Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Windows Security Virus (Resolved)

  1. #1
    Senior Member
    Join Date
    May 2006
    Posts
    170

    Default Windows Security Virus (Resolved)

    Here is a link to my original thread that the moderator asked me to include. He also instructed me to start this new thread. Sorry about that.

    http://forums.spybot.info/showthread.php?t=55817



    Hello:

    Yesterday the fake Windows Security thing popped up on my screen. In order to be able to get on my computer I had to boot up in Safe Mode and run MalwareBytes. I was able to do this and it seemed to remove the bulk of the virus since I am now able to boot up normally without the virus thing showing up.

    UPDATE: I am able to get online now. I reset the defaults on Internet explorer. Would still like logs looked at to make sure Im clean.

    1.Booted up in Safe mode and ran Malware Bytes. Removed all found. See scan.

    2. Ran Spybot and removed all found.

    3. Turned system restore off and then back on again.

    4. Ran Hijack this. Log Attached.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:18:50 PM, on 2/26/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Free Desktop Clock\DesktopClock.exe
    C:\Program Files\Eraser\Eraser.exe
    C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2...nAxControl.CAB
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 12423 bytes

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Please note that all instructions given are customised for this computer only,
    the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.


    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. Please Read All Instructions Carefully
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you
    4. Failure to reply within 5 days will result in the topic being closed.
    5. Please continue to respond until I give you the "All Clear"
      (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those few things, everything should go smoothly

    Some of the logs I request will be quite large, You may need to split them over a couple of replies.

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe



    ----------------------------------------------------------------------------------------
    Step 1

    Fix With HJT

    Close all other windows and then start HiJack This
    Click Do A System Scan Only
    When it has finished scanning put a check next to the following lines IF still present
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    - Close ALL open windows (especially Internet Explorer!)-
    Now click Fix checked
    Click yes to any prompts
    Close HijackThis

    ----------------------------------------------------------------------------------------
    Step 2


    GMER Rootkit Detector

    Please download GMER Rootkit Scanner from Here or Here

    ***Please close any open programs ***
    • Extract the contents of the zip file to your desktop.
    • Disable your onboard Anti Virus and any other Active protection programs you have installed.
    • Double-click gmer.exe. The program will begin to run.

      Note:- If GMER doesn't run, please Reboot and then rename gmer.exe to Look.exe and try again


    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


    • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO,
    • Now use the following settings for a more complete scan..


      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
      • Sections
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once the scan is complete, you may receive another notice about rootkit activity. If you recive it, click OK.
    • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.



    DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

    Please post the results from the GMER scan in your reply.




    ----------------------------------------------------------------------------------------
    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    Some of the logs I request will be quite large, You may need to split them over a couple of replies.
    • GMER Log
    • A fresh HJT log
    • Contents of C:\RSIT\Info.txt
    Last edited by katana; 2010-03-04 at 00:25.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  3. #3
    Senior Member
    Join Date
    May 2006
    Posts
    170

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:16:31 PM, on 3/3/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Free Desktop Clock\DesktopClock.exe
    C:\Program Files\Eraser\Eraser.exe
    C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\AVG\AVG9\avgui.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2...nAxControl.CAB
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 12403 bytes

  4. #4
    Senior Member
    Join Date
    May 2006
    Posts
    170

    Default

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-03-03 22:15:57
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\Bob\LOCALS~1\Temp\pxtdypog.sys


    ---- System - GMER 1.0.15 ----

    SSDT sptd.sys ZwCreateKey [0xF84400B0]
    SSDT sptd.sys ZwEnumerateKey [0xF844584C]
    SSDT sptd.sys ZwEnumerateValueKey [0xF8445BEC]
    SSDT sptd.sys ZwOpenKey [0xF8440090]
    SSDT sptd.sys ZwQueryKey [0xF8445CC4]
    SSDT sptd.sys ZwQueryValueKey [0xF8445B44]
    SSDT sptd.sys ZwSetValueKey [0xF8445D56]

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 833681D8
    Device \FileSystem\Fastfat \FatCdrom FFB46980
    Device \FileSystem\Udfs \UdfsCdRom FFBAE7E8
    Device \FileSystem\Udfs \UdfsDisk FFBAE7E8

