I have Vundo.dw

**nashman69g** · 2009-03-15, 03:28

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:10 PM, on 3/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\AOL\1153177218\ee\AOLHostManager.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Common Files\AOL\1153177218\ee\AOLServiceHost.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\nnnnKeeE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8ECA410D-B04F-4F85-957E-C1AD7B117B2C} - C:\WINDOWS\system32\fccbASLF.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F35B88A7-C1CE-4C45-8A6D-FB65233FF238} - C:\WINDOWS\system32\ddcBTNHW.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\ALVING~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\wltray
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153177218\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo RX595 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\WINDOWS\TEMP\E_S1A9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\PROGRA~1\MOZILL~1\plugins\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\PROGRA~1\MOZILL~1\plugins\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Display LiteSaver Startup.lnk = C:\WINDOWS\HPLiteSaver.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {10EC6CEC-5A1D-4E4E-AB85-8CC516F2A687} (AICPAViewer.clsViewer) - http://www.cpa-exam.org/AICPATutoria...ICPAViewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} (AICPASSV.Spreadsheet) - http://www.cpa-exam.org/AICPATutoria...all/SSItem.cab
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} (AICPAAuthLit.AuthLitItem) - http://www.cpa-exam.org/AICPATutoria...l/SimItems.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143404440171
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37360.cab
O16 - DPF: {909A35CA-61DC-4437-887E-30ED6D89F6C8} (AICPAUI.ucHyperlink) - http://www.cpa-exam.org/AICPATutoria...ll/General.cab
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} (AICPACR.ConstructedResponse) - http://www.cpa-exam.org/AICPATutoria...all/CRItem.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} (AICPA treeView control) - http://www.cpa-exam.org/AICPATutoria...PAViewerIL.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD9B4EB8-BBC8-458C-8049-F5A18127D5C7}: NameServer = 68.11.16.30,68.11.16.25
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: nnnnKeeE - C:\WINDOWS\SYSTEM32\nnnnKeeE.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 20011 bytes

