Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Dialler


  • This topic is locked This topic is locked
33 replies to this topic

#1 Beagleburt

Beagleburt

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 16 January 2009 - 07:51 AM

I have a Dell Dimension 3000 computer with 512MB RAM & an 80GB HDDrive - dual booting Win XP - SP2 & Linux Kubuntu...40GB each. I always use Mozilla "Firefox" browser - (recently updated to version 3.0.5) although i do have "Internet Exploder" - (version 7) on board. I use "Zone Alarm" - (current version 7.0.483.000) - as my firewall although i have been noticing some strange behaviours withit lately: e.g.: When i "STOP ALL INTERNET TRAFFIC" I am still able to send MicroSoft Error Reporting Data out? & also when it is supposed to be Blocking all internet traffic - the "Received bytes" counter on my ISP Status > Activity dialogue shows an INCREASE of INCOMING Bytes!? I also recently started investigating the "MMC-console" for Security & System logs but i can not read these as they are always being "used-by-another-process"? I do not know if i have a virus + spyware or what?
I have been having a longstanding problem with the Windows side for quite a long time - (3x months +)
My modem - (external) - frequently starts dialling out by itself. I always turn the modem's power switch OFF when this happens. I have been scanning my computer with Updated "Ad-Aware" & "SpyBot Search & Destroy" & "PCTools Spyware Doctor" but have NOT detected any Dialler-spyware. I also run "AVG" antivirus - (now using the Free version 8)...but still nothing.
Here is my dds.scr - (HJT?) - log:


DDS (Ver_09-01-07.01) - NTFSx86
Run by Bruce Gilbert at 0:50:23.06 on 17/01/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.94 [GMT 13:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
G:\Executive Software\DiskkeeperLite\DKService.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bruce Gilbert\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hotmail.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-

US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.hotmail.com/
mSearch Bar = hxxp://g.xtramsn.co.nz/0SEENNZ/SAOS01
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0

\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: IeCaptureBho Object: {7c1ce531-09e9-4fc5-9803-1c2956615786} - c:\program files\google\google desktop

search\GoogleDesktopIE.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\4.1.805.1852\swg.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.4000.1001

\en-nz\msntb.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdmcks.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: xtramsn: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.4000.1001\en-nz\msntb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Free Registry Fix] "c:\program files\promosoft corporation\free registry fix\regfix.exe" /reminder
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [UIWatcher] c:\program files\ashampoo\ashampoo uninstaller suite\UIWatcher.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program

files\java\jre1.6.0_03\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1

\SDHelper.dll
TCP: {E27E83E2-ECF7-4278-BF4D-7FC9EE9AA092} = 203.97.78.43 203.97.78.44
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,avgrsstx.dll c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bruceg~1\applic~1\mozilla\firefox\profiles\dgmm6mqf.default\
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Blue_Moon
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google updater\2.3.1334.1308\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-9-10 40840]
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [2007-1-18 17792]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-28 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-28 26824]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-9-10 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-9-10 81288]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-9-10 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-12-1 394952]
R3 EPPSCSIx;EPPSCSI Driver;c:\windows\system32\drivers\eppscan.sys [2005-6-21 105124]
R4 aawservice;Lavasoft Ad-Aware Service;g:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-4 875288]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-4 231704]
R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-28 76040]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-9-10 356920]
R4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-9-10 1079176]
R4 Seagate Sync Service;Seagate Sync Service;c:\program files\seagate\sync\SeaSyncServices.exe [2007-1-18 24120]
R4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32

\zonelabs\vsmon.exe -service [?]
S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [2008-10-22 7936]
S3 MR97310_VGA_DUAL_CAMERA;Dual-Mode Digital Camera;c:\windows\system32\drivers\MR97310v.sys [2006-1-13 116110]

=============== Created Last 30 ================

2009-01-14 00:11 <DIR> --d----- c:\program files\Trend Micro
2009-01-10 12:43 <DIR> --d----- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP

==================== Find3M ====================

2009-01-16 21:43 102,271,008 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-13 21:26 1,018,220 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-01-05 08:12 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-01-05 08:11 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-01-05 08:11 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2008-10-25 00:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-24 02:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-24 02:01 283,648 -------- c:\windows\system32\dllcache\gdi32.dll

============= FINISH: 0:52:24.37 ===============

Please find attached: Attach.txt & THANKYOU-in-advance for your kind help! - Kind regards Bruce Gilbert (Beagleburt)

Attached Files



BC AdBot (Login to Remove)

 


#2 Beagleburt

Beagleburt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 20 January 2009 - 05:53 AM

My AntiSpyware Firefox toolbar has blanked-out. I have removed it.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:32 AM

Posted 28 January 2009 - 03:46 PM

Hi Beagleburt,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have run any tool or have made a major change to the system since your last post. Also tell me how is the current condition of your computer.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Set the list of files/folders created to 3 mount and click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized).
  • Please copy and paste the content of just log.txt to your reply. No need for info.txt

    Note 1: If you have difficulty finding the log, the logs is in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.

You might want to save this page on your favorites, so you can find it again when you return.

#4 Beagleburt

Beagleburt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 01 February 2009 - 01:59 PM

TKU 4 ur response! Sorry it's taken so long to get back to you, but I've been unwell for the last couple of days...
Unfortunately I have already installed 5x Updates before i read ur feedback. The dialler is still trying to dial-out, & also I am now unable to launch Firefox, so have reverted to Internet Explorer. Here is the RSIT log.txt file you requested. BTW i have had the unknown dialler problem for MORE than 3x months...Kind regards...Beagleburt.
ps:[typo in instructions]: Set the list of files/folders created to 3 mount and click Continue at the disclaimer screen.

***************************************************************
Logfile of random's system information tool 1.05 (written by random/random)
Run by Bruce Gilbert at 2009-02-02 07:26:11
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 17 GB (45%) free of 37 GB
Total RAM: 510 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:27:19, on 02/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
G:\Executive Software\DiskkeeperLite\DKService.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\DOCUME~1\BRUCEG~1\LOCALS~1\Temp\AutoDetect.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\palmOne\AlarmApp.exe
G:\Program Files\HOTSYNC.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
C:\Program Files\ClipM8\ClipM8.exe
C:\Program Files\WinKey\WinKey.exe
C:\Program Files\WINZIP\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\StickyNote\StickyNote.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\AVG\AVG8\avgui.exe
G:\Program Files\Downloads\Software\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Bruce Gilbert.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.xtramsn.co.nz/0SEENNZ/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-nz\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-nz\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Disk Counter For Windows XP 3.1] C:\Program Files\Disk Counter For Windows XP\Disk Counter For Windows XP 3.1.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Free Registry Fix] "C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" /reminder
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Ceedo AutoDetect] C:\DOCUME~1\BRUCEG~1\LOCALS~1\Temp\AutoDetect.exe /active
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-AU ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Alarm Manager.LNK = G:\Program Files\AlarmApp.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: StickyNote.lnk = C:\Program Files\StickyNote\StickyNote.exe
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\palmOne\AlarmApp.exe
O4 - Global Startup: HotSync Manager.lnk = G:\Program Files\HOTSYNC.EXE
O4 - Global Startup: Iomega Icons.lnk = ?
O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools_NT\STARTNT.EXE
O4 - Global Startup: M8Clips.lnk = C:\Program Files\ClipM8\ClipM8.exe
O4 - Global Startup: Refresh.lnk = C:\Program Files\Iomega\Tools_NT\REFRESH.EXE
O4 - Global Startup: WinKey.lnk = C:\Program Files\WinKey\WinKey.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WINZIP\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2564ada69710ce...ip/RdxIE601.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by17fd.bay17.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{E27E83E2-ECF7-4278-BF4D-7FC9EE9AA092}: NameServer = 203.97.78.43 203.97.78.44
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - G:\Executive Software\DiskkeeperLite\DKService.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\Program Files\Iomega\Tools_NT\IOMEGAACCESS.EXE
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\system32\ZipToA.exe