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbuhci \Device\USBPDO-0 82B736F0
    Device \Driver\usbuhci \Device\USBPDO-1 82B736F0
    Device \Driver\usbuhci \Device\USBPDO-2 82B736F0
    Device \Driver\usbehci \Device\USBPDO-3 82B52770
    Device pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Ftdisk \Device\HarddiskVolume1 833D81D8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 833D81D8
    Device \Driver\Cdrom \Device\CdRom0 82B16600
    Device \Driver\Cdrom \Device\CdRom1 82B16600
    Device \Driver\Ftdisk \Device\HarddiskVolume3 833D81D8
    Device \Driver\atapi \Device\Ide\IdePort0 [F83BAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F83BAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
    Device \Driver\NetBT \Device\NetBt_Wins_Export FFB53980
    Device \Driver\USBSTOR \Device\00000077 829A51D8
    Device \Driver\USBSTOR \Device\00000078 829A51D8
    Device \Driver\sbp2port \Device\Sbp2Port0 833D61D8
    Device \Driver\NetBT \Device\NetbiosSmb FFB53980

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\NetBT \Device\NetBT_Tcpip_{5CDA8B3C-8EAC-4D7C-8610-CADE092C8EE5} FFB53980

    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbuhci \Device\USBFDO-0 82B736F0
    Device \Driver\usbuhci \Device\USBFDO-1 82B736F0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver FFB8A1D8
    Device \Driver\usbuhci \Device\USBFDO-2 82B736F0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector FFB8A1D8
    Device \Driver\usbehci \Device\USBFDO-3 82B52770
    Device \Driver\Ftdisk \Device\FtControl 833D81D8
    Device \FileSystem\Fastfat \Fat FFB46980

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs 8298A980

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -187011755
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 507497861
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA7 0x77 0xE7 0x01 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA7 0x77 0xE7 0x01 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA7 0x77 0xE7 0x01 ...

    ---- EOF - GMER 1.0.15 ----

  5. #5
    Senior Member
    Join Date
    May 2006
    Posts
    170

    Default

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Bob at 2010-03-03 22:24:33
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 8 GB (29%) free of 29 GB
    Total RAM: 510 MB (20% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:24:57 PM, on 3/3/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Free Desktop Clock\DesktopClock.exe
    C:\Program Files\Eraser\Eraser.exe
    C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Documents and Settings\Bob\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Bob.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2...nAxControl.CAB
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 12340 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
    C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
    C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
    C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{622DC8BF-5DC0-43FC-829B-F944D2B2EB67}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-03-13 908528]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-02-18 1484056]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
    Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-22 256112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-14 764912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-22 458736]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-15 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-03-13 908528]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-22 256112]
    Locked

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-08-14 28672]
    "DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe [2003-10-07 294912]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2003-05-06 151597]
    "AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2004-09-15 684032]
    "StorageGuard"=C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-06-17 155648]
    "Motive SmartBridge"=C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [2003-12-10 380928]
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
    "eFax 4.2"=C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe [2006-06-19 107008]
    "nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2008-05-21 451896]
    "nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]
    "Linksys Wireless Manager"=C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [2009-02-16 1358384]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
    "BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2009-11-19 623960]
    "AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-02-18 2033432]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-28 68856]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "SkinClock"=C:\Program Files\Free Desktop Clock\DesktopClock.exe [2006-10-01 334848]
    "Eraser"=C:\Program Files\Eraser\Eraser.exe [2009-06-10 334224]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2004-09-15 684032]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    C:\WINDOWS\System32\hkcmd.exe [2005-10-19 126976]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    C:\WINDOWS\System32\igfxtray.exe [2005-10-19 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2003-05-06 151597]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    C:\PROGRA~1\AMERIC~1.0A\aoltray.exe [2003-09-24 36954]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online Tray Icon.lnk]
    C:\PROGRA~1\AMERIC~2.0\aoltray.exe [2003-09-24 36954]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    C:\PROGRA~1\DIGITA~1\DLG.exe [2002-09-12 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    C:\Documents and Settings\Bob\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "anem"=2

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    eFax 4.2.lnk - C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
    SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe

    C:\Documents and Settings\Bob\Start Menu\Programs\Startup
    ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
    Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2010-02-18 12464]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger"
    "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealOne Player"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module"
    "C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE"="C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE:*:Enabled:Microsoft FrontPage"
    "C:\Program Files\Common Files\aol\Loader\aolload.exe"="C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
    "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
    "C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
    "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    shell\AutoRun\command - D:\SETUP.EXE