**Shaba** · 2009-03-15, 09:16

Hi nashman69g

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

**nashman69g** · 2009-03-15, 20:15

ComboFix 09-03-14.02 - Alvin Gilmore 2009-03-15 13:51:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.515 [GMT -5:00]
Running from: c:\documents and settings\Alvin Gilmore\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\FLSAbccf.ini
c:\windows\system32\nnnnKeeE.dll
c:\windows\Tasks\euicphqt.job
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-14 21:13 . 2009-03-14 21:13 <DIR> d-------- c:\program files\Trend Micro
2009-03-14 21:03 . 2009-03-14 21:04 <DIR> d-------- c:\program files\ERUNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 18:33 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-27 00:50 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-26 07:47 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-26 07:14 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-01-26 07:04 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-01-26 07:04 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-26 07:02 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-26 07:02 --------- d-----w c:\program files\Lavasoft
2009-01-26 06:56 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-26 06:56 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-26 06:56 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-26 06:56 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-25 20:24 --------- d-----w c:\documents and settings\Alvin Gilmore\Application Data\LimeWire
2009-01-25 07:08 --------- d-----w c:\program files\Logitech
2009-01-25 07:08 --------- d-----w c:\program files\Common Files\logishrd
2009-01-25 07:08 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-01-23 18:42 --------- d-----w c:\documents and settings\All Users\Application Data\TiVo
2009-01-23 18:40 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-19 01:52 --------- d-----w c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent
2009-01-18 21:29 --------- d-----w c:\program files\LimeWire
2007-12-30 03:07 5,594 ----a-w c:\documents and settings\Alvin Gilmore\12-25-07 Dave and I tu~9481.dat
2007-11-26 02:36 136 ----a-w c:\documents and settings\Alvin Gilmore\userdata.dat
2007-05-16 06:34 92,064 ----a-w c:\documents and settings\Alvin Gilmore\mqdmmdm.sys
2007-05-16 06:34 9,232 ----a-w c:\documents and settings\Alvin Gilmore\mqdmmdfl.sys
2007-05-16 06:34 79,328 ----a-w c:\documents and settings\Alvin Gilmore\mqdmserd.sys
2007-05-16 06:34 66,656 ----a-w c:\documents and settings\Alvin Gilmore\mqdmbus.sys
2007-05-16 06:34 6,208 ----a-w c:\documents and settings\Alvin Gilmore\mqdmcmnt.sys
2007-05-16 06:34 5,936 ----a-w c:\documents and settings\Alvin Gilmore\mqdmwhnt.sys
2007-05-16 06:34 4,048 ----a-w c:\documents and settings\Alvin Gilmore\mqdmcr.sys
2007-05-16 06:34 25,600 ----a-w c:\documents and settings\Alvin Gilmore\usbsermptxp.sys
2007-05-16 06:34 22,768 ----a-w c:\documents and settings\Alvin Gilmore\usbsermpt.sys
2008-05-10 23:45 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051020080511\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2005-05-04 53248]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2007-01-15 147456]
"EPSON Stylus Photo RX595 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE" [2007-03-30 182272]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"TivoTransfer"="c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2007-09-25 1195008]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2007-09-25 384000]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2007-09-25 1495040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\wltray" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2006-04-18 405504]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-03 122939]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-03-08 344064]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"HostManager"="c:\program files\Common Files\AOL\1153177218\ee\AOLHostManager.exe" [2005-08-02 159832]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-29 1261336]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-17 615696]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-26 507224]
"AGRSMMSG"="AGRSMMSG.exe" [2005-08-01 c:\windows\AGRSMMSG.exe]
"WD Button Manager"="WDBtnMgr.exe" [2007-08-28 c:\windows\system32\WDBtnMgr.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-09-10 25214]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-10-26 569405]
HP Display LiteSaver Startup.lnk - c:\windows\HPLiteSaver.exe [2004-08-24 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2008-07-03 00:03 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-03 16:08 434176 c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Alvin Gilmore^Start Menu^Programs^Startup^Belkin Network USB Hub Control Center.lnk]
path=c:\documents and settings\Alvin Gilmore\Start Menu\Programs\Startup\Belkin Network USB Hub Control Center.lnk
backup=c:\windows\pss\Belkin Network USB Hub Control Center.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alvin Gilmore^Start Menu^Programs^Startup^DING!.lnk]
path=c:\documents and settings\Alvin Gilmore\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alvin Gilmore^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Alvin Gilmore\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a------ 2008-11-20 11:06 178688 c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
--a------ 2005-05-04 21:45 102400 c:\program files\ATI Multimedia\main\LaunchPd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-12-08 11:56 1053184 c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 11:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
--a------ 2008-10-15 13:02 17664 c:\program files\Sprint\Sprint SmartView\SprintSV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-08-26 19:14 36975 c:\program files\Java\jre1.5.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer]
--a------ 2007-09-25 11:35 1495040 c:\program files\TiVo\Desktop\TiVoServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
--a------ 2007-09-25 11:33 1195008 c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-10-13 23:51 185784 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153177218\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Belkin\\Network USB Hub Control Center\\Connect.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"19540:UDP"= 19540:UDP:SXUPTP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-26 64160]
R0 O1394B;OW 1394b Bus Filter Service;c:\windows\system32\drivers\o1394b.sys [2007-08-29 10112]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-25 97928]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-11-29 36768]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-25 231704]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2008-07-13 74624]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2007-09-25 867328]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-05-03 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2004-10-11 36352]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2008-03-02 3567]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2006-09-17 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [2006-09-17 44928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcd7ac68-5745-11dc-870d-001279bea648}]
\Shell\AutoRun\command - e:\wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-26 02:04]