--
End of file - 17193 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RadioRhemaSat13-8-05.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-15 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-04 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c1ce531-09e9-4fc5-9803-1c2956615786}]
IeCaptureBho Object - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll [2006-10-30 114176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-04 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll [2008-09-10 651248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-nz\msntb.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-07-14 342600]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - xtramsn - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-nz\msntb.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-04 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-05 1261336]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-01-05 1168264]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe []
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe [2005-07-15 479232]
"Zone Labs Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"StxTrayMenu"=C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe [2007-01-18 190008]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2008-02-18 1629480]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2007-09-17 1377576]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe blrun []
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-02-23 278528]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2008-02-18 1057064]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-10-30 190464]
"gcasServ"=C:\Program Files\Microsoft AntiSpyware\gcasServ.exe []
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2004-09-22 299008]
"Disk Counter For Windows XP 3.1"=C:\Program Files\Disk Counter For Windows XP\Disk Counter For Windows XP 3.1.exe [2006-11-15 73728]
"DiscWizardMonitor.exe"=C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [2007-06-14 1169720]
"AcronisTimounterMonitor"=C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe [2007-06-14 1945688]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2007-06-14 149024]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-04 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"Free Registry Fix"=C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe /reminder []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-02 68856]
"UIWatcher"=C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe [2003-05-29 598016]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe [2005-08-31 3084288]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2008-02-12 21898024]
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe []
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2006-01-25 7094272]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden []
"Ceedo AutoDetect"=C:\DOCUME~1\BRUCEG~1\LOCALS~1\Temp\AutoDetect.exe [2007-03-13 362264]
"ATnotes.exe"=C:\Program Files\ATnotes\ATnotes.exe [2005-01-05 1015808]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-01-15 50528]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Alarm Manager.LNK - C:\Program Files\palmOne\AlarmApp.exe
HotSync Manager.lnk - G:\Program Files\HOTSYNC.EXE
Iomega Icons.lnk - C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
Iomega Startup Options.lnk - C:\Program Files\Iomega\Tools_NT\STARTNT.EXE
M8Clips.lnk - C:\Program Files\ClipM8\ClipM8.exe
Refresh.lnk - C:\Program Files\Iomega\Tools_NT\REFRESH.EXE
WinKey.lnk - C:\Program Files\WinKey\WinKey.exe
WinZip Quick Pick.lnk - C:\Program Files\WINZIP\WZQKPICK.EXE

C:\Documents and Settings\Bruce Gilbert\Start Menu\Programs\Startup
Alarm Manager.LNK - G:\Program Files\AlarmApp.exe
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
Microsoft Office Shortcut Bar.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
StickyNote.lnk - C:\Program Files\StickyNote\StickyNote.exe
TimeLeft.lnk - C:\Program Files\TimeLeft3\TimeLeft.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-02 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Disabled:Windows Messenger"
"C:\Program Files\Palm Emulator\Emulator.exe"="C:\Program Files\Palm Emulator\Emulator.exe:*:Disabled:Palm OSŪ Emulator"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\StickyNote\StickyNote.exe"="C:\Program Files\StickyNote\StickyNote.exe:*:Disabled:Architecture launch vehicle"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Disabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Disabled:avgupd.exe"
"C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"="C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe:*:Disabled:gcasDtServ.exe"
"C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe"="C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe:*:Disabled:gcasServAlert.exe"
"C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareUpdater.exe"="C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareUpdater.exe:*:Disabled:GIANTAntiSpywareUpdater.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\WINDOWS\SYSTEM32\FXSCLNT.EXE"="C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Disabled:Microsoft Fax Console"
"C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe"="C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe:*:Disabled:Microsoft AntiSpyware"
"C:\WINDOWS\SYSTEM32\DPVSETUP.EXE"="C:\WINDOWS\SYSTEM32\DPVSETUP.EXE:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\SYSTEM32\MMC.EXE"="C:\WINDOWS\SYSTEM32\MMC.EXE:*:Disabled:Microsoft Management Console"
"C:\mirc\mirc32.exe"="C:\mirc\mirc32.exe:*:Disabled:mIRC Internet Relay Chat Client"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:MSN Messenger 7.5"
"C:\WINDOWS\SYSTEM32\RUNDLL32.EXE"="C:\WINDOWS\SYSTEM32\RUNDLL32.EXE:*:Disabled:Run a DLL as an App"
"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Disabled:SmartFTP Client"
"C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe"="C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe:*:Disabled:talkback.exe"
"C:\Program Files\X-Chat 2\xchat.exe"="C:\Program Files\X-Chat 2\xchat.exe:*:Disabled:xchat"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3381921e-c46c-11dc-bdba-001111cc7949}]
shell\AutoRun\command - E:\Help!.exe
shell\open\command - E:\Help!.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{556338c3-9a31-11d9-8fb1-806d6172696f}]
shell\AutoRun\command - E:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60ba5405-2d7d-11dd-8093-001111cc7949}]
shell\Auto\command - Windows.scr
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr


======List of files/folders created in the last 3 months======

2009-02-02 07:26:11 ----D---- C:\rsit
2009-02-02 05:31:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-02-02 05:30:52 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-24 02:40:00 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\Malwarebytes
2009-01-24 02:39:50 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-17 13:40:17 ----D---- C:\Program Files\Documents To Go
2009-01-17 13:13:34 ----D---- C:\Program Files\MGI
2009-01-17 12:29:40 ----A---- C:\WINDOWS\QuickInstall.INI
2009-01-17 09:40:21 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\Arcsoft
2009-01-17 09:08:18 ----D---- C:\Program Files\palmOne
2009-01-17 05:40:07 ----D---- C:\Program Files\MSXML 4.0
2009-01-14 00:11:03 ----D---- C:\Program Files\Trend Micro
2009-01-10 12:43:57 ----D---- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2009-01-05 09:41:30 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-05 09:11:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-05 07:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-05 07:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-05 07:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-05 07:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-05 07:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-22 08:39:38 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-22 08:39:34 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-11-20 21:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-07 21:10:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-07 21:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-07 21:09:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-07 21:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-07 09:05:40 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)