    ======List of files/folders created in the last 1 months======

    2010-02-24 03:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
    2010-02-19 08:15:32 ----A---- C:\WINDOWS\system32\igfxzoom.exe
    2010-02-18 19:36:36 ----HD---- C:\$AVG
    2010-02-18 19:34:51 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
    2010-02-10 03:14:35 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
    2010-02-10 03:14:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
    2010-02-10 03:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
    2010-02-10 03:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
    2010-02-10 03:04:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
    2010-02-10 03:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
    2010-02-10 03:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
    2010-02-10 03:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
    2010-02-10 03:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
    2010-02-04 00:06:39 ----D---- C:\Documents and Settings\All Users\Application Data\Research In Motion
    2010-02-04 00:06:25 ----D---- C:\Program Files\Common Files\Roxio Shared

    ======List of files/folders modified in the last 1 months======

    2010-03-03 22:24:37 ----D---- C:\WINDOWS\Temp
    2010-03-03 22:24:37 ----D---- C:\WINDOWS\Prefetch
    2010-03-03 07:29:00 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-03-02 16:00:15 ----AH---- C:\WINDOWS\system32\FFASTLOG.TXT
    2010-03-01 20:09:54 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-02-26 14:06:39 ----D---- C:\Program Files\Mozilla Firefox
    2010-02-26 11:47:01 ----RD---- C:\Program Files
    2010-02-26 10:09:45 ----SHD---- C:\System Volume Information
    2010-02-26 10:09:45 ----D---- C:\WINDOWS\system32\Restore
    2010-02-26 09:45:58 ----A---- C:\WINDOWS\ntbtlog.txt
    2010-02-24 08:29:17 ----D---- C:\WINDOWS
    2010-02-24 03:20:25 ----D---- C:\WINDOWS\SYSTEM32
    2010-02-24 03:03:32 ----HD---- C:\WINDOWS\INF
    2010-02-24 03:03:31 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
    2010-02-24 03:01:24 ----HD---- C:\WINDOWS\$hf_mig$
    2010-02-24 03:01:01 ----A---- C:\WINDOWS\imsins.BAK
    2010-02-22 18:17:07 ----D---- C:\WINDOWS\system32\DRIVERS
    2010-02-22 18:17:07 ----D---- C:\WINDOWS\Resources
    2010-02-21 14:12:35 ----D---- C:\Documents and Settings\Bob\Application Data\LimeWire
    2010-02-19 08:15:58 ----D---- C:\Program Files\Free History Eraser
    2010-02-19 08:15:26 ----D---- C:\I386
    2010-02-18 19:35:54 ----A---- C:\WINDOWS\system32\avgrsstx.dll
    2010-02-18 19:34:54 ----D---- C:\Program Files\AVG
    2010-02-18 19:33:09 ----SHD---- C:\WINDOWS\Installer
    2010-02-18 19:33:09 ----D---- C:\Config.Msi
    2010-02-18 19:33:07 ----D---- C:\WINDOWS\WinSxS
    2010-02-12 12:46:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2010-02-04 00:24:20 ----D---- C:\Documents and Settings\Bob\Application Data\Blackberry Desktop
    2010-02-04 00:14:33 ----D---- C:\WINDOWS\system32\CatRoot
    2010-02-04 00:13:23 ----RSD---- C:\WINDOWS\Fonts
    2010-02-04 00:13:22 ----D---- C:\Program Files\Research In Motion
    2010-02-04 00:06:42 ----D---- C:\Program Files\Common Files\Research In Motion
    2010-02-04 00:06:25 ----D---- C:\Program Files\Common Files

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-02-18 333192]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-02-18 28424]
    R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-02-18 360584]
    R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-09-15 62288]
    R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-09-15 23436]
    R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2004-09-15 241280]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
    R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2004-09-15 144250]
    R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2004-09-15 206464]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2002-10-07 11027]
    R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
    R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
    R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-09-15 25930]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2002-10-29 1175536]
    R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2002-10-29 170499]
    R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
    R3 L6DP;L6DP; C:\WINDOWS\System32\Drivers\l6dp.sys [2002-07-15 26496]
    R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2004-09-15 30662]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-03-21 9856]
    R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2002-10-08 33588]
    R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-10-29 604240]
    R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter; C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 627072]
    S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
    S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-01-14 108736]
    S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-01-14 78272]
    S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
    S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
    S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
    S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-01-15 42368]
    S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
    S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
    S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
    S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
    S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
    S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
    S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
    S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
    S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
    S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
    S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
    S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
    S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
    S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
    S3 L6PODLV;PODxt Live Service; C:\WINDOWS\System32\Drivers\L6PODLV.sys [2005-05-04 114048]
    S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
    S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR5.SYS []
    S3 pxtdypog;pxtdypog; \??\C:\DOCUME~1\Bob\LOCALS~1\Temp\pxtdypog.sys []
    S3 RDID1003;EDIROL UM-2; C:\WINDOWS\system32\Drivers\rdwm1003.sys [2006-09-27 80481]
    S3 RDWM1005;EDIROL UA-5 (WDM); C:\WINDOWS\system32\Drivers\rdwm1005.sys [2001-11-28 98822]
    S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 sonyhcs;Sony Digital Imaging Video; C:\WINDOWS\System32\DRIVERS\sonyhcs.sys [2001-11-05 299923]
    S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 WLUX96;3Com 3CRSHEW696 Wireless LAN USB Adapter; C:\WINDOWS\System32\DRIVERS\WLUX96F.SYS [2002-09-05 80896]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
    S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
    S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
    S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
    S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
    S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
    S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
    S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe [2004-04-21 1434848]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
    R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-02-18 285392]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
    R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
    R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-10-11 72704]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2004-05-28 68096]
    S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2008-05-21 12800]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