2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-25 c:\windows\Tasks\Security Platform Backup Schedule.job
- c:\program files\ProtectTools\Embedded Security Software\SpBackupWz.exe [2006-03-03 16:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{8ECA410D-B04F-4F85-957E-C1AD7B117B2C} - c:\windows\system32\fccbASLF.dll
BHO-{F35B88A7-C1CE-4C45-8A6D-FB65233FF238} - c:\windows\system32\ddcBTNHW.dll
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
HKU-Default-RunOnce-FlashPlayerUpdate - c:\progra~1\MOZILL~1\plugins\NPSWF32_FlashUtil.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {AD9B4EB8-BBC8-458C-8049-F5A18127D5C7} = 68.11.16.30,68.11.16.25
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37360.cab
FF - ProfilePath - c:\documents and settings\Alvin Gilmore\Application Data\Mozilla\Firefox\Profiles\rlxy9t2p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\Alvin Gilmore\Application Data\Mozilla\Firefox\Profiles\rlxy9t2p.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07075003.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPEU32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 13:59:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????0?3?3?3??@???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avgrsstx.dll
c:\windows\system32\IfxWlxEN.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Retrospect\Retrospect 7.5\retrorun.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wltray.EXE
c:\program files\Common Files\AOL\1153177218\ee\AOLServiceHost.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Logitech\QuickCam\eReg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2009-03-15 14:07:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-15 19:07:04

Pre-Run: 12,418,174,976 bytes free
Post-Run: 12,827,295,744 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

304 --- E O F --- 2009-03-15 18:34:32

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12, on 3/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1153177218\ee\AOLHostManager.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Common Files\AOL\1153177218\ee\AOLServiceHost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\wltray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153177218\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo RX595 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\WINDOWS\TEMP\E_S1A9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Display LiteSaver Startup.lnk = C:\WINDOWS\HPLiteSaver.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {10EC6CEC-5A1D-4E4E-AB85-8CC516F2A687} (AICPAViewer.clsViewer) - http://www.cpa-exam.org/AICPATutoria...ICPAViewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} (AICPASSV.Spreadsheet) - http://www.cpa-exam.org/AICPATutoria...all/SSItem.cab
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} (AICPAAuthLit.AuthLitItem) - http://www.cpa-exam.org/AICPATutoria...l/SimItems.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143404440171
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37360.cab
O16 - DPF: {909A35CA-61DC-4437-887E-30ED6D89F6C8} (AICPAUI.ucHyperlink) - http://www.cpa-exam.org/AICPATutoria...ll/General.cab
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} (AICPACR.ConstructedResponse) - http://www.cpa-exam.org/AICPATutoria...all/CRItem.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} (AICPA treeView control) - http://www.cpa-exam.org/AICPATutoria...PAViewerIL.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD9B4EB8-BBC8-458C-8049-F5A18127D5C7}: NameServer = 68.11.16.30,68.11.16.25
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 18430 bytes