======List of files/folders modified in the last 3 months======

2009-02-02 07:27:18 ----D---- C:\WINDOWS\Temp
2009-02-02 07:27:16 ----A---- C:\WINDOWS\ModemLog_U.S. Robotics 56K FAX EXT.txt
2009-02-02 07:26:57 ----D---- C:\WINDOWS\Prefetch
2009-02-02 07:25:06 ----D---- C:\WINDOWS\Internet Logs
2009-02-02 07:18:20 ----D---- C:\WINDOWS\system32\DRIVERS
2009-02-02 07:18:19 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\Free Download Manager
2009-02-02 07:18:19 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-02-02 07:18:17 ----D---- C:\WINDOWS\SYSTEM32
2009-02-02 07:18:03 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-02-02 06:17:54 ----D---- C:\Program Files\Mozilla Firefox
2009-02-02 06:02:16 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-02 05:42:54 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\OpenOffice.org2
2009-02-02 05:40:49 ----AH---- C:\WINDOWS\system32\FFASTLOG.TXT
2009-02-02 05:40:25 ----D---- C:\WINDOWS
2009-02-02 05:36:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-02 05:36:01 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-02-02 05:35:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-02 05:32:47 ----HD---- C:\WINDOWS\INF
2009-02-02 05:32:35 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-02-02 05:32:29 ----D---- C:\Program Files\Internet Explorer
2009-02-02 05:32:11 ----D---- C:\WINDOWS\ie7updates
2009-02-02 05:31:50 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-02 05:31:43 ----A---- C:\WINDOWS\imsins.BAK
2009-02-02 05:11:28 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\Skype
2009-01-27 04:47:15 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-24 03:23:09 ----D---- C:\Program Files\Spyware Doctor
2009-01-24 02:46:20 ----ASH---- C:\BOOT.INI
2009-01-24 02:46:20 ----A---- C:\WINDOWS\WIN.INI
2009-01-24 02:46:20 ----A---- C:\WINDOWS\SYSTEM.INI
2009-01-24 02:46:15 ----D---- C:\WINDOWS\pss
2009-01-17 13:40:17 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-17 13:40:17 ----D---- C:\Program Files
2009-01-17 09:08:50 ----SHD---- C:\WINDOWS\Installer
2009-01-17 09:08:35 ----D---- C:\Config.Msi
2009-01-17 07:53:01 ----D---- C:\WINDOWS\A5W_DATA
2009-01-17 07:52:22 ----A---- C:\WINDOWS\A5W.INI
2009-01-17 06:38:48 ----D---- C:\WINDOWS\Help
2009-01-17 06:38:47 ----D---- C:\WINDOWS\system32\unknown
2009-01-17 05:40:08 ----D---- C:\WINDOWS\WinSxS
2009-01-17 03:31:17 ----D---- C:\Program Files\WINZIP
2009-01-16 22:37:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-16 22:35:49 ----D---- C:\WINDOWS\Minidump
2009-01-14 01:31:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-13 15:54:31 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\Mozilla
2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-05 09:03:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-05 04:02:26 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\Lavasoft
2008-12-22 08:39:50 ----D---- C:\WINDOWS\system32\DirectX
2008-12-22 05:48:27 ----D---- C:\Program Files\CyberLink
2008-12-22 04:59:04 ----D---- C:\Program Files\Common Files\Ahead
2008-12-22 04:59:04 ----D---- C:\Program Files\Common Files
2008-12-22 04:58:20 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\Ahead
2008-12-22 04:58:11 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2008-12-22 04:39:41 ----A---- C:\WINDOWS\lgfwup.ini
2008-12-13 19:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-11-29 07:33:21 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\ZoomBrowser EX
2008-11-29 05:45:48 ----D---- C:\Program Files\EPSON Print CD
2008-11-23 13:35:59 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-11-07 09:05:43 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-02 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-02 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-02 107272]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-08-08 13535]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-08 25160]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2009-01-05 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2009-01-05 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-09-03 32768]
R3 EPPSCSIx;EPPSCSI Driver; C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys [2007-07-07 105124]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-29 260096]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-03-04 1066278]
S3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-09-08 96704]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
S3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
S3 INIDVD;Initio USB DVD Filter Driver; C:\WINDOWS\system32\DRIVERS\inidvd.sys [2007-11-08 7936]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MR97310_VGA_DUAL_CAMERA;Dual-Mode Digital Camera; C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2002-11-07 116110]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2004-04-13 16509]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2007-06-14 411168]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-04 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-04 231704]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 Diskeeper;Diskeeper; G:\Executive Software\DiskkeeperLite\DKService.exe [2002-10-16 176128]
R2 EPSON_PM_RPCV2_01;EPSON V3 Service2(03); C:\WINDOWS\system32\E_S00RP1.EXE [2004-06-01 65536]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-10 137200]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe [2003-05-14 45056]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-05 1079176]
R2 Seagate Sync Service;Seagate Sync Service; C:\Program Files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]
R2 StatusAgent4;Epson Printer Status Agent4; C:\WINDOWS\system32\SAgent4.exe [2004-06-01 122880]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584]
S2 IomegaAccess;IomegaAccess; C:\Program Files\Iomega\Tools_NT\IOMEGAACCESS.EXE [1999-02-08 139264]
S2 ZipToA;ZipToA; C:\WINDOWS\system32\ZipToA.exe [1999-02-08 151552]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]

-----------------EOF-----------------

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:32 AM

Posted 01 February 2009 - 08:12 PM

Hi again,

Your computer is infected with a flash drive infection. This type of infection gets usually carried over through removable storage devices (flash drive/ USB drive/ thumb drive/ ipod/ memory stick/ memory card/ photo camera memory card/ external hard drive, etc) and networks. Please make sure you have your removable devices ready to disinfect. Don't connect them yet.

Please perform the steps fully in the order they are written and proceed only if the step is fully done.
  • I see from the log you are using a registry cleaner. It is even scheduled to run at startup. Here at BC we do not recommend using registry cleaners as it might irreversibly damage your computer.

  • This looks legit but I need to make sure. Is this your ISP:

    netname: TELSTRACLEAR-NZ
    descr: TelstraClear Ltd


  • You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do. This will only take a few seconds.
    • First disable TeaTimer:
      • Run Spybot-S&D
      • Go to the Mode menu, and make sure Advanced Mode is selected
      • On the left hand side, choose Tools -> Resident
      • Uncheck Resident TeaTimer and OK any prompts
      • Restart your computer.
      Instruction is also here: How to disable TeaTimer during HijackThis Cleanup

      Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

    • Then download ResetTeaTimer.exe to your desktop. (In case you use Firefox, rightclick the link and choose "Save Link As").
      • Doubleclick ResetTeaTimer.exe and let it run.
    Note: The Teatimer should be kept disabled until I give you the clean sign.


  • Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you remove the program if you are not using it.
    If you decided to uninstall it click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist:

    Viewpoint Media Player.

    Also remove the folder in bold: C:\Program Files\Viewpoint

  • Your version of ZoneAlarm Firewall comes with ZoneAlarm Spyblocker toolbar and this is not highly recommended. See here to find out why.

    I recommend you to uninstall ZoneAlarm Spyblocker toolbar:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    ZoneAlarm Spyblocker

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-nz\msntb.dll (file missing)
    O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-nz\msntb.dll (file missing)
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2564ada69710ce...ip/RdxIE601.cab


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    REGEDIT4 
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3381921e-c46c-11dc-bdba-001111cc7949}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60ba5405-2d7d-11dd-8093-001111cc7949}]
    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • Make temporarily disable AVG (it might flags the tool and prevent running it) then download Flash_Disinfector.exe by sUBs and save it to your desktop.
    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    • Wait until it has finished scanning, which takes only a few seconds and then exit the program.
    • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

  • Please run RSIT, set the list of Files/Folders created to 1 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).


#6 Beagleburt

Beagleburt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 02 February 2009 - 10:26 AM

Dear farbar,
Re: registry cleaner - i am puzzled as the only reference i could find was an Empty folder: "Free Registry Fix" ??? -nothing relative in my Start>Programs>Startup Folder ???
i deleted the empty FRF folder.
Yes my ISP is legit - "ClearNet" - owned by TelstraClearNZ.
Disabled TeaTimer & rebooted ok.