    -----------------EOF-----------------

  6. #6
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Download and Run ComboFix (by sUBs)
    Please visit this webpage for instructions for downloading and running ComboFix:

    Bleeping Computer ComboFix Tutorial

    • You must download it to and run it from your Desktop
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply
    • Re-enable all the programs that were disabled during the running of ComboFix..



    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper

    For instructions on how to disable your security programs, please see this topic
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
    ----------------------------------------------------------------------------------------
    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    Some of the logs I request will be quite large, You may need to split them over a couple of replies.
    • Combofix Log
    • C:\Qoobox\Add-Remove Programs.txt
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  7. #7
    Senior Member
    Join Date
    May 2006
    Posts
    170

    Default

    ComboFix 10-03-04.02 - Bob 03/05/2010 0:19.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.184 [GMT -6:00]
    Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Windows Media Player\pidgen.dll
    c:\windows\box boat blue.ico
    c:\windows\system32\ie.ico
    c:\windows\Web\PRINTERS\ipatvrs.bak1
    c:\windows\Web\PRINTERS\ipatvrs.ini

    .
    ((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))
    .

    2010-02-26 04:58 . 2010-03-01 10:34 -------- d-----w- c:\documents and settings\Bob\Local Settings\Application Data\wbsrov
    2010-02-19 14:15 . 2010-02-19 14:15 114688 ----a-w- c:\windows\system32\igfxzoom.exe
    2010-02-19 01:36 . 2010-02-19 01:40 -------- d-----w- C:\$AVG
    2010-02-19 01:34 . 2010-02-19 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-02-04 06:17 . 2010-02-04 06:33 256 ----a-w- c:\windows\system32\pool.bin
    2010-02-04 06:06 . 2010-02-12 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
    2010-02-04 06:06 . 2010-02-04 06:06 -------- d-----w- c:\program files\Common Files\Roxio Shared

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-21 20:12 . 2007-09-14 04:49 -------- d-----w- c:\documents and settings\Bob\Application Data\LimeWire
    2010-02-19 14:15 . 2003-10-15 05:58 -------- d-----w- c:\program files\Free History Eraser
    2010-02-19 01:35 . 2007-03-01 16:09 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-02-19 01:35 . 2008-07-02 14:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-02-19 01:35 . 2008-06-19 13:21 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-02-19 01:35 . 2008-06-19 13:21 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-02-19 01:34 . 2008-06-19 13:20 -------- d-----w- c:\program files\AVG
    2010-02-04 06:24 . 2007-03-31 16:20 -------- d-----w- c:\documents and settings\Bob\Application Data\Blackberry Desktop
    2010-02-04 06:13 . 2007-03-31 16:20 -------- d-----w- c:\program files\Research In Motion
    2010-02-04 06:06 . 2007-03-31 16:20 -------- d-----w- c:\program files\Common Files\Research In Motion
    2010-02-02 15:15 . 2005-09-17 20:58 -------- d-----w- c:\documents and settings\Bob\Application Data\Lavasoft
    2010-02-01 14:22 . 2008-10-10 16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-31 23:24 . 2010-01-20 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-01-25 20:07 . 2010-01-25 20:07 -------- d-----w- c:\program files\ERUNT
    2010-01-07 22:07 . 2008-10-10 16:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 22:07 . 2008-10-10 16:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-31 16:50 . 2004-11-22 19:12 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-21 19:14 . 2004-11-22 19:13 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-12-16 18:43 . 2004-11-22 19:13 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:08 . 2004-11-22 19:12 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-08 19:27 . 2004-11-22 19:12 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 18:43 . 2004-11-22 19:12 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2004-02-19 02:22 . 2004-02-27 06:11 1009152 ----a-w- c:\program files\K-Tuner.msi
    1998-02-10 22:34 . 2003-05-10 05:31 128000 ----a-w- c:\program files\UNWISE.EXE
    2010-02-26 19:55 . 2007-01-06 04:38 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
    2010-02-26 19:55 . 2007-01-06 04:38 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2010-02-26 19:55 . 2007-01-06 04:38 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
    2010-02-26 19:55 . 2007-01-06 04:38 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
    2010-02-26 19:55 . 2007-01-06 04:38 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-28 68856]
    "SkinClock"="c:\program files\Free Desktop Clock\DesktopClock.exe" [2006-10-01 334848]
    "Eraser"="c:\program files\Eraser\Eraser.exe" [2009-06-10 334224]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-10-28 257440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
    "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-10-07 294912]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-05-06 151597]
    "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2004-09-16 684032]
    "StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]
    "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
    "eFax 4.2"="c:\program files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-06-20 107008]
    "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
    "Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-28 68856]

