ComboFix log
ComboFix 09-08-30.04 - Brandy 08/31/2009 10:28.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.1245 [GMT -5:00]
Running from: c:\users\Brandy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1073043901-275140909-1479662195-500
c:\Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:12 AM, on 8/25/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\sttray.exe
C:\Program Files\SetPoint\LBTWiz.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alltel Jump Music\Remix\msptcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [mSpotAlltelRemix] "C:\Program Files\Alltel Jump Music\Remix\msptcmd.exe" /runcheck
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) -
http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxbx_device - - C:\Windows\system32\lxbxcoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 13041 bytes$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\program files\QUAD Utilities
.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))))
.
2009-08-31 15:34 . 2009-08-31 15:34 -------- d-----w- c:\users\Micheal\AppData\Local\temp
2009-08-31 15:34 . 2009-08-31 15:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-31 15:34 . 2009-08-31 15:34 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-08-31 14:18 . 2009-08-31 14:18 -------- d-----w- c:\program files\ERUNT
2009-08-31 02:11 . 2008-04-26 08:26 891448 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-31 02:11 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-08-31 02:11 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-08-29 16:51 . 2009-08-29 16:51 -------- d-----w- C:\_OTM
2009-08-29 15:55 . 2009-08-29 15:55 -------- d-----w- c:\users\Brandy\AppData\Roaming\Uniblue
2009-08-29 14:41 . 2009-08-29 14:41 -------- d-----w- C:\PerfLogs
2009-08-28 17:35 . 2009-08-28 17:35 -------- d-----w- c:\users\Brandy\New Folder
2009-08-27 12:11 . 2009-08-27 12:11 -------- d-----w- c:\program files\att-prt22
2009-08-27 12:11 . 2009-08-27 12:11 -------- d-----w- c:\program files\ATT-PRT22-WISE
2009-08-26 03:02 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-25 21:49 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-25 21:49 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-25 13:10 . 2009-08-25 13:10 -------- d-----w- c:\program files\Trend Micro
2009-08-25 12:54 . 2009-08-25 12:57 -------- d-----w- c:\program files\RegDefense
2009-08-25 02:34 . 2009-08-29 18:21 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-25 01:18 . 2009-07-24 14:55 1090816 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2009-08-25 01:16 . 2009-08-25 01:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-25 01:16 . 2009-08-25 01:16 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-25 01:15 . 2009-08-25 01:15 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-25 01:15 . 2009-08-25 01:15 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-25 01:14 . 2009-08-31 14:26 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-25 01:14 . 2009-08-25 12:36 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-08-25 01:14 . 2009-08-25 01:14 -------- d-----w- c:\programdata\avg8
2009-08-25 00:42 . 2009-08-25 00:42 -------- d-----w- c:\program files\AVG
2009-08-25 00:34 . 2009-08-25 00:34 680 ----a-w- c:\users\Brandy\AppData\Local\d3d9caps.dat
2009-08-24 23:45 . 2009-08-25 00:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-24 23:45 . 2009-08-25 00:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-24 23:43 . 2009-08-24 23:43 -------- d-----w- c:\users\Brandy\AppData\Roaming\AVG8
2009-08-24 03:22 . 2009-08-24 03:22 -------- d-----w- c:\users\Brandy\AppData\Roaming\PeerNetworking
2009-08-24 03:05 . 2009-08-24 03:05 -------- d-----w- C:\$UPGRADE.~OS
2009-08-24 03:04 . 2009-08-24 03:04 -------- d-----w- C:\$WINDOWS.~BT
2009-08-24 01:55 . 2009-08-24 02:09 -------- d-----w- c:\program files\Anti-Virus Professional
2009-08-23 18:33 . 2009-08-23 18:33 -------- d-----w- c:\users\Guest\AppData\Roaming\Yahoo!
2009-08-23 15:14 . 2009-08-23 15:14 -------- d-----w- c:\users\Brandy\AppData\Roaming\Yahoo!
2009-08-23 15:14 . 2009-08-23 15:14 -------- d-----w- c:\programdata\Yahoo! Companion
2009-08-23 15:14 . 2009-08-23 15:14 -------- d-----w- c:\program files\Yahoo!
2009-08-23 15:13 . 2009-08-23 15:13 -------- d-----w- c:\program files\Verizon Wireless
2009-08-23 15:12 . 2009-08-23 15:13 -------- d-----w- c:\program files\V CAST Music with Rhapsody
2009-08-20 21:42 . 2009-08-20 21:42 -------- d-----w- c:\program files\LG Electronics
2009-08-20 21:42 . 2007-04-09 14:56 21248 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2009-08-20 21:42 . 2007-04-09 14:55 22912 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2009-08-20 21:42 . 2007-04-09 14:53 12672 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2009-08-18 19:12 . 2009-08-25 00:18 -------- d-----w- c:\program files\LimeWire
2009-08-12 15:19 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 15:19 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 15:18 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-12 15:18 . 2008-01-19 07:36 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-08-12 15:18 . 2008-01-19 07:33 136192 ----a-w- c:\windows\system32\aaclient.dll
2009-08-12 15:18 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 15:18 . 2008-01-19 07:35 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-08-12 15:18 . 2008-01-19 07:35 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-08-12 15:18 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 15:18 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-12 15:18 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 15:18 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-09 05:33 . 2008-06-20 01:17 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-09 05:33 . 2008-06-20 01:18 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-09 05:33 . 2008-06-20 01:17 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-09 05:33 . 2008-06-20 01:18 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-09 05:33 . 2008-06-20 01:17 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-09 05:33 . 2008-06-20 01:18 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-09 05:33 . 2008-06-20 01:18 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-09 05:23 . 2008-07-27 18:00 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-09 05:23 . 2008-07-27 18:00 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-09 05:23 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-09 05:22 . 2008-07-27 18:00 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-09 05:22 . 2008-07-27 18:00 83968 ----a-w- c:\windows\system32\mscories.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 14:30 . 2007-10-17 18:46 1660 ----a-w- c:\windows\bthservsdp.dat
2009-08-29 16:06 . 2007-07-14 11:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-29 14:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-29 14:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-29 14:50 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-29 14:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-29 14:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-29 14:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-29 14:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-29 14:41 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-29 14:27 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-08-29 14:27 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-08-27 20:59 . 2007-10-19 15:58 -------- d-----w- c:\program files\Common Files\Motive
2009-08-27 12:11 . 2007-10-19 15:57 -------- d-----w- c:\programdata\Motive
2009-08-25 00:00 . 2009-08-18 19:14 -------- d-----w- c:\users\Brandy\AppData\Roaming\LimeWire
2009-08-25 00:00 . 2008-01-09 19:02 -------- d-----w- c:\program files\Alltel Jump Music
2009-08-24 03:12 . 2007-07-14 11:27 -------- d-----w- c:\program files\Dell
2009-08-20 21:42 . 2007-07-14 11:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-25 18:28 . 2009-07-25 18:28 746760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-07-24 14:11 . 2009-07-24 14:11 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4550.tmp.exe
2009-07-18 16:06 . 2009-07-29 15:24 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 15:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 15:24 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-15 15:24 . 2009-07-15 14:34 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 14:34 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 14:34 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 14:34 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 03:55 . 2009-06-10 03:55 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb6AE1.tmp.exe
2007-07-14 18:47 . 2007-07-14 18:46 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-30 68856]
"mSpotAlltelRemix"="c:\program files\Alltel Jump Music\Remix\msptcmd.exe" [2007-12-14 1503232]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-12 101136]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-27 29744]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 213936]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-25 2007832]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-08 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-08 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-08 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-12 101136]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-02-08 303104]
c:\users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-14 50688]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-6-21 282624]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2007-7-14 679936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F5D80D22-31D7-400A-B794-497A67B92CEC}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EC1534D6-4E80-4EF1-A38F-D70A9EFB18C4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{41BEDD13-D38F-46F3-898B-4148AD8EF147}"= UDP:c:\program files\BellSouth\McciBrowser.exe:motivebrowser.exe
"{A9B29BA4-62D7-46F3-BA49-7B6C2A4136FD}"= TCP:c:\program files\BellSouth\McciBrowser.exe:motivebrowser.exe
"{CF4FE244-F0D2-49E8-BAEE-A871B2F23F67}"= UDP:c:\windows\System32\lxbxcoms.exe:Lexmark Communications System
"{34AA0F2D-A351-452A-9AE5-31F2EF155EF0}"= TCP:c:\windows\System32\lxbxcoms.exe:Lexmark Communications System
"{D64FA655-FF02-4D8E-A779-732EF22CAF0A}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbxpswx.exe

