PDA

View Full Version : Win32.TDSS.rtk



ClevelandK1d
2009-08-21, 02:49
The computer is using WIN XP Home SP3.
Here is the log from HijackThis.
Thanks for being here, Paul

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:09 PM, on 8/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1242619331\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\RunOnce: [SpybotDeletingA1765] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1208] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6016] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4075] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5387] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7969] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4100] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9784] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3479] command.com /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3698] cmd.exe /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7833] command.com /c del "C:\WINDOWS\system32\SKYNEThofenset.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1972] cmd.exe /c del "C:\WINDOWS\system32\SKYNEThofenset.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2201] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4987] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4969] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3289] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5735] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5306] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3620] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6577] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA499] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7089] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7554] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9357] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1958] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6224] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2708] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3440] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA693] command.com /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1462] cmd.exe /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8496] command.com /c del "C:\WINDOWS\system32\SKYNEThofenset.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4971] cmd.exe /c del "C:\WINDOWS\system32\SKYNEThofenset.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5206] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7943] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7092] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5423] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA710] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC215] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9419] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC786] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8506] command.com /c del "C:\WINDOWS\system32\rbadzm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4592] cmd.exe /c del "C:\WINDOWS\system32\rbadzm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB475] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3801] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3167] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2036] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9708] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9606] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3217] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1755] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5942] command.com /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9835] cmd.exe /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4305] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2245] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6901] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9668] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9496] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3045] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9982] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2299] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4588] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1501] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8986] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7251] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7210] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9157] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6487] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9501] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9750] command.com /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1727] cmd.exe /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1250] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9494] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7520] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1551] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2061] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5646] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2859] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2446] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB45] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4707] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1244] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9526] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3013] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9278] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9159] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3717] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8434] command.com /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9101] cmd.exe /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8863] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9443] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4071] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4149] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3706] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5170] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8688] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7938] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8845] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2708] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4756] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6223] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1303] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6610] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB961] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5638] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9234] command.com /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4317] cmd.exe /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9442] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD675] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8292] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8657] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1591] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9534] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB87] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9953] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7390] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5531] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1998] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8117] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5665] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD57] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6687] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2798] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7805] command.com /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3780] cmd.exe /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9561] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2989] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9412] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5799] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7153] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD676] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7686] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4883] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9149] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6504] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5610] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8819] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2060] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2351] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7095] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8537] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1632] command.com /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6897] cmd.exe /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4317] command.com /c del "C:\WINDOWS\system32\SKYNEThofenset.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6330] cmd.exe /c del "C:\WINDOWS\system32\SKYNEThofenset.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4708] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5760] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5316] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5717] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1925] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1090] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2439] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9721] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9908] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2001] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3047] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4987] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETbmxwxevf.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3103] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6870] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7040] command.com /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6074] cmd.exe /c del "C:\WINDOWS\system32\SKYNETfnhmroof.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2297] command.com /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5223] cmd.exe /c del "C:\WINDOWS\system32\SKYNEThofenset.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1424] command.com /c del "C:\WINDOWS\system32\SKYNEThofenset.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8768] cmd.exe /c del "C:\WINDOWS\system32\SKYNEThofenset.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4930] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4083] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3738] command.com /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6352] cmd.exe /c del "C:\WINDOWS\system32\SKYNETnaywqirv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3004] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8128] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8264] command.com /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3220] cmd.exe /c del "C:\WINDOWS\system32\SKYNEToobsxsvv.dat"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Broadband Support Center.lnk = C:\Program Files\Verizon Online\Support Center\bin\matcli.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242452893045
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242454137141
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 24080 bytes

ken545
2009-08-21, 23:15
Hello ClevelandK1d

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.


Reboot your computer and then run Combofix, read the instructions as it will not run unless its renamed.


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

ClevelandK1d
2009-08-22, 07:12
Here is the log generated by ComboFix:


ComboFix 09-08-20.07 - Owner 08/21/2009 15:39.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1601 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings.\NetworkService\Favorites\Desktop.ini
c:\documents and settings\All Users\Application Data\93503426.ini
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-1042384803-2605598039-524560320-1003
c:\recycler\S-1-5-21-1967366363-2396383463-2853532567-1003
c:\recycler\S-1-5-21-2727209927-4109703508-2904774892-1003
c:\windows\Installer\1039a5.msi
c:\windows\Installer\1039ab.msi
c:\windows\Installer\1039b4.msi
c:\windows\Installer\1039be.msi
c:\windows\Installer\1039c5.msi
c:\windows\Installer\1039ce.msi
c:\windows\Installer\1039d8.msi
c:\windows\Installer\1039e2.msi
c:\windows\Installer\1039ec.msi
c:\windows\Installer\1039f3.msi
c:\windows\Installer\1039fc.msi
c:\windows\Installer\103a06.msi
c:\windows\Installer\103a10.msi
c:\windows\Installer\103a1a.msi
c:\windows\Installer\103a24.msi
c:\windows\Installer\103a2e.msi
c:\windows\Installer\103a38.msi
c:\windows\Installer\103a42.msi
c:\windows\Installer\103a4c.msi
c:\windows\Installer\103a53.msi
c:\windows\Installer\103a59.msi
c:\windows\Installer\103a62.msi
c:\windows\Installer\103a6e.msi
c:\windows\Installer\103d1b16.msi
c:\windows\Installer\11a587e1.msp
c:\windows\Installer\11a587f5.msp
c:\windows\Installer\11a58809.msp
c:\windows\Installer\125b452.msi
c:\windows\Installer\12c1acb4.msp
c:\windows\Installer\12c1acc8.msp
c:\windows\Installer\1367976.msi
c:\windows\Installer\14b808b5.msi
c:\windows\Installer\15bcc.msi
c:\windows\Installer\1998575f.msi
c:\windows\Installer\1a0eaa62.msi
c:\windows\Installer\1a6e2.msi
c:\windows\Installer\1b4733.msi
c:\windows\Installer\1b4734.msp
c:\windows\Installer\1b4735.msp
c:\windows\Installer\1b4736.msp
c:\windows\Installer\1b4737.msp
c:\windows\Installer\1b4738.msp
c:\windows\Installer\1b4739.msp
c:\windows\Installer\1b473a.msp
c:\windows\Installer\1b473b.msp
c:\windows\Installer\1b473c.msp
c:\windows\Installer\1b979c.msi
c:\windows\Installer\1d45e69c.msi
c:\windows\Installer\1d45e6a3.msi
c:\windows\Installer\1d45e6a7.msi
c:\windows\Installer\1d45e6ab.msi
c:\windows\Installer\1d45e6af.msi
c:\windows\Installer\1d45e6b3.msi
c:\windows\Installer\1d45e6b7.msi
c:\windows\Installer\1d45e6c2.msp
c:\windows\Installer\1d45e6cb.msp
c:\windows\Installer\1d45e6dd.msp
c:\windows\Installer\1d45e7bd.msp
c:\windows\Installer\1d45ea73.msp
c:\windows\Installer\1d45eba3.msp
c:\windows\Installer\1e45cf8f.msi
c:\windows\Installer\2086b0e2.msp
c:\windows\Installer\220756.msp
c:\windows\Installer\220769.msp
c:\windows\Installer\22077d.msp
c:\windows\Installer\220792.msp
c:\windows\Installer\2207a5.msp
c:\windows\Installer\2207c0.msp
c:\windows\Installer\2207d6.msp
c:\windows\Installer\2207ea.msp
c:\windows\Installer\220805.msp
c:\windows\Installer\220812.msi
c:\windows\Installer\220818.msi
c:\windows\Installer\22081e.msi
c:\windows\Installer\220824.msi
c:\windows\Installer\220837.msp
c:\windows\Installer\22084e.msp
c:\windows\Installer\220862.msp
c:\windows\Installer\220876.msp
c:\windows\Installer\22088a.msp
c:\windows\Installer\2208b0.msp
c:\windows\Installer\2208c5.msp
c:\windows\Installer\22d8b8ab.msi
c:\windows\Installer\240e9f07.msi
c:\windows\Installer\25c56781.msp
c:\windows\Installer\25c56795.msp
c:\windows\Installer\277aec7.msp
c:\windows\Installer\2c3334.msi
c:\windows\Installer\2e31d15.msi
c:\windows\Installer\2f5330.msi
c:\windows\Installer\2f5337.msi
c:\windows\Installer\2f9ac9c2.msp
c:\windows\Installer\2f9ac9d6.msp
c:\windows\Installer\37c77.msi
c:\windows\Installer\37c7b.msi
c:\windows\Installer\39ff9.msi
c:\windows\Installer\3a3c3d1.msi
c:\windows\Installer\3a3c3dd.msi
c:\windows\Installer\3a3c3e4.msi
c:\windows\Installer\429cf.msi
c:\windows\Installer\429d4.msi
c:\windows\Installer\4af691.msi
c:\windows\Installer\4ca35c8.msp
c:\windows\Installer\4ca35c9.msp
c:\windows\Installer\4ca35ca.msp
c:\windows\Installer\4ca35cb.msp
c:\windows\Installer\520f42d.msi
c:\windows\Installer\5230b.msi
c:\windows\Installer\52311.msi
c:\windows\Installer\52318.msi
c:\windows\Installer\5231f.msi
c:\windows\Installer\52463.msp
c:\windows\Installer\52dcf6e.msi
c:\windows\Installer\54f53.msi
c:\windows\Installer\76851.msi
c:\windows\Installer\7fe9fc3.msi
c:\windows\Installer\905d855.msi
c:\windows\Installer\905d85b.msi
c:\windows\Installer\913040f.msp
c:\windows\Installer\913041d.msp
c:\windows\Installer\9a898.msi
c:\windows\Installer\a275f2.msp
c:\windows\Installer\a275fb.msi
c:\windows\Installer\a275fc.msi
c:\windows\Installer\a2760d.msi
c:\windows\Installer\a27614.msi
c:\windows\Installer\ac5a9d3.msi
c:\windows\Installer\ac5ac42.msi
c:\windows\Installer\ac5ac48.msi
c:\windows\Installer\ac5adba.msi
c:\windows\Installer\ad31db6.msi
c:\windows\Installer\b257917.msp
c:\windows\Installer\b25792b.msp
c:\windows\Installer\c672a9c.msi
c:\windows\Installer\e2bca61.msi
c:\windows\Installer\e2bca68.msi
c:\windows\Installer\e6c40.msi
c:\windows\Installer\e6c47.msi
c:\windows\Installer\efc56.msp
c:\windows\Installer\f72ef.msi
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\SKYNETbmxwxevf.sys
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SKYNETfnhmroof.dll
c:\windows\system32\SKYNEThofenset.dll
c:\windows\system32\SKYNETnaywqirv.dat
c:\windows\system32\SKYNEToobsxsvv.dat
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
D:\Autorun.inf
c:\documents and settings.\NetworkService\Favorites\Desktop.ini . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETbukiufus
-------\Legacy_SKYNETbukiufus
-------\Legacy_MSDVDR
-------\Legacy_NPF
-------\Legacy_RBADZA
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-20 23:17 . 2009-08-20 23:18 -------- d-----w- c:\program files\ERUNT
2009-08-20 19:35 . 2009-08-20 19:35 -------- d-----w- c:\program files\Trend Micro
2009-08-20 01:28 . 2009-08-20 01:28 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-20 01:28 . 2009-08-20 01:28 75272 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-20 01:28 . 2009-08-20 01:28 96520 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-20 01:28 . 2009-08-20 01:28 26184 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-20 01:18 . 2009-08-20 01:18 -------- d-----w- c:\program files\AVG
2009-08-19 12:01 . 2009-08-19 12:01 496944 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll
2009-08-19 12:01 . 2009-08-19 12:01 423216 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe
2009-08-19 12:01 . 2009-08-19 12:01 263472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll
2009-08-19 12:01 . 2009-08-19 12:01 850736 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll
2009-08-19 12:01 . 2009-08-19 12:01 787760 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll
2009-08-19 12:01 . 2009-08-19 12:01 763184 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll
2009-08-19 12:01 . 2009-08-19 12:01 570672 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll
2009-08-19 12:01 . 2009-08-19 12:01 394544 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll
2009-08-19 12:01 . 2009-08-19 12:01 296240 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll
2009-08-19 12:01 . 2009-08-19 12:01 2151728 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2009-08-19 12:01 . 2009-08-19 12:01 1152304 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll
2009-08-16 11:03 . 2009-08-16 11:03 53344 ----a-w- c:\windows\sv2.exe
2009-08-16 11:03 . 2009-08-16 11:03 46592 ----a-w- c:\windows\sv1.exe
2009-08-15 14:49 . 2009-08-15 14:49 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM
2009-08-12 20:28 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 18:04 . 2009-08-04 18:04 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-08-04 17:30 . 2009-08-04 17:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-08-04 17:30 . 2009-08-04 17:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-08-04 17:29 . 2009-08-04 17:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2009-08-04 12:07 . 2009-08-04 18:17 -------- d-----w- c:\program files\PrivacyCenter
2009-07-29 03:28 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 03:28 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-23 21:07 . 2009-07-23 22:05 -------- d-----w- c:\program files\gupgdd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-20 18:07 . 2005-11-20 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-20 01:28 . 2009-04-02 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-19 12:01 . 2009-01-16 07:32 976648 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2009-08-19 12:01 . 2009-01-16 07:32 195848 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2009-08-08 02:19 . 2004-04-02 22:35 -------- d-----w- c:\program files\QuickTime
2009-08-07 07:17 . 2009-01-16 07:30 869640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe
2009-08-07 03:57 . 2005-01-21 04:18 31936 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2002-12-12 15:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 16:52 . 2009-05-16 04:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-04 16:51 . 2009-07-20 21:56 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-03 20:36 . 2009-06-13 21:40 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 20:36 . 2009-06-13 21:40 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 18:05 . 2005-11-20 22:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-03 15:36 . 2009-05-16 19:40 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-02 00:08 . 2005-10-28 18:49 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM
2009-07-21 07:02 . 2009-01-15 07:19 3365 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2009-07-18 16:37 . 2004-10-31 19:52 -------- d-----w- c:\program files\Common Files\AOL
2009-07-18 16:32 . 2009-05-20 04:01 -------- d-----w- c:\program files\Microsoft Streets & Trips 2009
2009-07-17 19:01 . 2004-04-13 16:48 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-09-23 01:46 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-06-23 18:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-27 21:49 . 2004-04-02 22:13 -------- d-----w- c:\program files\WildTangent
2009-06-27 04:49 . 2009-06-27 04:47 855 ---ha-w- c:\documents and settings\Owner\hpothb07.dat
2009-06-25 08:25 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-04-13 16:50 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-04-13 16:21 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-04-13 16:20 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-04-13 16:20 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-04-13 16:19 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-04-02 18:41 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 17:28 . 2008-12-04 14:18 46592 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2009-06-16 14:36 . 2004-04-13 16:49 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-04-13 16:21 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-04-02 18:41 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 16:19 . 2004-04-13 16:19 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-04-13 16:48 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-04-02 18:41 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2005-08-30 16:14 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-26 04:52 . 2009-05-26 04:52 81920 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connecthook.dll
2009-05-26 04:52 . 2009-05-26 04:52 190976 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectsprd.dll
2009-05-26 04:52 . 2009-05-26 04:52 3672032 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
2009-05-25 07:24 . 2008-05-27 05:18 350208 ------w- c:\windows\system32\mssph.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1695232]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-04-02 32881]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-04-02 151597]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-01-17 229376]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05c\BrStDvPt.exe" [2005-01-27 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-11-12 995328]
"HostManager"="c:\program files\Common Files\AOL\1242619331\ee\AOLSoftware.exe" [2007-05-25 42032]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 53248]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-01-17 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Broadband Support Center.lnk - c:\program files\Verizon Online\Support Center\bin\matcli.exe [2005-11-17 217088]
Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2004-4-2 16384]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-3-11 984352]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1242619331\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:Promo