However, neither Internet "Explorer 7" NOR "Firefox 3.0.5" can access the internet now? (& YES i have checked my firewall Zone Alarm). i am presently using "Puppy Linux" entirely run from RAM to post this Reply. I have now downloaded "ResetTeaTimer.zip" > floppy disk & will quit "Puppy Linux" for now & reboot into Windows XP,; unzip & run it ....phew! I will get back to you. B.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:32 AM

Posted 02 February 2009 - 11:11 AM

Ok I'll wait for the next post, we have to make sure you get connected to internet. Could you also see if you get connect to internet in this way:

Start in Safe Mode Using the F8 key:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode with Networking menu item.
  • Press the Enter key. See if you have IE or FF connection.
This you can do after applying Hijackthis fix:
While you are there also run Malwarebytes, see if you can update it then run a quick scan and let remove what it finds. If it finds anything please post the log too.

#8 Beagleburt

Beagleburt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 02 February 2009 - 04:10 PM

Dear farbar,
Unable to dial out in Safe-Mode-with-Networking...
HJT -ok I fixed ALL the System scan entries that you supplied.
Regedit ok , but i came across a site that said that all regedits had to end in a blank line followed by a carriage return ? - Enter -So that is what i did.
MBAM refuses to update now.
Also my OEM 'Nero' application has become corrupted with several missing files.
i have just downloaded "Flash_Disinfector.exe" to floppy disk. i will run it after doing a final MBAM even tho i can not update it...(i will do both a quick scan & follow up with a thorough scan).
Finally i will run RSIT & UPLOAD LOGS.
Peace-be-with-you, B.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:32 AM

Posted 02 February 2009 - 04:55 PM

Thanks for letting me know. I have send a PM, wait for the logs.

#10 Beagleburt

Beagleburt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 04 February 2009 - 07:33 AM

Dear farbar,
RE: PM: I apologise.
FF does not even Open & IE still will not connect to sites - i tried again after re-running REGEDIT4 properly.
I am using "Puppy Linux" still to connect with the internet...
Please find below the latest RSIT Log:

Logfile of random's system information tool 1.05 (written by random/random)

Run by Bruce Gilbert at 2009-02-05 00:57:18

Microsoft Windows XP Home Edition Service Pack 2

System drive C: has 17 GB (45%) free of 37 GB

Total RAM: 510 MB (33% free)



Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:58:05, on 05/02/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\E_S00RP1.EXE

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\Explorer.EXE

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe

C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Seagate\Sync\SeaSyncServices.exe

C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe

C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe

C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\SAgent4.exe

C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\DOCUME~1\BRUCEG~1\LOCALS~1\Temp\AutoDetect.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\ATnotes\ATnotes.exe

C:\Program Files\palmOne\AlarmApp.exe

F:\Program Files\HOTSYNC.EXE

C:\Program Files\Iomega\Tools_NT\IMGICON.EXE

C:\Program Files\ClipM8\ClipM8.exe

C:\Program Files\WinKey\WinKey.exe

C:\Program Files\WINZIP\WZQKPICK.EXE

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\StickyNote\StickyNote.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\AVG\AVG8\aAvgApi.exe

C:\Documents and Settings\Bruce Gilbert\Desktop\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Trend Micro\HijackThis\Bruce Gilbert.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.xtramsn.co.nz/0SEENNZ/SAOS01

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"

O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [Disk Counter For Windows XP 3.1] C:\Program Files\Disk Counter For Windows XP\Disk Counter For Windows XP 3.1.exe

O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"

O4 - HKCU\..\Run: [Free Registry Fix] "C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" /reminder

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Ceedo AutoDetect] C:\DOCUME~1\BRUCEG~1\LOCALS~1\Temp\AutoDetect.exe /active

O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-AU ee://aol/imApp

O4 - HKCU\..\RunOnce: [Ceedo Repair] C:\DOCUME~1\BRUCEG~1\LOCALS~1\Temp\AutoDetect.exe /repair /drive=

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: Alarm Manager.LNK = F:\Program Files\AlarmApp.exe

O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE

O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Startup: StickyNote.lnk = C:\Program Files\StickyNote\StickyNote.exe

O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\palmOne\AlarmApp.exe

O4 - Global Startup: HotSync Manager.lnk = F:\Program Files\HOTSYNC.EXE

O4 - Global Startup: Iomega Icons.lnk = ?

O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools_NT\STARTNT.EXE

O4 - Global Startup: M8Clips.lnk = C:\Program Files\ClipM8\ClipM8.exe

O4 - Global Startup: Refresh.lnk = C:\Program Files\Iomega\Tools_NT\REFRESH.EXE

O4 - Global Startup: WinKey.lnk = C:\Program Files\WinKey\WinKey.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WINZIP\WZQKPICK.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by17fd.bay17.hotmail.msn.com/activex/HMAtchmt.ocx

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Diskeeper - Unknown owner - G:\Executive Software\DiskkeeperLite\DKService.exe (file missing)

O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IomegaAccess - Iomega Corporation - C:\Program Files\Iomega\Tools_NT\IOMEGAACCESS.EXE

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe

O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\system32\ZipToA.exe



--

End of file - 16158 bytes



======Scheduled tasks folder======



C:\WINDOWS\tasks\RadioRhemaSat13-8-05.job



======Registry dump======



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-15 308856]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-02-02 1078552]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c1ce531-09e9-4fc5-9803-1c2956615786}]

IeCaptureBho Object - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll [2006-10-30 114176]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-02 1968920]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll [2008-09-10 651248]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-07-14 342600]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]

{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-02 1968920]



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-02 1601304]

"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-01-05 1168264]

"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe []

"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209]

"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe [2005-07-15 479232]

"Zone Labs Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

"StxTrayMenu"=C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe [2007-01-18 190008]

"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2008-02-18 1629480]

"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe []

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe []

"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"NBKeyScan"=C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2007-09-17 1377576]

"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe blrun []

"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe []

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-02-23 278528]

"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2008-02-18 1057064]

"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-10-30 190464]

"gcasServ"=C:\Program Files\Microsoft AntiSpyware\gcasServ.exe []

"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2004-09-22 299008]

"Disk Counter For Windows XP 3.1"=C:\Program Files\Disk Counter For Windows XP\Disk Counter For Windows XP 3.1.exe [2006-11-15 73728]

"DiscWizardMonitor.exe"=C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [2007-06-14 1169720]

"AcronisTimounterMonitor"=C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe [2007-06-14 1945688]

"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2007-06-14 149024]



[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Free Registry Fix"=C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe /reminder []

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-02 68856]

"UIWatcher"=C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe [2003-05-29 598016]

"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe [2005-08-31 3084288]

"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2008-02-12 21898024]

"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe []

"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2006-01-25 7094272]

"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden []

"Ceedo AutoDetect"=C:\DOCUME~1\BRUCEG~1\LOCALS~1\Temp\AutoDetect.exe [2007-03-13 362264]

"ATnotes.exe"=C:\Program Files\ATnotes\ATnotes.exe [2005-01-05 1015808]

"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-01-15 50528]



[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Ceedo Repair"=C:\DOCUME~1\BRUCEG~1\LOCALS~1\Temp\AutoDetect.exe [2007-03-13 362264]



C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Alarm Manager.LNK - C:\Program Files\palmOne\AlarmApp.exe