rinter Status Window
"{3FB43879-E2E7-4980-A814-98EE646B48FF}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbxpswx.exe

rinter Status Window
"{303E8110-DF3F-4E3D-A745-F99FE0462642}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B334AA11-4CFD-4220-A65B-CBA60B52D499}"= UDP:990:LocalSubnet:LocalSubnet|IF={C6054DA7-A324-422C-82E0-0DE0AA66F458}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr

%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{0645F8DD-47D7-4B0B-92A2-8E7F1EE53B56}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0FAAF3BE-6CF7-4638-96E3-0AB1DB656F3E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{28D5D3CA-48F4-40AB-8525-E5F9B3A1E75F}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{8925D8FC-3247-4187-8F69-88CB1D12CCDD}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{DB819EC3-78B2-4B2A-8C11-5F4B4EE20670}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{E5CAD2A0-D782-41BB-AC5D-D46790D00954}"= UDP:990:LocalSubnet:LocalSubnet|IF={C6054DA7-A324-422C-82E0-0DE0AA66F458}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr

%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{D4E22101-55DC-4431-9670-5E7F44A324BB}"= UDP:990:LocalSubnet:LocalSubnet|IF={C6054DA7-A324-422C-82E0-0DE0AA66F458}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr

%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{53EDB525-F3A2-4AE0-809D-501548D96FB2}"= UDP:c:\users\Brandy\AppData\Local\Temp\7zSEACC.tmp\SymNRT.exe:Norton Removal Tool
"{592D4BBD-91F1-400A-A6EA-7C0966F81019}"= TCP:c:\users\Brandy\AppData\Local\Temp\7zSEACC.tmp\SymNRT.exe:Norton Removal Tool
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [8/24/2009 8:15 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [8/24/2009 8:16 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/24/2009 8:14 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/24/2009 8:14 PM 297752]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [8/24/2009 7:10 PM 1153368]
R3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;c:\windows\System32\drivers\usb8023.sys [9/12/2008 2:18 AM 15872]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/29/2007 12:46 PM 29744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Logitech BT Wizard - LBTWiz.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-08-31 10:34
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4380)
c:\program files\SetPoint\lgscroll.dll
.
Completion time: 2009-08-31 10:38
ComboFix-quarantined-files.txt 2009-08-31 15:38
Pre-Run: 207,298,744,320 bytes free
Post-Run: 207,545,430,016 bytes free
257 --- E O F --- 2009-08-31 02:51