jurica
2009-09-17, 20:05
Hi as i described in last post http://forums.spybot.info/showthread.php?t=51940 i have problems with 2 Trojans this is my HJT output:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:19, on 17.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Suncica\Suncica.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\POP.EXE
C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1978305
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] c:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\RunOnce: [SpybotDeletingA8548] command.com /c del "C:\WINDOWS\system32\drivers\rotscxvngvcxns.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6943] cmd.exe /c del "C:\WINDOWS\system32\drivers\rotscxvngvcxns.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4468] command.com /c del "C:\WINDOWS\system32\drivers\rotscxvngvcxns.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7938] cmd.exe /c del "C:\WINDOWS\system32\drivers\rotscxvngvcxns.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5844] command.com /c del "C:\WINDOWS\system32\rotscxmqxorpti.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5130] cmd.exe /c del "C:\WINDOWS\system32\rotscxmqxorpti.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2530] command.com /c del "C:\WINDOWS\system32\rotscxmqxorpti.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9315] cmd.exe /c del "C:\WINDOWS\system32\rotscxmqxorpti.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6616] command.com /c del "C:\WINDOWS\system32\rotscxtftivkpj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7783] cmd.exe /c del "C:\WINDOWS\system32\rotscxtftivkpj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4330] command.com /c del "C:\WINDOWS\system32\rotscxtftivkpj.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3608] cmd.exe /c del "C:\WINDOWS\system32\rotscxtftivkpj.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8282] command.com /c del "C:\WINDOWS\system32\rotscxtrjolirs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7436] cmd.exe /c del "C:\WINDOWS\system32\rotscxtrjolirs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1111] command.com /c del "C:\WINDOWS\system32\rotscxtrjolirs.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6320] cmd.exe /c del "C:\WINDOWS\system32\rotscxtrjolirs.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6578] command.com /c del "C:\WINDOWS\temp\rotscxomwccpxdnp.tmp_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3146] cmd.exe /c del "C:\WINDOWS\temp\rotscxomwccpxdnp.tmp_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9736] command.com /c del "C:\WINDOWS\temp\rotscxomwccpxdnp.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8471] cmd.exe /c del "C:\WINDOWS\temp\rotscxomwccpxdnp.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2638] command.com /c del "C:\WINDOWS\system32\rotscxpalbospi.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8334] cmd.exe /c del "C:\WINDOWS\system32\rotscxpalbospi.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4412] command.com /c del "C:\WINDOWS\system32\rotscxpalbospi.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7408] cmd.exe /c del "C:\WINDOWS\system32\rotscxpalbospi.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9284] command.com /c del "C:\WINDOWS\system32\rotscxqbrwatyc.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8495] cmd.exe /c del "C:\WINDOWS\system32\rotscxqbrwatyc.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA469] command.com /c del "C:\WINDOWS\system32\rotscxqbrwatyc.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8182] cmd.exe /c del "C:\WINDOWS\system32\rotscxqbrwatyc.dat"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Suncica] C:\Documents and Settings\Suncica\Suncica.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB237] command.com /c del "C:\WINDOWS\system32\drivers\rotscxvngvcxns.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1329] cmd.exe /c del "C:\WINDOWS\system32\drivers\rotscxvngvcxns.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3750] command.com /c del "C:\WINDOWS\system32\drivers\rotscxvngvcxns.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2846] cmd.exe /c del "C:\WINDOWS\system32\drivers\rotscxvngvcxns.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7392] command.com /c del "C:\WINDOWS\system32\rotscxmqxorpti.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9530] cmd.exe /c del "C:\WINDOWS\system32\rotscxmqxorpti.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4585] command.com /c del "C:\WINDOWS\system32\rotscxmqxorpti.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3501] cmd.exe /c del "C:\WINDOWS\system32\rotscxmqxorpti.