OK, Ran ComboFix and had some weird messages while trying to run, I'm not familiar with the program so hopefully they're normal.
Message was Current date Sat 1/31/2009 Combofix.exe is expired click yes to run in Reduced Fubctionality mode.
I continued forward and thought my Virus scan (NOD32) was disable, Got a message saying it was still running So restarted program (NOD32) and manually disable all active scanners and left the NOD32 Control Console run.
Here is the log that ComboFix produced:
ComboFix 09-01-21.04 - Thomas 2009-01-31 9:43:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2544 [GMT -5:00]
Running from: c:\documents and settings\Thomas\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Thomas\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\Thomas\LOCALS~1\Temp\tmp2.tmp
c:\windows\system32\chert5-998.exe
.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-31 )))))))))))))))))))))))))))))))
.
2009-01-30 23:10 . 2009-01-30 23:10 126,464 --a------ c:\windows\system32\urxnmb.dll
2009-01-30 23:10 . 2009-01-30 23:10 126,464 --a------ c:\windows\system32\evhllgod.dll
2009-01-30 23:07 . 2009-01-30 23:08 1,518,911 ---hs---- c:\windows\system32\qsbrigsx.ini
2009-01-30 23:07 . 2009-01-30 23:07 86,528 --a------ c:\windows\system32\xsgirbsq.dll
2009-01-30 20:22 . 2009-01-30 20:22 <DIR> d-------- c:\program files\ERUNT
2009-01-29 23:10 . 2009-01-29 23:10 126,464 --a------ c:\windows\system32\nvmtyz.dll
2009-01-29 23:10 . 2009-01-29 23:10 126,464 --a------ c:\windows\system32\aprnpqkj.dll
2009-01-29 23:07 . 2009-01-29 23:07 1,518,914 ---hs---- c:\windows\system32\aelodtht.ini
2009-01-28 23:00 . 2009-01-29 23:07 1,518,914 ---hs---- c:\windows\system32\rcwulnbc.ini
2009-01-28 22:57 . 2009-01-28 22:57 124,928 --a------ c:\windows\system32\wlqbxose.dll
2009-01-28 22:57 . 2009-01-28 22:57 124,928 --a------ c:\windows\system32\gwhhxc.dll
2009-01-28 10:24 . 2009-01-28 10:24 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-27 22:59 . 2009-01-27 22:59 126,464 --a------ c:\windows\system32\owpqvgqs.dll
2009-01-27 22:59 . 2009-01-27 22:59 126,464 --a------ c:\windows\system32\mhzuaj.dll
2009-01-27 22:57 . 2009-01-28 22:57 1,518,468 ---hs---- c:\windows\system32\lqentphu.ini
2009-01-27 02:49 . 2009-01-27 02:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-27 02:49 . 2009-01-27 02:49 <DIR> d-------- c:\documents and settings\Thomas\Application Data\Malwarebytes
2009-01-27 02:49 . 2009-01-27 02:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-27 02:49 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-27 02:49 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-27 01:09 . 2009-01-27 01:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-01-26 23:14 . 2009-01-26 23:14 <DIR> d---s---- c:\windows\system32\%SystemDrive%
2009-01-26 23:14 . 2009-01-26 23:25 <DIR> d-------- c:\windows\__SkypeIEToolbar_Cache
2009-01-26 22:54 . 2009-01-26 22:54 82 --a------ c:\windows\wininit.ini
2009-01-26 17:30 . 2009-01-26 17:30 49,664 --a------ c:\windows\system32\nnnKEvTm.dll
2009-01-26 17:24 . 2009-01-26 17:24 48,640 --a------ c:\windows\system32\khfFXpQh.dll
2009-01-26 17:22 . 2009-01-26 23:12 1,514,681 ---hs---- c:\windows\system32\qtoviswa.ini
2009-01-26 17:22 . 2009-01-26 17:22 124,416 --a------ c:\windows\system32\qpetdo.dll
2009-01-26 17:22 . 2009-01-26 17:22 124,416 --a------ c:\windows\system32\qnjnklga.dll
2009-01-26 17:22 . 2009-01-26 17:22 89,088 --a------ c:\windows\system32\awsivotq.dll
2009-01-26 17:21 . 2009-01-31 09:43 285,642 --ahs---- c:\windows\system32\ddgNWxbc.ini2
2009-01-26 17:21 . 2009-01-31 09:43 285,642 --ahs---- c:\windows\system32\ddgNWxbc.ini
2009-01-26 17:21 . 2009-01-31 00:13 2,204 --a------ c:\windows\ettjyfgp
2009-01-26 17:16 . 2009-01-26 17:16 49,664 --a------ c:\windows\system32\mlJdAsrR.dll
2009-01-24 18:07 . 2009-01-24 18:07 244 --ah----- C:\sqmnoopt04.sqm
2009-01-24 18:07 . 2009-01-24 18:07 232 --ah----- C:\sqmdata04.sqm
2009-01-24 00:17 . 2009-01-24 00:17 244 --ah----- C:\sqmnoopt03.sqm
2009-01-24 00:17 . 2009-01-24 00:17 232 --ah----- C:\sqmdata03.sqm
2009-01-23 13:09 . 2009-01-23 13:09 244 --ah----- C:\sqmnoopt02.sqm
2009-01-23 13:09 . 2009-01-23 13:09 232 --ah----- C:\sqmdata02.sqm
2009-01-22 23:28 . 2009-01-22 23:28 244 --ah----- C:\sqmnoopt01.sqm
2009-01-22 23:28 . 2009-01-22 23:28 232 --ah----- C:\sqmdata01.sqm