**Shaba** · 2009-03-15, 20:18

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

**nashman69g** · 2009-03-15, 20:42

Acronis*Migrate*Easy
Ad-Aware
Ad-Aware
Ad-Aware SE Personal
Adobe Acrobat 7.1.0 Professional
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.8
Adobe Reader Japanese Fonts
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Agere Systems AC'97 Modem
Aide PDF to DXF Converter 5.1
AOL Explorer
AOL Instant Messenger
AOL Toolbar 2.0
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Photo Calendar
ATI - Software Uninstall Utility
ATI Control Panel
ATI HYDRAVISION
ATI Multimedia Center 9.08
AutoCAD 2008 - English
Autodesk DWF Viewer 7
Avanquest update
AVG Free 8.0
Belkin Network USB Hub Control Center
BlackBerry Desktop Software 4.7
BlackBerry Desktop Software 4.7
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Broadcom NetXtreme Ethernet Controller
Broadcom Wireless Utility
Brother BRAdmin Professiona 2.68
Compatibility Pack for the 2007 Office system
Computer Aided Thermodynamic Tables 2
DAO
DING!
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Doom 3
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DWG TrueView 2008
DYNACAM Student Edition
EES - Engineering Equation Solver
Elecard MPEG Player
EPSON Print CD
EPSON Printer Software
EPSON RX595 User's Guide
EPSON Scan
EPSON Stylus Photo RX595 Series Scanner Driver Update
EPSON Web-To-Page
ERUNT 1.1j
FC Edit Universal
FCEdit_FD3S
FixTunes (remove only)
G4FON Koch Method Morse Trainer
Google Earth
Gtk+ Runtime Environment 2.6.8-rc1
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Display LiteSaver
HP Embedded Security for ProtectTools
HP Help and Support
HP Integrated Module with Bluetooth wireless technology
HP ProtectTools Security Manager 2.00 D3
iDEN Phonebook Manager
Intel(R) PROSet/Wireless Software
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Japanese Language Support
Java 2 Runtime Environment, SE v1.4.2_05
Keyspan USB Serial Adapter
Learn.com CoursePlayer
LimeWire PRO 4.18.8
Logitech QuickCam
LogWorks
Mathematica 5.1 for Students
mCore
mDriver
mDrWiFi
MediaMonkey 3.0
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access 2.0 Converter
Microsoft Office Converter Pack
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft Office Sounds
Microsoft Office XP Professional with FrontPage
Microsoft Producer for Microsoft Office PowerPoint 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
MobileMe Control Panel
Motorola Driver Installation
Motorola Phone Tools
Move Networks Player for Internet Explorer
Mozilla Firefox (3.0.5)
mPfMgr
mPfWiz
mProSafe
mSCfg
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mZConfig
Nero 7 Ultra Edition
Network Stumbler 0.4.0 (remove only)
PDF Password Remover v2.5
PeerGuardian 2.0
PowerDVD
Quick Launch Buttons 5.20 H1
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Remove Hidden Data Tool
Retrospect 7.5
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Sprint SmartView
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Texas Instruments PCIxx21/x515/xx12 drivers.
TI Connect 1.6
TiEmu 2.08
TitanTV Client components for ATI
TiVo Desktop 2.5.1
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
USB Dual Vibration Joystick
VC 9.0 Runtime
Video-AVI to GIF Converter v2.013 (Release date: 05-12-01)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Diagnostics
WD Firewire HID Driver
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinPcap 4.0
WinRAR archiver
WM Recorder + RM Recorder 10.0
WM Recorder 11.3
XviD MPEG-4 Video Codec
ZoneAlarm
ZoneAlarm Spy Blocker

**Shaba** · 2009-03-15, 20:44

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire PRO 4.18.8

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall list scan when finished and post the log back here.

