBRegbk.job
- C:\Program Files\HDReg\HDRegApp.exe [2005-06-21 13:05]

2008-10-13 C:\Windows\Tasks\Recovery DVD Creator.job
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]

2008-10-12 C:\Windows\Tasks\User_Feed_Synchronization-{97B46CBF-15B0-4164-9201-55D7087EBAA3}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-lphca1fj0e579 - C:\Windows\system32\lphca1fj0e579.exe
HKLM-Run-lphca1fj0e579 - C:\Windows\system32\lphca1fj0e579.exe
HKLM-Run-SMrhce1fj0e579 - C:\Program Files\rhce1fj0e579\rhce1fj0e579.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Doug and Kirsty\AppData\Roaming\Mozilla\Firefox\Profiles\vnli3gf5.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 01:54:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-10-13 2:04:36 - machine was rebooted [Doug and Kirsty]
ComboFix-quarantined-files.txt 2008-10-13 01:04:20
ComboFix2.txt 2008-08-20 18:52:29

Pre-Run: 106,033,442,816 bytes free
Post-Run: 105,907,683,328 bytes free

193 --- E O F --- 2008-10-11 13:46:31