2009-01-22 12:50 . 2009-01-22 12:50 244 --ah----- C:\sqmnoopt00.sqm
2009-01-22 12:50 . 2009-01-22 12:50 232 --ah----- C:\sqmdata00.sqm
2009-01-20 10:13 . 2009-01-25 23:05 4,165,181 --a------ c:\windows\pfirewall.log.old
2009-01-19 21:35 . 2008-05-14 12:33 121,376 --a------ c:\windows\system32\bfLLR.dll
2009-01-19 21:35 . 2008-05-14 12:33 114,720 --a------ c:\windows\system32\instLLR.exe
2009-01-18 17:37 . 2004-09-29 15:36 15,360 --a------ c:\windows\system32\drivers\NetMotCM.sys
2009-01-18 16:29 . 2009-01-18 16:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Support.com
2009-01-18 14:48 . 2009-01-18 14:48 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-01-18 14:48 . 2009-01-18 14:48 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-18 14:48 . 2008-12-11 07:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-01-18 14:47 . 2009-01-18 14:47 <DIR> d-------- c:\documents and settings\Thomas\Application Data\TuneUp Software
2009-01-18 14:47 . 2009-01-18 14:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-18 14:46 . 2009-01-18 14:48 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-01-18 14:46 . 2009-01-18 14:46 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-17 17:02 . 2009-01-17 17:02 <DIR> d-------- c:\program files\SupportSoft
2009-01-17 16:50 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-01-17 16:50 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-01-17 16:50 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-01-17 16:50 . 2008-07-30 06:20 509,448 --a------ c:\windows\system32\XAudio2_2.dll
2009-01-17 16:50 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-01-17 16:50 . 2008-07-30 06:20 238,088 --a------ c:\windows\system32\xactengine3_2.dll
2009-01-17 16:50 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-01-17 16:50 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-01-17 16:50 . 2008-07-30 06:20 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll
2009-01-17 16:50 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-01-17 16:49 . 2008-07-10 11:00 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2009-01-17 16:49 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2009-01-17 16:49 . 2008-07-10 11:00 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll
2009-01-17 16:49 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2009-01-17 16:49 . 2008-03-05 16:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll
2009-01-17 16:49 . 2008-07-10 11:01 467,984 --a------ c:\windows\system32\d3dx10_39.dll
2009-01-17 16:49 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2009-01-17 16:49 . 2008-03-05 16:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll
2009-01-17 16:49 . 2008-03-05 16:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll
2009-01-15 23:38 . 2009-01-15 23:38 <DIR> d-------- c:\documents and settings\Thomas\Application Data\CoxFastConnect20
2009-01-12 17:49 . 2009-01-12 17:50 57 --a------ c:\windows\TaxACT08.ini
2009-01-09 17:30 . 2009-01-09 17:30 <DIR> d-------- c:\windows\Logs
2009-01-09 17:30 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2009-01-09 17:30 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2009-01-09 17:30 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2009-01-09 17:30 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2009-01-09 17:30 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2009-01-09 17:30 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2009-01-09 17:30 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2009-01-03 09:57 . 2009-01-03 09:57 81,920 --a------ c:\windows\system32\frapsvid.dll
2008-12-28 14:15 . 2008-12-28 14:15 <DIR> d-------- c:\documents and settings\Administrator
2008-12-27 14:32 . 2008-12-27 14:47 <DIR> d-------- c:\windows\system\IOSUBSYS
2008-12-27 14:32 . 2005-10-25 10:07 210,968 --a------ c:\windows\system32\drivers\oxumss.sys
2008-12-27 14:32 . 2005-06-02 11:20 19,368 -ra------ c:\windows\system32\drivers\IBUMSS.sys
2008-12-27 14:32 . 2005-10-17 17:16 18,913 --a------ c:\windows\system32\OXUMSS.PDR
2008-12-27 14:32 . 2005-10-17 17:16 18,913 --a------ c:\windows\system\OXUMSS.PDR
2008-12-27 14:32 . 2005-06-02 11:20 9,634 -ra------ c:\windows\system32\IBUMSPDR.pdr
2008-12-27 14:32 . 2005-06-02 11:20 9,634 -ra------ c:\windows\system\IBUMSPDR.pdr