    c:\documents and settings\Bob\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-16 111376]
    Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-16 51984]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    eFax 4.2.lnk - c:\program files\eFax Messenger 4.2\J2GTray.exe [2006-7-5 612352]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2004-10-30 217088]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-02-19 01:35 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online Tray Icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online Tray Icon.lnk
    backup=c:\windows\pss\America Online Tray Icon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    path=c:\documents and settings\Bob\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    2004-09-16 00:24 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2005-10-19 13:59 126976 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2005-10-19 13:59 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2003-05-06 18:50 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "anem"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\America Online 9.0a\\waol.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
    "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service

    R0 sonyhcb;Sony Digital Imaging Base;c:\windows\SYSTEM32\DRIVERS\sonyhcb.sys [7/7/2003 8:39 PM 6097]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/19/2008 7:21 AM 333192]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [6/19/2008 7:21 AM 360584]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/18/2010 7:34 PM 285392]
    R3 L6DP;L6DP;c:\windows\SYSTEM32\DRIVERS\l6dp.sys [7/15/2002 9:39 PM 26496]
    R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\SYSTEM32\DRIVERS\WUSB54GCv3.sys [6/22/2009 10:31 AM 627072]
    S0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [11/27/2006 10:18 PM 639224]
    S3 L6PODLV;PODxt Live Service;c:\windows\SYSTEM32\DRIVERS\L6PODLV.sys [10/5/2004 7:58 PM 114048]
    S3 RDID1003;EDIROL UM-2;c:\windows\SYSTEM32\DRIVERS\Rdwm1003.sys [11/5/2007 1:30 AM 80481]
    S3 RDWM1005;EDIROL UA-5 (WDM);c:\windows\SYSTEM32\DRIVERS\Rdwm1005.sys [5/22/2003 10:35 PM 98822]
    S3 sonyhcs;Sony Digital Imaging Video;c:\windows\SYSTEM32\DRIVERS\sonyhcs.sys [7/7/2003 8:39 PM 299923]
    S3 WLUX96;3Com 3CRSHEW696 Wireless LAN USB Adapter;c:\windows\SYSTEM32\DRIVERS\wlux96f.sys [5/22/2003 11:06 PM 80896]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2010-03-04 c:\windows\Tasks\User_Feed_Synchronization-{622DC8BF-5DC0-43FC-829B-F944D2B2EB67}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\9u3mbtvu.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    AddRemove-AP Guitar Tuner 1.02 - c:\program files\Audio Phonics
    AddRemove-Cakewalk Pro Audio 9 - c:\program files\Cakewalk\Cakewalk Pro Audio 9\CWPA9_Uninst.isu
    AddRemove-Orbit - c:\program files\Common Files\OE\uninstallwa.exe
    AddRemove-rgc:audio sfz VSTi_is1 - c:\program files\Vstplugins\unins000.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-05 00:34
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????X:??h???x???@???X???????????@???P???? ?w? ?w)??p????????(???y????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2010-03-05 00:47:36
    ComboFix-quarantined-files.txt 2010-03-05 06:47
    ComboFix2.txt 2009-01-26 05:26

    Pre-Run: 8,457,646,080 bytes free
    Post-Run: 8,454,467,584 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    - - End Of File - - F3471741E6307182B7CAE8F11519B7D0

