I have been alerted by AVG on several occurrences of a Win32 Heur Infection... I got it in a torrent I downloaded however AVG alerted it to me when I tried to run the program, so I terminated the program immediately, caught the infection and moved it to the vault. From the Vault I deleted it, then I think it detected it later in the Recycler which I emptied, but it appeared once again in some vauge system folder. I think it may have been saved by system restore, but I'm not sure. Now I have requartined the virus in AVG's vault and I hope that is the last trace of it.
This is my second occurrence with this virus. The last time I had the much worse Win32Virut which culminated in a COMPLETE reformat of my hd... this time I'm hoping to nip it in the but before it gets that bad...
please help me prevent this! 
I have attached all the requested files, except for the Malwarebites Anti-Malware... when I had the Win32 Virut virus and tried to run that scan, every file/folder the scan opened, the Win32Virut infected once it was done! Before the scan was done, my computer was in complete meltdown!! So I'm trying to avoid doing that scan again unless you request it... then I'll trust you and do it!
Please help me with this.... I really don't want to have to deal with another critical meltdown....
DDS (Ver_09-12-01.01) - NTFSx86
Run by USER at 15:50:43.25 on Wed 02/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.853 [GMT -5:00]
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 4\firefox.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Documents and Settings\USER\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [<NO NAME>]
StartupFolder: c:\docume~1\USER\startm~1\programs\startup\one not~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blu eto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258557983461
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\WBSrv.dll
AppInit_DLLs: WBSYS.DLL c:\progra~1\google\google~1\GOEC62~1.DLL acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\USER\applic~1\mozilla\firefox\prof iles\9xo1y9ap.default\
FF - prefs.
js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.
js: browser.search.selectedEngine - Google
FF - prefs.
js: browser.startup.homepage - hxxp://ca.my.msn.com/?lang=en-ca
FF - prefs.
js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\USER\application data\mozilla\firefox\profiles\9xo1y9ap.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\USER\application data\mozilla\firefox\profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\components\coolirisst ub.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\USER\application data\mozilla\firefox\profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\plugins\npcoolirisplu gin.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.6 beta 4\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.
js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.
js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.
js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.
js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.
js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.
js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.
js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.
js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.
js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.
js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.
js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.
js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.
js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.
js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.
js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.
js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.
js - pref("html5.enable", false);
c:\program files\mozilla firefox 3.6 beta 4\greprefs\security-prefs.
js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox-branding.
js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox-branding.
js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox-branding.
js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.
js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.
js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.
js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.
js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.
js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.
js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.
js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.
js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.
js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.
js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.
js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.
js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\ avgrkx86.sys [2009-11-23 161800]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2009-11-18 911680]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-23 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-23 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-23 360584]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-1-20 486280]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-23 285392]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2009-11-18 160288]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-11-24 193840]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2009-11-18 2480048]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-11-18 30192]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [2010-2-2 38224]
=============== Created Last 30 ================
2010-02-02 20:45:33 0 d-----w- c:\docume~1\USER\applic~1\Malwarebytes
2010-02-02 20:45:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-02 20:45:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-02 20:45:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-02 20:45:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-02 20:24:19 0 d-----w- c:\program files\Trend Micro
2010-02-02 18:59:36 0 d-----w- c:\windows\pss
2010-02-02 15:25:36 0 d-----w- c:\docume~1\USER\applic~1\LimeWire
2010-02-02 15:22:03 0 d-----w- c:\program files\LimeWire
2010-02-01 20:19:58 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2010-02-01 20:19:58 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-02-01 17:50:45 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure
2010-02-01 17:41:11 0 d-----w- c:\program files\common files\ParetoLogic
2010-02-01 17:41:11 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-02-01 17:25:04 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-02-01 06:33:38 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-02-01 06:33:34 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-02-01 06:31:05 0 d-----w- c:\windows\Applian Director
2010-02-01 06:31:05 0 d-----w- c:\program files\Applian Director
2010-02-01 06:30:30 0 d-----w- c:\windows\Replay Media Catcher
2010-02-01 06:30:30 0 d-----w- c:\program files\Replay Media Catcher
2010-02-01 03:36:26 14604 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-02-01 03:36:18 344064 ----a-r- c:\windows\system32\msvcr70.dll
2010-01-24 17:56:54 0 d-----w- C:\Downloads
2010-01-24 17:56:38 0 d-----w- c:\docume~1\USER\applic~1\BitComet
2010-01-24 17:55:22 0 d-----w- c:\program files\BitComet
2010-01-23 21:17:02 0 d-----w- c:\windows\system32\VirtualExpander
2010-01-21 00:51:42 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-21 00:51:18 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-21 00:51:18 0 d-----w- c:\windows\system32\ZoneLabs
2010-01-21 00:51:15 422437 ----a-w- c:\windows\system32\vsconfig.xml
2010-01-21 00:51:14 0 d-----w- c:\program files\Zone Labs
2010-01-21 00:50:48 0 d-----w- c:\windows\Internet Logs
2010-01-15 20:40:32 283648 ----a-w- c:\windows\uninst.exe
2010-01-15 20:40:22 0 d-----w- c:\documents and settings\USER\WINDOWS
2010-01-15 18:57:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-14 23:59:17 0 d-----w- c:\program files\USArmy
2010-01-14 23:08:38 0 d-----w- c:\docume~1\alluse~1\applic~1\AA2DeployClient
2010-01-14 21:53:23 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-14 21:53:22 139152 ----a-w- c:\docume~1\USER\applic~1\PnkBstrK.sys
2010-01-14 21:53:05 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-14 21:53:04 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-01-14 21:53:04 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-14 21:53:01 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-01-14 21:53:00 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-01-14 21:53:00 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-01-14 20:17:53 0 d-----w- C:\7c5c1ac9c239eb312fd373f5d3
2010-01-14 20:00:51 0 d-----w- c:\windows\system32\XPSViewer
2010-01-14 19:59:36 14048 ------w- c:\windows\system32\spmsg2.dll
==================== Find3M ====================
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-14 19:43:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-10 21:19:14 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-11-18 14:43:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-14 00:49:00 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49:00 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
============= FINISH: 15:52:58.12 ===============
GMER 1.0.15.15281 -
http://www.gmer.net
Rootkit scan 2010-02-03 09:10:42
Windows 5.1.2600 Service Pack 3
Running: shbjmvc3.exe; Driver: C:\DOCUME~1\USER\LOCALS~1\Temp\kwlyqkoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{00E1D732-F8C2-59B9-0984-D58E511CE07E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{00E1D732-F8C2-59B9-0984-D58E511CE07E}@jaeocglnoapgplihfeki 0x62 0x61 0x61 0x6D ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{00E1D732-F8C2-59B9-0984-D58E511CE07E}@jaeocglnoapgplihfegp 0x62 0x61 0x65 0x6D ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{00E1D732-F8C2-59B9-0984-D58E511CE07E}@iaepgdjoplkhnlpmff 0x6B 0x61 0x68 0x6D ...
---- EOF - GMER 1.0.15 ----