**nashman69g** · 2009-03-15, 20:52

Acronis*Migrate*Easy
Ad-Aware
Ad-Aware
Ad-Aware SE Personal
Adobe Acrobat 7.1.0 Professional
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.8
Adobe Reader Japanese Fonts
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Agere Systems AC'97 Modem
Aide PDF to DXF Converter 5.1
AOL Explorer
AOL Instant Messenger
AOL Toolbar 2.0
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Photo Calendar
ATI - Software Uninstall Utility
ATI Control Panel
ATI HYDRAVISION
ATI Multimedia Center 9.08
AutoCAD 2008 - English
Autodesk DWF Viewer 7
Avanquest update
AVG Free 8.0
Belkin Network USB Hub Control Center
BlackBerry Desktop Software 4.7
BlackBerry Desktop Software 4.7
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Broadcom NetXtreme Ethernet Controller
Broadcom Wireless Utility
Brother BRAdmin Professiona 2.68
Compatibility Pack for the 2007 Office system
Computer Aided Thermodynamic Tables 2
DAO
DING!
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Doom 3
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DWG TrueView 2008
DYNACAM Student Edition
EES - Engineering Equation Solver
Elecard MPEG Player
EPSON Print CD
EPSON Printer Software
EPSON RX595 User's Guide
EPSON Scan
EPSON Stylus Photo RX595 Series Scanner Driver Update
EPSON Web-To-Page
ERUNT 1.1j
FC Edit Universal
FCEdit_FD3S
FixTunes (remove only)
G4FON Koch Method Morse Trainer
Google Earth
Gtk+ Runtime Environment 2.6.8-rc1
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Display LiteSaver
HP Embedded Security for ProtectTools
HP Help and Support
HP Integrated Module with Bluetooth wireless technology
HP ProtectTools Security Manager 2.00 D3
iDEN Phonebook Manager
Intel(R) PROSet/Wireless Software
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Japanese Language Support
Java 2 Runtime Environment, SE v1.4.2_05
Keyspan USB Serial Adapter
Learn.com CoursePlayer
Logitech QuickCam
LogWorks
Mathematica 5.1 for Students
mCore
mDriver
mDrWiFi
MediaMonkey 3.0
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access 2.0 Converter
Microsoft Office Converter Pack
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft Office Sounds
Microsoft Office XP Professional with FrontPage
Microsoft Producer for Microsoft Office PowerPoint 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
MobileMe Control Panel
Motorola Driver Installation
Motorola Phone Tools
Move Networks Player for Internet Explorer
Mozilla Firefox (3.0.5)
mPfMgr
mPfWiz
mProSafe
mSCfg
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mZConfig
Nero 7 Ultra Edition
Network Stumbler 0.4.0 (remove only)
PDF Password Remover v2.5
PeerGuardian 2.0
PowerDVD
Quick Launch Buttons 5.20 H1
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Remove Hidden Data Tool
Retrospect 7.5
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Sprint SmartView
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Texas Instruments PCIxx21/x515/xx12 drivers.
TI Connect 1.6
TiEmu 2.08
TitanTV Client components for ATI
TiVo Desktop 2.5.1
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
USB Dual Vibration Joystick
VC 9.0 Runtime
Video-AVI to GIF Converter v2.013 (Release date: 05-12-01)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Diagnostics
WD Firewire HID Driver
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinPcap 4.0
WinRAR archiver
WM Recorder + RM Recorder 10.0
WM Recorder 11.3
XviD MPEG-4 Video Codec
ZoneAlarm
ZoneAlarm Spy Blocker

**Shaba** · 2009-03-15, 20:55

Thank you

Uninstall also Zone Alarm Spy Blocker.

After that:

Open notepad and copy/paste the text in the codebox below into it:

Code:

Folder::
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent
c:\program files\LimeWire
c:\Program Files\BitTorrent

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Alvin Gilmore^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