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7704] command.com /c del "C:\WINDOWS\system32\rotscxtftivkpj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9843] cmd.exe /c del "C:\WINDOWS\system32\rotscxtftivkpj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5250] command.com /c del "C:\WINDOWS\system32\rotscxtftivkpj.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5560] cmd.exe /c del "C:\WINDOWS\system32\rotscxtftivkpj.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9665] command.com /c del "C:\WINDOWS\system32\rotscxtrjolirs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD927] cmd.exe /c del "C:\WINDOWS\system32\rotscxtrjolirs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9927] command.com /c del "C:\WINDOWS\system32\rotscxtrjolirs.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8182] cmd.exe /c del "C:\WINDOWS\system32\rotscxtrjolirs.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2552] command.com /c del "C:\WINDOWS\temp\rotscxomwccpxdnp.tmp_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4460] cmd.exe /c del "C:\WINDOWS\temp\rotscxomwccpxdnp.tmp_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2297] command.com /c del "C:\WINDOWS\temp\rotscxomwccpxdnp.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3202] cmd.exe /c del "C:\WINDOWS\temp\rotscxomwccpxdnp.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3793] command.com /c del "C:\WINDOWS\system32\rotscxpalbospi.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6762] cmd.exe /c del "C:\WINDOWS\system32\rotscxpalbospi.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4197] command.com /c del "C:\WINDOWS\system32\rotscxpalbospi.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9305] cmd.exe /c del "C:\WINDOWS\system32\rotscxpalbospi.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9339] command.com /c del "C:\WINDOWS\system32\rotscxqbrwatyc.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8999] cmd.exe /c del "C:\WINDOWS\system32\rotscxqbrwatyc.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4670] command.com /c del "C:\WINDOWS\system32\rotscxqbrwatyc.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD48] cmd.exe /c del "C:\WINDOWS\system32\rotscxqbrwatyc.dat"
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Larousse Popup.lnk = D:\POP.EXE
O4 - Global Startup: web'n'walk Manager.lnk = C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Agere Modem Call Progress Audio AgereModemAudioAlerter (AgereModemAudioAlerter) - Unknown owner - C:\WINDOWS\TEMP\wsdhqjweus.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 14092 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:19, on 17.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Suncica\Suncica.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\POP.EXE
C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1978305
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] c:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\RunOnce: [SpybotDeletingA8548] command.com /c del "C:\WINDOWS\system32\drivers\rotscxvngvcxns.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6943] cmd.exe /c del "C:\WINDOWS\system32\drivers\rotscxvngvcxns.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4468] command.com /c del "C:\WINDOWS\system32\drivers\rotscxvngvcxns.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7938] cmd.exe /c del "C:\WINDOWS\system32\drivers\rotscxvngvcxns.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5844] command.com /c del "C:\WINDOWS\system32\rotscxmqxorpti.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5130] cmd.exe /c del "C:\WINDOWS\system32\rotscxmqxorpti.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2530] command.com /c del "C:\WINDOWS\system32\rotscxmqxorpti.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9315] cmd.exe /c del "C:\WINDOWS\system32\rotscxmqxorpti.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6616] command.com /c del "C:\WINDOWS\system32\rotscxtftivkpj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7783] cmd.exe /c del "C:\WINDOWS\system32\rotscxtftivkpj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4330] command.com /c del "C:\WINDOWS\system32\rotscxtftivkpj.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3608] cmd.exe /c del "C:\WINDOWS\system32\rotscxtftivkpj.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8282] command.com /c del "C:\WINDOWS\system32\rotscxtrjolirs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7436] cmd.exe /c del "C:\WINDOWS\system32\rotscxtrjolirs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1111] command.com /c del "C:\WINDOWS\system32\rotscxtrjolirs.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6320] cmd.exe /c del "C:\WINDOWS\system32\rotscxtrjolirs.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6578] command.com /c del "C:\WINDOWS\temp\rotscxomwccpxdnp.tmp_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3146] cmd.exe /c del "C:\WINDOWS\temp\rotscxomwccpxdnp.tmp_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9736] command.com /c del "C:\WINDOWS\temp\rotscxomwccpxdnp.