  8. #8
    Senior Member
    Join Date
    May 2006
    Posts
    170

    Default

    4Front Piano Module 1.0 VSTi
    Adobe Bridge 1.0
    Adobe Creative Suite 2
    Adobe Flash Player 10 ActiveX
    Adobe Help Center 1.0
    Adobe Illustrator CS2
    Adobe InDesign CS2
    Adobe Photoshop CS2
    Adobe Reader 7.0
    Adobe Stock Photos 1.0
    Adobe SVG Viewer 3.0
    AIM 6
    Amara - Flash Slide Show Builder
    America Online (Choose which version to remove)
    Antares Auto-Tune 3.03 DirectX
    AOL Instant Messenger
    AP Guitar Tuner 1.02
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG Free 9.0
    BACS
    Banctec Service Agreement
    BlackBerry Desktop Software 5.0.1
    BlackBerry v4.2.1 for the 8100 Series Wireless Handheld
    BlackBerry® Media Sync
    Bonjour
    Britannica Ready Reference
    Broadcom Advanced Control Suite
    Cakewalk Pro Audio 9
    Cakewalk VST Adapter 4.4.0
    CD-Cover Editor v2.5
    CD/DVD Jewel Case and Label Creator
    CoffeeCup Flash Firestarter
    CoffeeCup GIF Animator
    CoffeeCup Web JukeBox - Registered
    CoffeeCup Web Video Player - Registered
    Conexant SmartHSFi V92 56K DF PCI Modem
    Critical Update for Windows Media Player 11 (KB959772)
    cwenc v1.2
    DAO
    Dell Picture Studio - Dell Image Expert
    Dell ResourceCD
    Dell Solution Center
    Digital Line Detect
    DivX Web Player
    DreamStation DXi2
    DVDSentry
    DVDx
    Earthlink Installer - uninstall 'Earthlink 5.0' entry first if present
    Easy CD Creator 5 Basic
    EasyZip
    eFax Messenger 4.2
    ELNKInst
    Eraser 5.8.7
    ERUNT 1.1j
    Free Desktop Clock 2.2
    Free History Eraser
    Garmin USB Drivers
    Google Toolbar for Internet Explorer
    GT-8FxFloorBoard 1.1a
    Guitar Pro 4 Demo
    Guitar Pro 5.0
    GuitarPort 2.51 (Remove Only)
    Help and Support Customization
    HijackThis 2.0.2
    Home Studio 2004
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Intel(R) Extreme Graphics Driver
    InterLok Driver Kit
    iTunes
    iZotope Ozone 3
    Java(TM) 6 Update 17
    Java(TM) 6 Update 7
    K-Tuner
    Learn2 Player (Uninstall Only)
    Line 6 Edit (remove only)
    Linksys Wireless Manager
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft FrontPage 2002
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 97, Professional Edition
    Microsoft Office XP Small Business
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Web Embedding Fonts Tool (III)
    Modem Helper
    Mozilla Firefox (2.0.0.20)
    MSN Money Investment Toolbox
    MSN Music Assistant
    MyDVD
    Neato MediaFACE
    NetWaiting
    Network Magic
    NoteTab Light (Remove only)
    OLYMPUS CAMEDIA Master 2.5
    Paint Shop Pro 7
    Panda ActiveScan
    PIXELA ImageMixer
    PODxt Drivers 2.6.2.0 (Remove Only)
    PODxt Drivers 2.6.3.0 (Remove Only)
    PODxt Drivers 2.6.5.0 (Remove Only)
    PODxt Drivers 2.6.8.0 (Remove Only)
    Power Tab Editor 1.7
    PowerDVD
    Pure Networks Platform
    QuickTime
    RealOne Player
    REAPER
    rgc:audio sfz VSTi v1.93
    SBC Self Support Tool
    SBC Yahoo! Dial (remove only)
    SBC Yahoo! DSL
    SBC Yahoo! DSL Utilities
    SBC Yahoo! Internet Mail
    SBC Yahoo! Parental Controls
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 Series (KB969878)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    ShowBiz
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.5.2.20
    Style Enhancer Micro 1.28
    Suite Specific
    TEFView 2.64
    U.S. Robotics Wireless Installation CD
    Ulead VideoStudio 6
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VERITAS RecordNow DX
    VERITAS RecordNow DX Update Manager
    Viewpoint Media Player
    Virtual Sound Canvas DXi
    VistaPrint Electronic Business Card
    Voxengo Soniformer VST 2.2
    Web Assistant
    WebClean
    WebFldrs XP
    Win32 BI Application
    Winamp3 (remove only)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media 8 Encoding Utility
    Windows Media Encoder 7.1
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 9 Series Winter Fun Pack
    Windows XP Hotfix (SP2) [See KB810243 for more information]
    Windows XP Service Pack 3
    WordPerfect Office 2002
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Mail
    Yahoo! Messenger Explorer Bar
    Yahoo! Software Update
    Yahoo! Toolbar

  9. #9
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    ----------------------------------------------------------------------------------------
    Step 1

    Custom CFScript
    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      DirLook::
      c:\documents and settings\Bob\Local Settings\Application Data\wbsrov
      DDS::
      uInternet Settings,ProxyOverride = <local>
      uInternet Settings,ProxyServer = http=127.0.0.1:5555
      ADS::
    • Save this as CFScript.txt and place it on your desktop.