**nashman69g** · 2009-03-15, 21:25

ComboFix 09-03-14.02 - Alvin Gilmore 2009-03-15 15:15:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.393 [GMT -5:00]
Running from: c:\documents and settings\Alvin Gilmore\Desktop\ComboFix.exe
Command switches used :: c:\program files\Trend Micro\HijackThis\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\bittorrent.lng
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\bittorrent.log
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\bittorrent.log.1
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\metainfo\045c46ea175fc84db4f5fcc3c556afefb6c33d07
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\metainfo\3e5a9bea4e3e60e36053bd72a79b613c9ec5cc51
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\metainfo\66021660daef1eae71f8bdaa29ca9c153984a421
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\metainfo\7abe52064f5d0747a0f26604693b4c205ce49467
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\metainfo\86feb514ab13a756b5c4ceeac5daeac9ebf17842
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\metainfo\92477f4c751cf5b79d200e1e513d8c375be72552
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\metainfo\9a1c6b2871e598a1f3192367439970f6f794f48b
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\metainfo\a1b4da1d5c3b6ed48c6db1239578116dd53de1c8
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\metainfo\aa332bbb25663d0818796118e93050d5d361d643
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\metainfo\d13cd1e1f033c68bbbd24cd9613cb45173b88ef3
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\metainfo\d85952e25851909c6ad6747d91da298edf5b6563
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\metainfo\dd3f7acecd4e894780ca7a22c79ace2e08044095
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\metainfo\ea93ac2c62aac9e681388db78007a3d05acaf747
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\metainfo\fa22e6d1475faa0ed58e5f60011dc00e1c9d76c7
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\metainfo\fe6a700221dd4a6efcad423835bea75b61b3f913
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\resume\045c46ea175fc84db4f5fcc3c556afefb6c33d07
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\resume\86feb514ab13a756b5c4ceeac5daeac9ebf17842
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\resume\92477f4c751cf5b79d200e1e513d8c375be72552
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\routing_table
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\torrents\045c46ea175fc84db4f5fcc3c556afefb6c33d07
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\torrents\86feb514ab13a756b5c4ceeac5daeac9ebf17842
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\torrents\92477f4c751cf5b79d200e1e513d8c375be72552
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\ui_config
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\data\ui_state
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\dht.dat
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\Estelle (feat. Kanye West) - American Boy (full mp3).zip.torrent
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\Estelle (ft. Kanye West) - American Boy.zip.torrent
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\LimeWireWin.exe.torrent
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\resume.dat
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\rss.dat
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\settings.dat
c:\documents and settings\Alvin Gilmore\Application Data\BitTorrent\settings.dat.old
c:\program files\BitTorrent
c:\program files\BitTorrent\addrmap.dat
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-15 14:58 . 2008-05-10 19:10 262,144 --a------ c:\program files\Uninstall Spy Blocker.dll
2009-03-14 21:13 . 2009-03-14 21:13 <DIR> d-------- c:\program files\Trend Micro
2009-03-14 21:03 . 2009-03-14 21:04 <DIR> d-------- c:\program files\ERUNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 20:01 --------- d-----w c:\documents and settings\All Users\Application Data\Retrospect
2009-03-15 19:21 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-15 19:21 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-15 19:19 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-27 00:50 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-26 07:47 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-26 07:14 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-01-26 07:04 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-01-26 07:04 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-26 07:02 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-26 07:02 --------- d-----w c:\program files\Lavasoft
2009-01-26 06:56 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-26 06:56 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-26 06:56 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-26 06:56 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-25 20:24 --------- d-----w c:\documents and settings\Alvin Gilmore\Application Data\LimeWire
2009-01-25 07:08 --------- d-----w c:\program files\Logitech
2009-01-25 07:08 --------- d-----w c:\program files\Common Files\logishrd
2009-01-25 07:08 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-01-23 18:42 --------- d-----w c:\documents and settings\All Users\Application Data\TiVo
2009-01-23 18:40 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-31 03:08 2,089,926 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2007-12-30 03:07 5,594 ----a-w c:\documents and settings\Alvin Gilmore\12-25-07 Dave and I tu~9481.dat
2007-11-26 02:36 136 ----a-w c:\documents and settings\Alvin Gilmore\userdata.dat
2007-05-16 06:34 92,064 ----a-w c:\documents and settings\Alvin Gilmore\mqdmmdm.sys
2007-05-16 06:34 9,232 ----a-w c:\documents and settings\Alvin Gilmore\mqdmmdfl.sys
2007-05-16 06:34 79,328 ----a-w c:\documents and settings\Alvin Gilmore\mqdmserd.sys
2007-05-16 06:34 66,656 ----a-w c:\documents and settings\Alvin Gilmore\mqdmbus.sys
2007-05-16 06:34 6,208 ----a-w c:\documents and settings\Alvin Gilmore\mqdmcmnt.sys
2007-05-16 06:34 5,936 ----a-w c:\documents and settings\Alvin Gilmore\mqdmwhnt.sys
2007-05-16 06:34 4,048 ----a-w c:\documents and settings\Alvin Gilmore\mqdmcr.sys
2007-05-16 06:34 25,600 ----a-w c:\documents and settings\Alvin Gilmore\usbsermptxp.sys
2007-05-16 06:34 22,768 ----a-w c:\documents and settings\Alvin Gilmore\usbsermpt.sys
2008-05-10 23:45 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051020080511\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-15_14.05.28.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-03 05:03:28 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2009-03-15 19:21:56 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2005-05-04 53248]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2007-01-15 147456]
"EPSON Stylus Photo RX595 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE" [2007-03-30 182272]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\wltray" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2006-04-18 405504]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-03 122939]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-03-08 344064]
"HostManager"="c:\program files\Common Files\AOL\1153177218\ee\AOLHostManager.exe" [2005-08-02 159832]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-15 1601304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-26 507224]
"AGRSMMSG"="AGRSMMSG.exe" [2005-08-01 c:\windows\AGRSMMSG.exe]
"WD Button Manager"="WDBtnMgr.exe" [2007-08-28 c:\windows\system32\WDBtnMgr.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-09-10 25214]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-10-26 569405]
HP Display LiteSaver Startup.lnk - c:\windows\HPLiteSaver.exe [2004-08-24 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-15 14:21 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-03 16:08 434176 c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Alvin Gilmore^Start Menu^Programs^Startup^Belkin Network USB Hub Control Center.lnk]
path=c:\documents and settings\Alvin Gilmore\Start Menu\Programs\Startup\Belkin Network USB Hub Control Center.lnk
backup=c:\windows\pss\Belkin Network USB Hub Control Center.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alvin Gilmore^Start Menu^Programs^Startup^DING!.lnk]
path=c:\documents and settings\Alvin Gilmore\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a------ 2008-11-20 11:06 178688 c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
--a------ 2005-05-04 21:45 102400 c:\program files\ATI Multimedia\main\LaunchPd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
--a------ 2008-09-17 16:22 615696 c:\program files\Common Files\Research in Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-12-08 11:56 1053184 c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-08-14 18:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 11:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-01-12 03:01 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
--a------ 2008-10-15 13:02 17664 c:\program files\Sprint\Sprint SmartView\SprintSV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-08-26 19:14 36975 c:\program files\Java\jre1.5.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify]
--a------ 2007-09-25 11:34 384000 c:\program files\TiVo\Desktop\TiVoNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer]
--a------ 2007-09-25 11:35 1495040 c:\program files\TiVo\Desktop\TiVoServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
--a------ 2007-09-25 11:33 1195008 c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-10-13 23:51 185784 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153177218\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Belkin\\Network USB Hub Control Center\\Connect.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"19540:UDP"= 19540:UDP:SXUPTP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-26 64160]
R0 O1394B;OW 1394b Bus Filter Service;c:\windows\system32\drivers\o1394b.sys [2007-08-29 10112]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-25 325128]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-11-29 36768]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-25 298264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2008-07-13 74624]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2007-09-25 867328]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-05-03 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2004-10-11 36352]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2008-03-02 3567]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2006-09-17 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [2006-09-17 44928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcd7ac68-5745-11dc-870d-001279bea648}]
\Shell\AutoRun\command - e:\wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-26 02:04]

2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-25 c:\windows\Tasks\Security Platform Backup Schedule.job
- c:\program files\ProtectTools\Embedded Security Software\SpBackupWz.exe [2006-03-03 16:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {AD9B4EB8-BBC8-458C-8049-F5A18127D5C7} = 68.11.16.30,68.11.16.25
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37360.cab
FF - ProfilePath - c:\documents and settings\Alvin Gilmore\Application Data\Mozilla\Firefox\Profiles\rlxy9t2p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\Alvin Gilmore\Application Data\Mozilla\Firefox\Profiles\rlxy9t2p.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07075003.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPEU32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 15:20:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????0?3?3?3??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\IfxWlxEN.dll
.
Completion time: 2009-03-15 15:23:11
ComboFix-quarantined-files.txt 2009-03-15 20:22:07
ComboFix2.txt 2009-03-15 19:07:39

Pre-Run: 13,299,740,672 bytes free
Post-Run: 13,282,566,144 bytes free

298 --- E O F --- 2009-03-15 18:34:32

**Shaba** · 2009-03-16, 06:08

Please post also a fresh HijackThis log

Thread: I have Vundo.dw

Thread Tools

Display

I have Vundo.dw

Posting Permissions