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8471] cmd.exe /c del "C:\WINDOWS\temp\rotscxomwccpxdnp.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2638] command.com /c del "C:\WINDOWS\system32\rotscxpalbospi.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8334] cmd.exe /c del "C:\WINDOWS\system32\rotscxpalbospi.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4412] command.com /c del "C:\WINDOWS\system32\rotscxpalbospi.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7408] cmd.exe /c del "C:\WINDOWS\system32\rotscxpalbospi.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9284] command.com /c del "C:\WINDOWS\system32\rotscxqbrwatyc.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8495] cmd.exe /c del "C:\WINDOWS\system32\rotscxqbrwatyc.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA469] command.com /c del "C:\WINDOWS\system32\rotscxqbrwatyc.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8182] cmd.exe /c del "C:\WINDOWS\system32\rotscxqbrwatyc.dat"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Suncica] C:\Documents and Settings\Suncica\Suncica.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB237] command.com /c del "C:\WINDOWS\system32\drivers\rotscxvngvcxns.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1329] cmd.exe /c del "C:\WINDOWS\system32\drivers\rotscxvngvcxns.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3750] command.com /c del "C:\WINDOWS\system32\drivers\rotscxvngvcxns.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2846] cmd.exe /c del "C:\WINDOWS\system32\drivers\rotscxvngvcxns.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7392] command.com /c del "C:\WINDOWS\system32\rotscxmqxorpti.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9530] cmd.exe /c del "C:\WINDOWS\system32\rotscxmqxorpti.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4585] command.com /c del "C:\WINDOWS\system32\rotscxmqxorpti.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3501] cmd.exe /c del "C:\WINDOWS\system32\rotscxmqxorpti.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7704] command.com /c del "C:\WINDOWS\system32\rotscxtftivkpj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9843] cmd.exe /c del "C:\WINDOWS\system32\rotscxtftivkpj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5250] command.com /c del "C:\WINDOWS\system32\rotscxtftivkpj.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5560] cmd.exe /c del "C:\WINDOWS\system32\rotscxtftivkpj.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9665] command.com /c del "C:\WINDOWS\system32\rotscxtrjolirs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD927] cmd.exe /c del "C:\WINDOWS\system32\rotscxtrjolirs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9927] command.com /c del "C:\WINDOWS\system32\rotscxtrjolirs.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8182] cmd.exe /c del "C:\WINDOWS\system32\rotscxtrjolirs.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2552] command.com /c del "C:\WINDOWS\temp\rotscxomwccpxdnp.tmp_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4460] cmd.exe /c del "C:\WINDOWS\temp\rotscxomwccpxdnp.tmp_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2297] command.com /c del "C:\WINDOWS\temp\rotscxomwccpxdnp.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3202] cmd.exe /c del "C:\WINDOWS\temp\rotscxomwccpxdnp.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3793] command.com /c del "C:\WINDOWS\system32\rotscxpalbospi.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6762] cmd.exe /c del "C:\WINDOWS\system32\rotscxpalbospi.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4197] command.com /c del "C:\WINDOWS\system32\rotscxpalbospi.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9305] cmd.exe /c del "C:\WINDOWS\system32\rotscxpalbospi.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9339] command.com /c del "C:\WINDOWS\system32\rotscxqbrwatyc.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8999] cmd.exe /c del "C:\WINDOWS\system32\rotscxqbrwatyc.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4670] command.com /c del "C:\WINDOWS\system32\rotscxqbrwatyc.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD48] cmd.exe /c del "C:\WINDOWS\system32\rotscxqbrwatyc.dat"
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Larousse Popup.lnk = D:\POP.EXE
O4 - Global Startup: web'n'walk Manager.lnk = C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Agere Modem Call Progress Audio AgereModemAudioAlerter (AgereModemAudioAlerter) - Unknown owner - C:\WINDOWS\TEMP\wsdhqjweus.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 14092 bytes