    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper



    ----------------------------------------------------------------------------------------
    Step 2

    Kaspersky Online Scanner .
    Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
    NOTE:- This scan is best done from IE (Internet Explorer)

    NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
    Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html

    Read the Requirements and limitations before you click Accept.
    Once the database has downloaded, click My Computer in the left pane
    Now go and put the kettle on !
    When the scan has completed, click Save Report As...
    Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

    Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

    ----------------------------------------------------------------------------------------
    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    Some of the logs I request will be quite large, You may need to split them over a couple of replies.
    • Combofix Log
    • Kaspersky Log




    ---------------------------------------------------------------------------------------------------
    ---------------------------------------------------------------------------------------------------
    Additional Notes



    Your Java and Adobe is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Please follow these steps to remove older version Java and Adobe components and update.

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) from HERE
    • Scroll down to where it says "Java SE Runtime Environment (JRE)".
    • Click the "Download" button to the right.
      • Platform = Windows
      • Language = Multi Language
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.


    Update Adobe Acrobat Reader
    Adobe Reader is a large program and uses unnecessary space.
    If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

    • Please go to this link Adobe Acrobat Reader Download Link
    • Cllick Download
    • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
    • Click the Continue button
    • Click Run, and click Run again
    • Next click the Install Now button and follow the on screen prompts


    Now close all windows, including your browser.
    Double click on the Java installation that you downloaded and follow the prompts.

    Remove Programs
    Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
    click on the program to highlight it, and click on remove.
    • Adobe Reader 7.0
      Java(TM) 6 Update 17
      Java(TM) 6 Update 7
    Now close the Control Panel.

    Reboot your machine.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  10. #10
    Senior Member
    Join Date
    May 2006
    Posts
    170

    Default

    ComboFix 10-03-04.02 - Bob 03/06/2010 10:34:45.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.290 [GMT -6:00]
    Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((( Files Created from 2010-02-06 to 2010-03-06 )))))))))))))))))))))))))))))))
    .

    2010-02-26 04:58 . 2010-03-01 10:34 -------- d-----w- c:\documents and settings\Bob\Local Settings\Application Data\wbsrov
    2010-02-19 14:15 . 2010-02-19 14:15 114688 ----a-w- c:\windows\system32\igfxzoom.exe
    2010-02-19 01:36 . 2010-02-19 01:40 -------- d-----w- C:\$AVG
    2010-02-19 01:34 . 2010-02-19 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-21 20:12 . 2007-09-14 04:49 -------- d-----w- c:\documents and settings\Bob\Application Data\LimeWire
    2010-02-19 14:15 . 2003-10-15 05:58 -------- d-----w- c:\program files\Free History Eraser
    2010-02-19 01:35 . 2007-03-01 16:09 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-02-19 01:35 . 2008-07-02 14:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-02-19 01:35 . 2008-06-19 13:21 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-02-19 01:35 . 2008-06-19 13:21 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-02-19 01:34 . 2008-06-19 13:20 -------- d-----w- c:\program files\AVG
    2010-02-12 18:40 . 2010-02-04 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
    2010-02-04 06:33 . 2010-02-04 06:17 256 ----a-w- c:\windows\system32\pool.bin
    2010-02-04 06:24 . 2007-03-31 16:20 -------- d-----w- c:\documents and settings\Bob\Application Data\Blackberry Desktop
    2010-02-04 06:13 . 2007-03-31 16:20 -------- d-----w- c:\program files\Research In Motion
    2010-02-04 06:06 . 2007-03-31 16:20 -------- d-----w- c:\program files\Common Files\Research In Motion
    2010-02-04 06:06 . 2010-02-04 06:06 -------- d-----w- c:\program files\Common Files\Roxio Shared
    2010-02-02 15:15 . 2005-09-17 20:58 -------- d-----w- c:\documents and settings\Bob\Application Data\Lavasoft
    2010-02-01 14:22 . 2008-10-10 16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-31 23:24 . 2010-01-20 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-01-25 20:07 . 2010-01-25 20:07 -------- d-----w- c:\program files\ERUNT
    2010-01-07 22:07 . 2008-10-10 16:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 22:07 . 2008-10-10 16:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-31 16:50 . 2004-11-22 19:12 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-21 19:14 . 2004-11-22 19:13 916480 ------w- c:\windows\system32\wininet.dll
    2009-12-16 18:43 . 2004-11-22 19:13 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:08 . 2004-11-22 19:12 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-08 19:27 . 2004-11-22 19:12 2189184 ------w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 18:43 . 2004-11-22 19:12 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
    2004-02-19 02:22 . 2004-02-27 06:11 1009152 ----a-w- c:\program files\K-Tuner.msi
    1998-02-10 22:34 . 2003-05-10 05:31 128000 ----a-w- c:\program files\UNWISE.EXE
    2010-02-26 19:55 . 2007-01-06 04:38 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
    2010-02-26 19:55 . 2007-01-06 04:38 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2010-02-26 19:55 . 2007-01-06 04:38 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
    2010-02-26 19:55 . 2007-01-06 04:38 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
    2010-02-26 19:55 . 2007-01-06 04:38 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\documents and settings\Bob\Local Settings\Application Data\wbsrov ----