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/19/2009 6:28 PM 96520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/19/2009 6:28 PM 282904]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/19/2009 6:28 PM 75272]
S2 wxpqe;wxpqe;\??\c:\windows\system32\drivers\pmhdbuxkdp.sys --> c:\windows\system32\drivers\pmhdbuxkdp.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-msdvdr


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = localhost
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 15:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,d3,49,26,0a,90,6d,4d,a2,c9,1f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,d3,49,26,0a,90,6d,4d,a2,c9,1f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1772)
c:\windows\system32\WININET.dll
c:\docume~1\Owner\LOCALS~1\Temp\IadHide4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\system32\gearsec.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\searchindexer.exe
c:\program files\Verizon Online\Support Center\bin\mpbtn.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-21 16:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-21 23:03

Pre-Run: 69,360,607,232 bytes free
Post-Run: 69,136,965,632 bytes free

408 --- E O F --- 2009-08-15 10:03






Here is the log generated by HIJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:59 PM, on 8/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\AOL\1242619331\ee\AOLSoftware.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Verizon Online\Support Center\bin\mpbtn.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1242619331\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://get.adobe.com/shockwave/thankyou/"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Broadband Support Center.lnk = C:\Program Files\Verizon Online\Support Center\bin\matcli.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242452893045
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242454137141
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7632 bytes

ken545
2009-08-22, 14:17
Hi,

We have some more nasty junk to remove with Combofix but before we do that lets run Malwarebytes


Please download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://forums.whatthetech.com/post_a4255_MBAM.PNG
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please

ken545
2009-08-28, 23:32
Due to inactivity, this thread will now be closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.