2008-12-27 13:53 . 2008-12-27 14:09 <DIR> d-------- c:\program files\Debugging Tools for Windows (x86)
2008-12-27 12:06 . 2008-12-27 12:08 <DIR> d-------- c:\documents and settings\Diane\Application Data\ArcSoft
2008-12-26 19:25 . 2008-12-26 19:25 <DIR> d-------- c:\documents and settings\Austin\Application Data\ArcSoft
2008-12-26 17:08 . 2008-12-26 17:08 <DIR> d-------- c:\documents and settings\Kerri\Application Data\ArcSoft
2008-12-26 16:42 . 2008-12-27 14:32 <DIR> d-------- c:\program files\Western Digital Technologies
2008-12-26 16:42 . 2008-12-26 16:42 <DIR> d-------- c:\program files\My Book
2008-12-26 16:42 . 2008-12-26 16:42 <DIR> d-------- c:\program files\Common Files\ArcSoft
2008-12-26 16:42 . 2008-12-26 16:46 <DIR> d-------- c:\documents and settings\Thomas\Application Data\ArcSoft
2008-12-26 16:42 . 2008-12-26 16:42 339,968 --a------ c:\windows\system32\WDBtnMgr.exe
2008-12-26 16:42 . 1995-08-01 04:44 212,480 --a------ c:\windows\PCDLIB32.DLL
2008-12-26 16:42 . 2005-02-23 14:58 11,776 --a------ c:\windows\system32\drivers\afc.sys
2008-12-26 15:43 . 2008-12-26 15:43 <DIR> d-------- c:\documents and settings\Thomas\Application Data\MySpace
2008-12-26 00:08 . 2008-12-26 00:08 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax
2008-12-24 13:40 . 2008-12-24 13:41 <DIR> d-------- c:\documents and settings\Austin\Application Data\uTorrent
2008-12-24 13:23 . 2008-12-24 13:23 <DIR> d-------- c:\documents and settings\Kerri\Application Data\Skype
2008-12-22 13:35 . 2008-12-31 13:57 <DIR> d-------- c:\documents and settings\Kerri\Application Data\uTorrent
2008-12-14 22:22 . 2008-12-14 22:28 <DIR> d-------- c:\program files\Google
2008-12-14 22:22 . 2008-12-27 21:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-12-13 19:33 . 2008-12-13 19:33 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-11 15:37 . 2008-12-11 15:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-07 16:55 . 2008-12-07 16:55 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-06 20:50 . 2008-12-06 20:51 <DIR> d-------- c:\documents and settings\Diane\Application Data\Move Networks
2008-12-04 12:07 . 2009-01-22 15:41 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-04 12:07 . 2008-12-04 12:07 1,409 --a------ c:\windows\QTFont.for
2008-12-02 20:20 . 2008-12-02 20:20 <DIR> d-------- c:\documents and settings\Austin\Application Data\Winamp
2008-12-02 20:19 . 2008-12-02 20:19 <DIR> d-------- c:\documents and settings\Austin\Application Data\Windows Search
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 04:02 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-31 04:02 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-30 15:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-28 15:40 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-01-27 15:05 --------- d-----w c:\program files\LimeWire
2009-01-27 15:05 --------- d-----w c:\program files\Java
2009-01-22 21:16 --------- d-----w c:\documents and settings\Diane\Application Data\Pogo Games
2009-01-22 21:15 --------- d-----w c:\program files\Oberon Media
2009-01-20 02:38 --------- d-----w c:\program files\Bigfoot Networks
2009-01-20 01:58 --------- d-----w c:\program files\Download Manager
2009-01-19 02:58 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Corporation
2009-01-19 02:56 --------- d-----w c:\program files\Astraware
2009-01-12 22:49 --------- d-----w c:\program files\2nd Story Software
2009-01-03 22:25 --------- d-----w c:\documents and settings\Thomas\Application Data\Xfire
2008-12-28 18:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 18:31 --------- d-----w c:\program files\MySpace
2008-12-28 18:30 --------- d-----w c:\program files\Activision
2008-12-24 02:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-12-22 01:05 --------- d-----w c:\program files\Xfire
2008-12-18 05:48 --------- d-----w c:\documents and settings\Thomas\Application Data\Skype
2008-12-18 04:13 --------- d-----w c:\documents and settings\Thomas\Application Data\skypePM
2008-12-18 03:44 --------- d-----w c:\program files\Digsby
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-30 02:47 --------- d-----w c:\documents and settings\All Users\Application Data\Digsby
2008-11-30 02:11 --------- d-----w c:\documents and settings\Thomas\Application Data\Digsby