    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-28 68856]
    "SkinClock"="c:\program files\Free Desktop Clock\DesktopClock.exe" [2006-10-01 334848]
    "Eraser"="c:\program files\Eraser\Eraser.exe" [2009-06-10 334224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
    "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-10-07 294912]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-05-06 151597]
    "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2004-09-16 684032]
    "StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]
    "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
    "eFax 4.2"="c:\program files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-06-20 107008]
    "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
    "Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-28 68856]

    c:\documents and settings\Bob\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-16 111376]
    Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-16 51984]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    eFax 4.2.lnk - c:\program files\eFax Messenger 4.2\J2GTray.exe [2006-7-5 612352]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2004-10-30 217088]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-02-19 01:35 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online Tray Icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online Tray Icon.lnk
    backup=c:\windows\pss\America Online Tray Icon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    path=c:\documents and settings\Bob\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    2004-09-16 00:24 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2005-10-19 13:59 126976 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2005-10-19 13:59 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2003-05-06 18:50 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "anem"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\America Online 9.0a\\waol.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
    "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service

    R0 sonyhcb;Sony Digital Imaging Base;c:\windows\SYSTEM32\DRIVERS\sonyhcb.sys [7/7/2003 8:39 PM 6097]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/19/2008 7:21 AM 333192]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [6/19/2008 7:21 AM 360584]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/18/2010 7:34 PM 285392]
    R3 L6DP;L6DP;c:\windows\SYSTEM32\DRIVERS\l6dp.sys [7/15/2002 9:39 PM 26496]
    R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\SYSTEM32\DRIVERS\WUSB54GCv3.sys [6/22/2009 10:31 AM 627072]
    S0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [11/27/2006 10:18 PM 639224]
    S3 L6PODLV;PODxt Live Service;c:\windows\SYSTEM32\DRIVERS\L6PODLV.sys [10/5/2004 7:58 PM 114048]
    S3 RDID1003;EDIROL UM-2;c:\windows\SYSTEM32\DRIVERS\Rdwm1003.sys [11/5/2007 1:30 AM 80481]
    S3 RDWM1005;EDIROL UA-5 (WDM);c:\windows\SYSTEM32\DRIVERS\Rdwm1005.sys [5/22/2003 10:35 PM 98822]
    S3 sonyhcs;Sony Digital Imaging Video;c:\windows\SYSTEM32\DRIVERS\sonyhcs.sys [7/7/2003 8:39 PM 299923]
    S3 WLUX96;3Com 3CRSHEW696 Wireless LAN USB Adapter;c:\windows\SYSTEM32\DRIVERS\wlux96f.sys [5/22/2003 11:06 PM 80896]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2010-03-05 c:\windows\Tasks\User_Feed_Synchronization-{622DC8BF-5DC0-43FC-829B-F944D2B2EB67}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\9u3mbtvu.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-06 10:50
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????X:??h???x???@???X???????????@???P???? ?w? ?w)??p????????(???y????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(664)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-03-06 11:00:15
    ComboFix-quarantined-files.txt 2010-03-06 17:00
    ComboFix2.txt 2010-03-05 06:47
    ComboFix3.txt 2009-01-26 05:26

    Pre-Run: 8,426,278,912 bytes free
    Post-Run: 8,460,103,680 bytes free

    - - End Of File - - A3E631FDAE9C41CB28EF3E78D1E8E585

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •