Hi,
ComboFix Logs as follows: -
ComboFix 12-02-13.01 - Cllr Edwards 15/02/2012 15:28:24.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.894.465 [GMT 0:00]
Running from: F:\ComboFix.exe
AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))
.
.
2012-02-14 22:28 . 2012-02-15 07:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-14 21:39 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-14 21:39 . 2012-02-14 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-14 18:22 . 2012-02-14 18:22 -------- dc----w- c:\documents and settings\cllr edwards\Application Data\SUPERAntiSpyware.com
2012-02-14 18:21 . 2012-02-14 18:21 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-02-13 13:36 . 2012-02-13 23:13 -------- dc----w- c:\documents and settings\cllr edwards\Application Data\Myke
2012-02-13 13:36 . 2012-02-13 23:12 -------- dc----w- c:\documents and settings\cllr edwards\Application Data\Vuvy
2012-02-13 13:06 . 2012-02-13 13:06 -------- dc----w- c:\documents and settings\cllr edwards\Application Data\Malwarebytes
2012-02-13 13:06 . 2012-02-13 13:06 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-12 12:52 . 2012-02-15 08:04 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-02 17:28 . 2011-10-22 08:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-26 18:23 . 2008-03-09 21:51 164880 ----a-w- c:\documents and settings\cllr edwards\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-05 14:00 . 2011-12-05 14:00 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 12:00 60416 ----a-w- c:\windows\system32\packager.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 16:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-14 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"IntelAPMClient"="c:\program files\LANDesk\LDClient\amclient.exe" [2005-12-09 311296]
"LANDeskInventoryClient"="c:\program files\LANDesk\LDClient\LDIScn32.exe" [2006-07-10 839680]
"SDClientMonitor"="c:\program files\LANDesk\LDClient\webportal\sdclientmonitor.exe" [2005-12-09 258048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-15 198160]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"VX1000"="c:\windows\vVX1000.exe" [2009-07-24 762208]
"DVD or CD Sharing"="c:\program files\DVD or CD Sharing\ODSAgent.exe" [2008-02-20 619832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
kafiy.exe [2012-2-13 161792]
.
c:\documents and settings\SCDCICTA\Start Menu\Programs\Startup\
wuqo.exe [2012-2-13 161792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-9-23 1462104]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
SSH Accession.lnk - c:\program files\SSH Communications Security\SSH Sentinel\Accession\ssh_accession.exe [2007-11-25 1691648]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-05-26 14:27 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-04-28 15:04 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-10-31 11:01 8704 ----a-w- c:\windows\system32\PCANotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\cba\\pds.exe"=
"c:\\WINDOWS\\system32\\msgsys.exe"=
"c:\\Program Files\\LANDesk\\LDClient\\issuser.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"c:\\Program Files\\SSH Communications Security\\SSH Sentinel\\Accession\\ssh_accession.exe"=
"c:\\Program Files\\Common Files\\Sonic Shared\\Sonic Central\\Main\\Mediahub.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"85:TCP"= 85:TCP:BroadWave Web Server
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
"4100:UDP"= 4100:UDP:uPNP Router Control Port
.
R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [x]
R2 gupdate1caa329fb6e5dc2;Google Update Service (gupdate1caa329fb6e5dc2);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 133104]
R2 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\DRIVERS\HidCom.sys [2005-04-04 69575]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 133104]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-15 2794234]
R3 sshvnic;SSH Virtual Network Adapter (sshvnic);c:\windows\system32\DRIVERS\sshvnic5.sys [x]
R3 TEUSBMU;Panasonic Analog PBX USB Main Unit driver;c:\windows\system32\Drivers\TEUSBMU.sys [2005-01-14 20992]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2010-03-02 14976]
S0 atiide;atiide;c:\windows\system32\DRIVERS\atiide.sys [2006-09-13 3456]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-20 717296]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys [2010-10-08 153344]
S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys [2010-10-08 24064]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2008-01-23 85760]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 CBA8;LANDesk(R) Management Agent;c:\program files\LANDesk\Shared Files\residentagent.exe [2006-01-11 122880]
S2 DLPortIO;DriverLINX Port I/O Driver; [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-04-28 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-05-31 12856]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-14 97520]
S2 Softmon;LANDesk(R) Software Monitoring Service;c:\program files\LANDesk\LDClient\softmon.exe [2006-06-29 245760]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360]
S3 iTurns;iTurns;c:\windows\system32\DRIVERS\iTurnsDriver.sys [2008-11-28 10704]
S3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\DRIVERS\ldblank.sys [2005-07-01 11904]
S3 ldmirror;ldmirror;c:\windows\system32\DRIVERS\ldmirror.sys [2005-07-01 3328]
S3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\DRIVERS\mirrorflt.sys [2005-07-01 3712]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
CnxTrLan
noipducservice
tsdhd
mssql$sqlexpress
nalntservice
vwd
vmusb
QPCapSvc
avgntflt
ASLDRService
StkScan
wfxsvc
wlluc48
CTEXFIFX.DLL
fa_scheduler
uisp
Airgo
olcamsrv
ofcpfwsvc
aksfridge
bthidenum
tphkdrv
nnsvc
vaiomediaplatform-integratedserver-http
pclepci
GameConsoleService
SE2Eobex
viaudio
ntsecure
kl1
SDdriver
zmxpzip
SaiClass
PAR1284
msgame
pnmsrv
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2008-08-12 c:\windows\Tasks\Calculator.job
- c:\windows\system32\calc.exe [2007-06-12 12:00]
.
2012-02-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8195135653.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
.
2012-02-13 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8195144289.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1caceb92e6a6044.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 10:33]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 10:33]
.
2012-02-15 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2011-07-29 17:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en&source=iglk
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
LSP: c:\documents and settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll
LSP: mswsock.dll
TCP: Interfaces\{2B30221D-39B4-439D-9B06-D3D5AF6680E7}: NameServer = 212.139.132.4
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_IKEA_Win32.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-dplaysvr - c:\documents and settings\cllr edwards\Application Data\dplaysvr.exe
HKLM-Run-btbb_McciTrayApp - c:\program files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe
HKLM-Run-dplaysvr - c:\documents and settings\cllr edwards\Application Data\dplaysvr.exe
HKLM-Run-XAyrXMNieLwFUhF.exe - c:\documents and settings\All Users\Application Data\XAyrXMNieLwFUhF.exe
AddRemove-DVD Burner v1.30 Trial (ActiveX) - c:\windows\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-02-15 16:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1336601894-839522115-1010\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1828)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(1892)
c:\documents and settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll
.
- - - - - - - > 'explorer.exe'(4024)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\LANDesk\LDClient\LocalSch.EXE
c:\windows\system32\CBA\pds.exe
c:\program files\LANDesk\LDClient\tmcsvc.exe
c:\progra~1\LANDesk\LDClient\issuser.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2012-02-15 16:12:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-15 16:12
.
Pre-Run: 3,441,438,720 bytes free
Post-Run: 4,334,768,128 bytes free
.
- - End Of File - - C15C668E74C4ED3532E171CAF89791ED
Thanks for editting the previous post. I genuinely have no idea how some of those entries got there. Questions will be asked at home as you can imagine.
The Combfix program ran several times, in that it automatically rebooted the PC I think at least 3 times, and when it re-started, and I had logged on, it continued doing its stuff.
I noticed in the blue window the line Access Denied a number of times. I dont know if this is significant or not?
Anyway, over to you again......