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-13 08:03 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-03-22 18:49 56,912 ----a-w c:\documents and settings\Thomas\g2mdlhlpx.exe
2008-02-23 06:12 22,328 -c--a-w c:\documents and settings\Thomas\Application Data\PnkBstrK.sys
2008-05-31 14:34 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008053120080601\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{efec85f1-afdc-4415-a131-25f282e5769a}]
2009-01-30 23:10 126464 --a------ c:\windows\system32\urxnmb.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2008-12-11 155904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-12-18 950664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"8485929b"="c:\windows\system32\xsgirbsq.dll" [2009-01-30 86528]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
c:\documents and settings\Thomas\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Killer Tray Menu.lnk - c:\program files\Bigfoot Networks\Killer Driver\KillerTray.exe [2009-01-19 604672]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\mlJdAsrR.dll" [2009-01-26 49664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-11-02 14:33 184320 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJdAsrR]
2009-01-26 17:16 49664 c:\windows\system32\mlJdAsrR.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G G
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"SENTINEL"= snti386.dll
"VIDC.D263"= xl_x263dec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk
backup=c:\windows\pss\WD Backup Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD_SRT]
c:\program files\Western Digital Technologies\WD Win98 SE USB Disk Driver [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a--c--- 2006-01-12 20:52 483328 c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a--c--- 2005-08-05 13:56 64512 c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2004-05-12 15:18 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-02-12 13:38 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2008-08-01 13:36 1103216 c:\program files\Download Manager\DLM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-12-26 00:08 13680640 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-12-26 00:08 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a--c--- 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-12-26 00:08 1657376 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2005-08-17 05:39 90112 c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
--a------ 2008-12-26 16:42 339968 c:\windows\system32\WDBtnMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McrdSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"mi-raysat_3dsmax9_32"=2 (0x2)
"iPod Service"=3 (0x3)
"Autodesk Licensing Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"usnjsvc"=3 (0x3)
"gusvc"=2 (0x2)
"WZCSVC"=2 (0x2)
"WLSetupSvc"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\FRONTPG.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\rundll32.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Movie Maker\\moviemk.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Digsby\\lib\\digsby-app.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SupportSoft\\bin\\tgcmd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"22135:TCP"= 22135:TCP:Utorrent
"51717:TCP"= 51717:TCP:Utorrent
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-12-16 15424]
R3 NetB834x;Killer NIC Gaming Adapter Service;c:\windows\system32\drivers\NetB834x.sys [2007-12-13 103072]
R3 NetbEdge;Killer NIC NDIS-Edge Service;c:\windows\system32\drivers\NetBEdge.sys [2007-12-13 22048]
R4 Killer Port Manager;Killer Port Manager;c:\program files\Bigfoot Networks\Killer Driver\PortManager.exe [2009-01-19 236544]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-18 603904]
S0 ettjyfgp;ettjyfgp;c:\windows\system32\drivers\fauzdipq.sys []
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2006-10-17 35072]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2008-08-06 899700]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{659e7b3f-a901-11dc-8a16-806d6172696f}]
\Shell\AutoRun\command - G:\Autorun.exe root.ini
.
Contents of the 'Scheduled Tasks' folder
2009-01-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 15:36]
2009-01-31 c:\windows\Tasks\doofnlpb.job
- c:\windows\system32\byXrrOHB.dll []
.