HotSync Manager.lnk - F:\Program Files\HOTSYNC.EXE

Iomega Icons.lnk - C:\Program Files\Iomega\Tools_NT\IMGICON.EXE

Iomega Startup Options.lnk - C:\Program Files\Iomega\Tools_NT\STARTNT.EXE

M8Clips.lnk - C:\Program Files\ClipM8\ClipM8.exe

Refresh.lnk - C:\Program Files\Iomega\Tools_NT\REFRESH.EXE

WinKey.lnk - C:\Program Files\WinKey\WinKey.exe

WinZip Quick Pick.lnk - C:\Program Files\WINZIP\WZQKPICK.EXE



C:\Documents and Settings\Bruce Gilbert\Start Menu\Programs\Startup

Alarm Manager.LNK - F:\Program Files\AlarmApp.exe

HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE

Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

Microsoft Office Shortcut Bar.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE

Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

StickyNote.lnk - C:\Program Files\StickyNote\StickyNote.exe

TimeLeft.lnk - C:\Program Files\TimeLeft3\TimeLeft.exe



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2009-02-02 10520]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0
relog_ap



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1



[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=36

"NoDriveAutoRun"=FFFFFFFF



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Disabled:Windows Messenger"

"C:\Program Files\Palm Emulator\Emulator.exe"="C:\Program Files\Palm Emulator\Emulator.exe:*:Disabled:Palm OSŪ Emulator"

"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"

"C:\Program Files\StickyNote\StickyNote.exe"="C:\Program Files\StickyNote\StickyNote.exe:*:Disabled:Architecture launch vehicle"

"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Disabled:avgemc.exe"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Disabled:avgupd.exe"

"C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"="C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe:*:Disabled:gcasDtServ.exe"

"C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe"="C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe:*:Disabled:gcasServAlert.exe"

"C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareUpdater.exe"="C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareUpdater.exe:*:Disabled:GIANTAntiSpywareUpdater.exe"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"

"C:\WINDOWS\SYSTEM32\FXSCLNT.EXE"="C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Disabled:Microsoft Fax Console"

"C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe"="C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe:*:Disabled:Microsoft AntiSpyware"

"C:\WINDOWS\SYSTEM32\DPVSETUP.EXE"="C:\WINDOWS\SYSTEM32\DPVSETUP.EXE:*:Disabled:Microsoft DirectPlay Voice Test"

"C:\WINDOWS\SYSTEM32\MMC.EXE"="C:\WINDOWS\SYSTEM32\MMC.EXE:*:Disabled:Microsoft Management Console"

"C:\mirc\mirc32.exe"="C:\mirc\mirc32.exe:*:Disabled:mIRC Internet Relay Chat Client"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:MSN Messenger 7.5"

"C:\WINDOWS\SYSTEM32\RUNDLL32.EXE"="C:\WINDOWS\SYSTEM32\RUNDLL32.EXE:*:Disabled:Run a DLL as an App"

"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Disabled:SmartFTP Client"

"C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe"="C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe:*:Disabled:talkback.exe"

"C:\Program Files\X-Chat 2\xchat.exe"="C:\Program Files\X-Chat 2\xchat.exe:*:Disabled:xchat"

"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"

"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger"



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{556338c3-9a31-11d9-8fb1-806d6172696f}]

shell\AutoRun\command - E:\SETUP.EXE





======List of files/folders created in the last 1 months======



2009-02-03 10:43:12 ----RASHD---- C:\autorun.inf

2009-02-02 07:26:11 ----D---- C:\rsit

2009-02-02 05:31:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2009-02-02 05:30:52 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

2009-01-24 02:40:00 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\Malwarebytes

2009-01-24 02:39:50 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-01-17 13:40:17 ----D---- C:\Program Files\Documents To Go

2009-01-17 13:13:34 ----D---- C:\Program Files\MGI

2009-01-17 12:29:40 ----A---- C:\WINDOWS\QuickInstall.INI

2009-01-17 09:40:21 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\Arcsoft

2009-01-17 09:08:18 ----D---- C:\Program Files\palmOne

2009-01-17 05:40:07 ----D---- C:\Program Files\MSXML 4.0

2009-01-14 00:11:03 ----D---- C:\Program Files\Trend Micro

2009-01-10 12:43:57 ----D---- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP



======List of files/folders modified in the last 1 months======



2009-02-05 00:57:36 ----D---- C:\WINDOWS\Prefetch

2009-02-05 00:49:01 ----D---- C:\WINDOWS\Internet Logs

2009-02-05 00:47:49 ----D---- C:\Program Files\Mozilla Firefox

2009-02-05 00:47:33 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\AVGTOOLBAR

2009-02-05 00:45:39 ----D---- C:\WINDOWS\system32\DRIVERS

2009-02-05 00:45:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-02-05 00:45:03 ----D---- C:\WINDOWS\Temp

2009-02-05 00:40:29 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\OpenOffice.org2

2009-02-05 00:39:07 ----AH---- C:\WINDOWS\system32\FFASTLOG.TXT

2009-02-05 00:38:20 ----D---- C:\WINDOWS

2009-02-05 00:23:00 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-02-04 23:21:46 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2009-02-04 23:21:16 ----D---- C:\WINDOWS\system32\CatRoot2

2009-02-04 23:19:18 ----A---- C:\WINDOWS\ModemLog_U.S. Robotics 56K FAX EXT.txt

2009-02-03 20:12:23 ----HD---- C:\$AVG8.VAULT$

2009-02-03 11:15:38 ----HD---- C:\WINDOWS\INF

2009-02-03 08:16:16 ----D---- C:\WINDOWS\SYSTEM32

2009-02-03 08:04:39 ----A---- C:\WINDOWS\ntbtlog.txt

2009-02-03 07:26:35 ----D---- C:\Program Files

2009-02-03 05:01:56 ----D---- C:\unzipped

2009-02-02 07:18:19 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\Free Download Manager

2009-02-02 07:18:19 ----D---- C:\Documents and Settings\All Users\Application Data\avg8

2009-02-02 07:18:03 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2009-02-02 05:32:35 ----RSHD---- C:\WINDOWS\system32\DLLCACHE

2009-02-02 05:32:29 ----D---- C:\Program Files\Internet Explorer

2009-02-02 05:32:11 ----D---- C:\WINDOWS\ie7updates

2009-02-02 05:31:50 ----HD---- C:\WINDOWS\$hf_mig$

2009-02-02 05:31:43 ----A---- C:\WINDOWS\imsins.BAK

2009-02-02 05:11:28 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\Skype

2009-01-24 03:23:09 ----D---- C:\Program Files\Spyware Doctor

2009-01-24 02:46:20 ----ASH---- C:\BOOT.INI

2009-01-24 02:46:20 ----A---- C:\WINDOWS\WIN.INI

2009-01-24 02:46:20 ----A---- C:\WINDOWS\SYSTEM.INI

2009-01-24 02:46:15 ----D---- C:\WINDOWS\pss

2009-01-17 13:40:17 ----HD---- C:\Program Files\InstallShield Installation Information

2009-01-17 09:08:50 ----SHD---- C:\WINDOWS\Installer

2009-01-17 09:08:35 ----D---- C:\Config.Msi

2009-01-17 07:53:01 ----D---- C:\WINDOWS\A5W_DATA

2009-01-17 07:52:22 ----A---- C:\WINDOWS\A5W.INI

2009-01-17 06:38:48 ----D---- C:\WINDOWS\Help

2009-01-17 06:38:47 ----D---- C:\WINDOWS\system32\unknown

2009-01-17 05:40:08 ----D---- C:\WINDOWS\WinSxS

2009-01-17 03:31:17 ----D---- C:\Program Files\WINZIP

2009-01-16 22:37:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-16 22:35:49 ----D---- C:\WINDOWS\Minidump

2009-01-14 01:31:35 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-01-13 15:54:31 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\Mozilla

2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe



======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-02 325128]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-02 27656]

R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-02 107272]

R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-08-08 13535]

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-08 25160]

R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2009-01-05 66952]

R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2009-01-05 81288]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]

R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]

R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]

R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-09-03 32768]

R3 EPPSCSIx;EPPSCSI Driver; C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys [2007-07-07 105124]

R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-29 260096]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]

S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-03-04 1066278]

S3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-09-08 96704]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]

S3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]

S3 INIDVD;Initio USB DVD Filter Driver; C:\WINDOWS\system32\DRIVERS\inidvd.sys [2007-11-08 7936]

S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

S3 MR97310_VGA_DUAL_CAMERA;Dual-Mode Digital Camera; C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2002-11-07 116110]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]

S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2004-04-13 16509]

S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]



======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2007-06-14 411168]

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-02 903960]

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-02 298264]

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]

R2 EPSON_PM_RPCV2_01;EPSON V3 Service2(03); C:\WINDOWS\system32\E_S00RP1.EXE [2004-06-01 65536]

R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-10 137200]

R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]

R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe [2003-05-14 45056]

R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]

R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-05 1079176]

R2 Seagate Sync Service;Seagate Sync Service; C:\Program Files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]

R2 StatusAgent4;Epson Printer Status Agent4; C:\WINDOWS\system32\SAgent4.exe [2004-06-01 122880]

R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe [2008-07-09 75304]

R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584]

S2 aawservice;Lavasoft Ad-Aware Service; G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe []

S2 Diskeeper;Diskeeper; G:\Executive Software\DiskkeeperLite\DKService.exe []

S2 IomegaAccess;IomegaAccess; C:\Program Files\Iomega\Tools_NT\IOMEGAACCESS.EXE [1999-02-08 139264]

S2 ZipToA;ZipToA; C:\WINDOWS\system32\ZipToA.exe [1999-02-08 151552]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]

S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]



-----------------EOF-----------------

TKU again 4 yr help - kind regards - B.

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:32 AM

Posted 04 February 2009 - 04:48 PM

FF does not even Open & IE still will not connect to sites - i tried again after re-running REGEDIT4 properly.


The fix was not suppose to remove all the infections. This needs more than one post but we eventually get there.
  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


#12 Beagleburt

Beagleburt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 08 February 2009 - 11:24 AM

Dear farbar,
NB: i can NOT update MBAM. Ran another scan: nothing found. - (Last update was 4th Jan '09 NZT)
Here is the ComboFix log:

ComboFix 09-02-06.04 - Bruce Gilbert 2009-02-09 4:25:12.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.214 [GMT 13:00]

Running from: c:\documents and settings\Bruce Gilbert\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

FW: ZoneAlarm Firewall *enabled*

* Created a new restore point

.



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.



G:\Autorun.inf



.

((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 )))))))))))))))))))))))))))))))

.



2009-02-02 07:26 . 2009-02-02 07:27 <DIR> d-------- C:\rsit

2009-01-24 02:40 . 2009-01-24 02:40 <DIR> d-------- c:\documents and settings\Bruce Gilbert\Application Data\Malwarebytes

2009-01-24 02:39 . 2009-01-24 02:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-24 02:39 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

2009-01-24 02:39 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys

2009-01-17 13:40 . 2009-01-17 14:13 <DIR> d-------- c:\program files\Documents To Go

2009-01-17 13:13 . 2009-01-17 13:13 <DIR> d-------- c:\program files\MGI

2009-01-17 12:29 . 2009-01-17 12:29 0 --a------ c:\windows\QuickInstall.INI

2009-01-17 09:40 . 2009-01-17 09:40 <DIR> d-------- c:\documents and settings\Bruce Gilbert\Application Data\Arcsoft

2009-01-17 09:08 . 2009-01-18 00:58 <DIR> d-------- c:\program files\palmOne

2009-01-17 05:40 . 2009-01-17 05:40 <DIR> d-------- c:\program files\MSXML 4.0

2009-01-14 00:11 . 2009-01-14 00:11 <DIR> d-------- c:\program files\Trend Micro

2009-01-10 12:43 . 2009-01-10 12:43 <DIR> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP



.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-08 15:44 109,817,888 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-02-08 15:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-02-08 15:36 --------- d-----w c:\documents and settings\Bruce Gilbert\Application Data\OpenOffice.org2

2009-02-08 15:31 1,289,924 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-02-08 12:21 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater

2009-02-04 11:47 --------- d-----w c:\documents and settings\Bruce Gilbert\Application Data\AVGTOOLBAR

2009-02-01 18:18 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-02-01 18:18 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-02-01 18:18 --------- d-----w c:\documents and settings\Bruce Gilbert\Application Data\Free Download Manager

2009-02-01 18:18 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-02-01 16:11 --------- d-----w c:\documents and settings\Bruce Gilbert\Application Data\Skype

2009-01-23 14:23 --------- d-----w c:\program files\Spyware Doctor

2009-01-23 13:18 8,317,567 ----a-w c:\windows\Internet Logs\tvDebug.zip

2009-01-17 00:40 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-16 09:37 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-13 12:31 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-01-04 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

2009-01-04 19:12 66,952 ----a-w c:\windows\system32\drivers\iksysflt.sys

2009-01-04 19:11 81,288 ----a-w c:\windows\system32\drivers\iksyssec.sys

2009-01-04 19:11 40,840 ----a-w c:\windows\system32\drivers\ikfilesec.sys

2009-01-04 15:02 --------- d-----w c:\documents and settings\Bruce Gilbert\Application Data\Lavasoft

2008-12-21 16:48 --------- d-----w c:\program files\CyberLink

2008-12-21 15:59 --------- d-----w c:\program files\Common Files\Ahead

2008-12-21 15:58 --------- d-----w c:\documents and settings\Bruce Gilbert\Application Data\Ahead

2008-12-21 15:58 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead

2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys

2006-10-30 07:36 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856]

"UIWatcher"="c:\program files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe" [2003-05-29 598016]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2005-08-31 3084288]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2008-02-12 21898024]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2006-01-25 7094272]

"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]

"Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-15 50528]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-02 1601304]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-01-05 1168264]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 479232]

"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]

"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2008-02-18 1629480]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-09-17 1377576]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-02-18 1057064]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-30 190464]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2004-09-22 299008]

"Disk Counter For Windows XP 3.1"="c:\program files\Disk Counter For Windows XP\Disk Counter For Windows XP 3.1.exe" [2006-11-15 73728]

"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-06-14 1169720]

"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-06-14 1945688]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-06-14 149024]

"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]



[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]



[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\SYSTEM32\NARRATOR.EXE]



c:\documents and settings\Bruce Gilbert\Start Menu\Programs\Startup\

Alarm Manager.LNK - g:\program files\AlarmApp.exe [2008-07-02 524288]

HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-04-13 299008]

Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-21 111376]

Microsoft Office Shortcut Bar.lnk - c:\program files\Microsoft Office\Office\MSOFFICE.EXE [1996-11-21 333824]

Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-21 51984]

OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

StickyNote.lnk - c:\program files\StickyNote\StickyNote.exe [2002-04-16 65536]

TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2005-08-13 762368]



c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

Alarm Manager.LNK - c:\program files\palmOne\AlarmApp.exe [2004-04-13 274432]