- - - - ORPHANS REMOVED - - - -
BHO-{B5D872DF-6915-4068-AB43-5BB11438DB4F} - c:\windows\system32\cbxWNgdd.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
MSConfigStartUp-Bluetooth Connection Assistant - LBTWIZ.EXE
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cox.net/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: c:\windows\system32\imon.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: pogo.com\www
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mind-medley/gamehouseplayer.cab
DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} - hxxps://install.cox.net/CoxSelfInstall/CoxSelfInstallAx10.ocx
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-01-31 09:44:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-220523388-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-220523388-790525478-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:0d,26,bd,b5,ed,a5,a9,bf,3c,bb,65,90,e5,1c,2f,db,a9,32,1e,7d,ca,
c3,be,42,a7,fc,ee,a6,4e,d8,1c,03,cf,20,3f,4b,22,80,a7,12,9d,bd,d7,40,11,28,\
"rkeysecu"=hex:96,81,60,8e,8e,1f,2d,75,33,65,f8,76,4b,12,5a,58
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\urxnmb.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\mlJdAsrR.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
- - - - - - - > 'lsass.exe'(1096)
c:\windows\system32\urxnmb.dll
c:\windows\system32\cbxWNgdd.dll
.
Completion time: 2009-01-31 9:45:27
ComboFix-quarantined-files.txt 2009-01-31 14:45:26
Pre-Run: 92,888,219,648 bytes free
Post-Run: 94,817,853,440 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
415 --- E O F --- 2009-01-14 15:42:20
New HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:53:23 , on 1/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\Program Files\Bigfoot Networks\Killer Driver\KillerTray.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\mlJdAsrR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {B5D872DF-6915-4068-AB43-5BB11438DB4F} - C:\WINDOWS\system32\cbxWNgdd.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: {a9675e28-2f52-131a-5144-cdfa1f58cefe} - {efec85f1-afdc-4415-a131-25f282e5769a} - C:\WINDOWS\system32\urxnmb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [8485929b] rundll32.exe "C:\WINDOWS\system32\xsgirbsq.dll",b
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Killer Tray Menu.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O15 - Trusted Zone:
http://www.pogo.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) -
http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) -
http://aolsvc.aol.com/onlinegames/free-trial-mind-medley/gamehouseplayer.cab
O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} (CoxSelfInstallAx10 Control) -
https://install.cox.net/CoxSelfInstall/CoxSelfInstallAx10.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) -
http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: G G
O20 - Winlogon Notify: mlJdAsrR - C:\WINDOWS\SYSTEM32\mlJdAsrR.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Killer Port Manager - Unknown owner - C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 11780 bytes
And Finally the Uninstall List:
3dsmax ancillary install
ABITEQ
Adobe Acrobat 7.0.9 Professional
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player
AIM 6
Audacity 1.2.6
Avatar - Legends of The Arena
Backburner
Bigfoot Networks LagMeter
BlackBerry Desktop Software 4.2
BlackBerry Desktop Software 4.2
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM)
CDDRV_Installer
Cool Edit Pro 2.0
Cox Online Support Controls
Debugging Tools for Windows (x86)
Digsby
Disney Pix 2.0
Disney Pix Micro Downloader
DivX Converter
DivX Player
DivX Web Player
Download Manager 2.3.6
EA Download Manager
Enemy Territory - Quake Wars(TM)
ERUNT 1.1j
ETQW Tweak Cvars 1.3.4
Fraps
GameSpy Arcade
GIMP 2.4.2
Google Earth
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
IncrediMail Toolbar
IncrediMail Xe
Indeo® XP Software
Java(TM) 6 Update 11
JS World 2nd Grade
JSWorld2GMain
JSWPFCom
JSWPFGrade2
JumpStart Learning Games ABC's
JumpStart Numbers
JumpStart World Presents Pet Playground
KhalInstallWrapper
Killer Driver
K-Lite Mega Codec Pack 4.2.5
Logitech Desktop Messenger
Logitech Registration
Logitech SetPoint
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8 Plugin
Macromedia FreeHand MXa
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Minimizor 1.6
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
NavFit98A
NOD32 antivirus system
NOD32 FiX
NVIDIA Drivers
Pixia
Plumbin Frenzy
QuickTime
Reader Rabbit 2nd Grade
Realtek AC'97 Audio
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Sentinel System Driver
Skype™ 3.8
Spb Time
Spybot - Search & Destroy
Stardock Central
Super Slyder for Windows Mobile Smartphone
System Requirements Lab
TaxACT 2008
TeamSpeak 2 RC2
Text Twist for Pocket PC
T-Mobile Wing™ User Manual
Tri Peaks 2 Quest For The Ruby Ring
TuneUp Utilities 2009
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoLAN VLC media player 0.8.2
WD Backup
WD Diagnostics
WD Firewire HID Driver
WD Win98 SE USB Disk Driver, v1.00.09
Winamp
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinPcap 4.0 beta 2
WinRAR archiver
Word Whomp( TM) Underground
Xfire (remove only)
Yahoo! ¤u¨ã¦C
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Neither HJT nor ComboFix asked for reboot... Awaiting further instructions.. And BTW, Thank you for time the time to help me with this..