HotSync Manager.lnk - g:\program files\HOTSYNC.EXE [2008-07-02 299008]

Iomega Icons.lnk - c:\program files\Iomega\Tools_NT\IMGICON.EXE [2007-01-18 28672]

Iomega Startup Options.lnk - c:\program files\Iomega\Tools_NT\STARTNT.EXE [2007-01-18 28672]

M8Clips.lnk - c:\program files\ClipM8\ClipM8.exe [2005-05-27 467968]

Refresh.lnk - c:\program files\Iomega\Tools_NT\REFRESH.EXE [2007-01-18 28672]

WinKey.lnk - c:\program files\WinKey\WinKey.exe [2005-03-25 99840]

WinZip Quick Pick.lnk - c:\program files\WINZIP\WZQKPICK.EXE [2005-02-26 106560]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-02 07:18 10520 c:\windows\SYSTEM32\avgrsstx.dll



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\MSMSGS.EXE"=

"c:\\Program Files\\Palm Emulator\\Emulator.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\StickyNote\\StickyNote.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=

"c:\\WINDOWS\\SYSTEM32\\MMC.EXE"=

"c:\\mirc\\mirc32.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=

"c:\\Program Files\\X-Chat 2\\xchat.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=



R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\SYSTEM32\DRIVERS\ppa.sys [2007-01-18 17792]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2008-06-28 325128]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2008-06-28 107272]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-04 903960]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-04 298264]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-09-10 356920]

R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]

R3 EPPSCSIx;EPPSCSI Driver;c:\windows\SYSTEM32\DRIVERS\eppscan.sys [2005-06-21 105124]

S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\SYSTEM32\DRIVERS\inidvd.sys [2008-10-22 7936]

S3 MR97310_VGA_DUAL_CAMERA;Dual-Mode Digital Camera;c:\windows\SYSTEM32\DRIVERS\MR97310v.sys [2006-01-13 116110]



--- Other Services/Drivers In Memory ---



*Deregistered* - mchInjDrv



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{556338c3-9a31-11d9-8fb1-806d6172696f}]

\Shell\AutoRun\command - E:\SETUP.EXE

.

Contents of the 'Scheduled Tasks' folder



2005-08-12 c:\windows\Tasks\RadioRhemaSat13-8-05.job

- c:\program files\TwinkleSoft\MediaRecorder\MediaRecorder.exe [2005-04-23 10:18]

.

- - - - ORPHANS REMOVED - - - -



HKCU-Run-Free Registry Fix - c:\program files\Promosoft Corporation\Free Registry Fix\regfix.exe

HKCU-Run-PhotoShow Deluxe Media Manager - c:\progra~1\Nero\data\Xtras\mssysmgr.exe

HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

HKLM-Run-SoundMAXPnP - c:\program files\Analog Devices\Core\smax4pnp.exe

HKLM-Run-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe

HKLM-Run-PCMService - c:\program files\Dell\Media Experience\PCMService.exe

HKLM-Run-LGODDFU - c:\program files\lg_fwupdate\fwupdate.exe

HKLM-Run-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe

HKLM-Run-gcasServ - c:\program files\Microsoft AntiSpyware\gcasServ.exe





.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.hotmail.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.hotmail.com/

mSearch Bar = hxxp://g.xtramsn.co.nz/0SEENNZ/SAOS01

uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

FF - ProfilePath - c:\documents and settings\Bruce Gilbert\Application Data\Mozilla\Firefox\Profiles\dgmm6mqf.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Blue_Moon

FF - plugin: c:\program files\Google\Google Updater\2.3.1334.1308\npCIDetect13.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\Picasa2\npPicasa2.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

.



**************************************************************************



catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-09 04:42:09

Windows 5.1.2600 Service Pack 2 NTFS



scanning hidden processes ...



scanning hidden autostart entries ...



scanning hidden files ...



scan completed successfully

hidden files: 0



**************************************************************************



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]

"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]

"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"

.

--------------------- LOCKED REGISTRY KEYS ---------------------



[HKEY_USERS\S-1-5-21-2423959379-3742405044-25982357-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------



- - - - - - - > 'lsass.exe'(848)

c:\windows\system32\relog_ap.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SYSTEM32\ZoneLabs\vsmon.exe

g:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\Common Files\Seagate\Schedule2\schedul2.exe

g:\executive software\DiskkeeperLite\DKService.exe

c:\windows\SYSTEM32\E_S00RP1.EXE

c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\CDBurnerXP Pro 3\Tools\NMSAccess.exe

c:\windows\SYSTEM32\SAgent4.exe

c:\program files\Skype\Phone\Skype.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe

c:\program files\OpenOffice.org 2.3\program\soffice.exe

c:\program files\AIM6\aolsoftware.exe

c:\program files\OpenOffice.org 2.3\program\soffice.bin

c:\program files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\SYSTEM32\WSCNTFY.EXE

c:\program files\Spyware Doctor\pctsSvc.exe

.

**************************************************************************

.

Completion time: 2009-02-09 4:50:29 - machine was rebooted

ComboFix-quarantined-files.txt 2009-02-08 15:50:23



Pre-Run: 17,111,597,056 bytes free

Post-Run: 17,085,526,016 bytes free



248 --- E O F --- 2009-02-01 16:32:50

************************************************************
Here is the MBAM log:

Malwarebytes' Anti-Malware 1.32

Database version: 1616

Windows 5.1.2600 Service Pack 2



09/02/2009 01:33:27

mbam-log-2009-02-09 (01-33-27).txt



Scan type: Quick Scan

Objects scanned: 65160

Time elapsed: 12 minute(s), 1 second(s)



Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0



Memory Processes Infected:

(No malicious items detected)



Memory Modules Infected:

(No malicious items detected)



Registry Keys Infected:

(No malicious items detected)



Registry Values Infected:

(No malicious items detected)



Registry Data Items Infected:

(No malicious items detected)



Folders Infected:

(No malicious items detected)



Files Infected:

(No malicious items detected)

*******************************
i hope the ComboFix log is helpful!
TKU & 'bye, 'bye for now.

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:32 AM

Posted 08 February 2009 - 02:15 PM

Beagleburt,

Please use Notepad to save the logs and make sure Wordwarp under Format menu is not selected. The reason I ask this because the logs have unusual formatting (an empty line between the line ) which make them longer and harder to read in a glance.

Combofix didn't find anything. We have to run updated MBAM and another scanner but we need Internet Explorer. We want to uninstall ZA to rule out its effect on the system. We can install it or another firewall later on.
  • Please go to start > Control Panel > double-click on Windows firewall and make sure it is on.

    Still in Control Panel open Add-Remove program and uninstall:

    ZoneAlarm

    Reboot the computer.

  • To check the volume for errors:
    • Click start and then My Computer.
    • Right click the drive C and select Properties.
    • Under Tools tab press Check Now...
    • Put a check mark in both items and press start.
    • If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check.
      Please wait until the check is completed and the system restarts. It some some time, may be even 1 hour or more.
  • After restart see if MBAM can be updated and if Internet Explorer opens.

  • Please run RSIT, set the list of Files/Folders created to 1 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).

Edited by farbar, 08 February 2009 - 02:17 PM.


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:32 AM

Posted 10 February 2009 - 07:22 PM

Are you still there?

#15 Beagleburt

Beagleburt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 11 February 2009 - 03:55 PM

Dear farbar,
Am back again - srry about the delay.
I am puzzled by Notepad behaviour - I have made sure Tools >"Wordwrap" is not selected every time?
Turned ON Windows firewall ok.
REMOVED Zone Alarm ok.
Ran "Chkdsk" ok - (missed final report & i can't find any log?).
MBAM updated ok - ran it - "No malicious files found."
IE connects ok!
Ran RSIT - log follows:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Bruce Gilbert at 2009-02-12 09:33:03
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 16 GB (45%) free of 37 GB
Total RAM: 510 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:33:58, on 12/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
G:\Executive Software\DiskkeeperLite\DKService.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\palmOne\AlarmApp.exe
G:\Program Files\HOTSYNC.EXE
C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
C:\Program Files\ClipM8\ClipM8.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\WinKey\WinKey.exe
C:\Program Files\WINZIP\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\StickyNote\StickyNote.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
G:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Bruce Gilbert.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.xtramsn.co.nz/0SEENNZ/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Disk Counter For Windows XP 3.1] C:\Program Files\Disk Counter For Windows XP\Disk Counter For Windows XP 3.1.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-AU ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Alarm Manager.LNK = G:\Program Files\AlarmApp.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: StickyNote.lnk = C:\Program Files\StickyNote\StickyNote.exe
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\palmOne\AlarmApp.exe
O4 - Global Startup: HotSync Manager.lnk = G:\Program Files\HOTSYNC.EXE
O4 - Global Startup: Iomega Icons.lnk = ?
O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools_NT\STARTNT.EXE
O4 - Global Startup: M8Clips.lnk = C:\Program Files\ClipM8\ClipM8.exe
O4 - Global Startup: Refresh.lnk = C:\Program Files\Iomega\Tools_NT\REFRESH.EXE
O4 - Global Startup: WinKey.lnk = C:\Program Files\WinKey\WinKey.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WINZIP\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by17fd.bay17.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - G:\Executive Software\DiskkeeperLite\DKService.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\Program Files\Iomega\Tools_NT\IOMEGAACCESS.EXE
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\system32\ZipToA.exe

--
End of file - 15068 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RadioRhemaSat13-8-05.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-15 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-02-02 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c1ce531-09e9-4fc5-9803-1c2956615786}]
IeCaptureBho Object - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll [2006-10-30 114176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-02 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll [2008-09-10 651248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-07-14 342600]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-02 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-02 1601304]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-01-05 1168264]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe [2005-07-15 479232]
"Zone Labs Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"StxTrayMenu"=C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe [2007-01-18 190008]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2008-02-18 1629480]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2007-09-17 1377576]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-02-23 278528]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2008-02-18 1057064]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-10-30 190464]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2004-09-22 299008]
"Disk Counter For Windows XP 3.1"=C:\Program Files\Disk Counter For Windows XP\Disk Counter For Windows XP 3.1.exe [2006-11-15 73728]
"DiscWizardMonitor.exe"=C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [2007-06-14 1169720]
"AcronisTimounterMonitor"=C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe [2007-06-14 1945688]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2007-06-14 149024]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-02 68856]
"UIWatcher"=C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe [2003-05-29 598016]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe [2005-08-31 3084288]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2008-02-12 21898024]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2006-01-25 7094272]
"ATnotes.exe"=C:\Program Files\ATnotes\ATnotes.exe [2005-01-05 1015808]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-01-15 50528]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Alarm Manager.LNK - C:\Program Files\palmOne\AlarmApp.exe
HotSync Manager.lnk - G:\Program Files\HOTSYNC.EXE
Iomega Icons.lnk - C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
Iomega Startup Options.lnk - C:\Program Files\Iomega\Tools_NT\STARTNT.EXE
M8Clips.lnk - C:\Program Files\ClipM8\ClipM8.exe
Refresh.lnk - C:\Program Files\Iomega\Tools_NT\REFRESH.EXE
WinKey.lnk - C:\Program Files\WinKey\WinKey.exe
WinZip Quick Pick.lnk - C:\Program Files\WINZIP\WZQKPICK.EXE

C:\Documents and Settings\Bruce Gilbert\Start Menu\Programs\Startup
Alarm Manager.LNK - G:\Program Files\AlarmApp.exe
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
Microsoft Office Shortcut Bar.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
StickyNote.lnk - C:\Program Files\StickyNote\StickyNote.exe
TimeLeft.lnk - C:\Program Files\TimeLeft3\TimeLeft.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-02 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Disabled:Windows Messenger"
"C:\Program Files\Palm Emulator\Emulator.exe"="C:\Program Files\Palm Emulator\Emulator.exe:*:Disabled:Palm OSŪ Emulator"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\StickyNote\StickyNote.exe"="C:\Program Files\StickyNote\StickyNote.exe:*:Disabled:Architecture launch vehicle"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Disabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Disabled:avgupd.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\WINDOWS\SYSTEM32\DPVSETUP.EXE"="C:\WINDOWS\SYSTEM32\DPVSETUP.EXE:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\SYSTEM32\MMC.EXE"="C:\WINDOWS\SYSTEM32\MMC.EXE:*:Disabled:Microsoft Management Console"
"C:\mirc\mirc32.exe"="C:\mirc\mirc32.exe:*:Disabled:mIRC Internet Relay Chat Client"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:MSN Messenger 7.5"
"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Disabled:SmartFTP Client"
"C:\Program Files\X-Chat 2\xchat.exe"="C:\Program Files\X-Chat 2\xchat.exe:*:Disabled:xchat"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Mozilla Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{556338c3-9a31-11d9-8fb1-806d6172696f}]
shell\AutoRun\command - E:\SETUP.EXE


======List of files/folders created in the last 1 months======

2009-02-12 09:31:50 ----A---- C:\Program Files\RSIT.exe
2009-02-12 09:00:49 ----SHD---- C:\RECYCLER
2009-02-09 04:50:34 ----A---- C:\ComboFix.txt
2009-02-09 04:19:25 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-09 04:19:24 ----A---- C:\WINDOWS\SWREG.exe
2009-02-09 04:19:23 ----A---- C:\WINDOWS\zip.exe
2009-02-09 04:19:23 ----A---- C:\WINDOWS\VFIND.exe
2009-02-09 04:19:23 ----A---- C:\WINDOWS\sed.exe
2009-02-09 04:19:23 ----A---- C:\WINDOWS\grep.exe
2009-02-09 04:19:23 ----A---- C:\WINDOWS\fdsv.exe
2009-02-09 04:19:22 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-09 04:19:22 ----A---- C:\WINDOWS\SWSC.exe
2009-02-09 04:19:09 ----D---- C:\WINDOWS\ERDNT
2009-02-09 04:19:09 ----D---- C:\Qoobox
2009-02-09 03:53:02 ----ASH---- C:\BOOT.BAK
2009-02-09 03:52:37 ----RSHD---- C:\cmdcons
2009-02-09 03:48:14 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-02-09 03:48:12 ----D---- C:\WINDOWS\setup.pss
2009-02-03 10:43:12 ----RASHD---- C:\autorun.inf
2009-02-02 07:26:11 ----D---- C:\rsit
2009-02-02 05:31:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-02-02 05:30:52 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-24 02:40:00 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\Malwarebytes
2009-01-24 02:39:50 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-17 13:40:17 ----D---- C:\Program Files\Documents To Go
2009-01-17 13:13:34 ----D---- C:\Program Files\MGI
2009-01-17 12:29:40 ----A---- C:\WINDOWS\QuickInstall.INI
2009-01-17 09:40:21 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\Arcsoft
2009-01-17 09:08:18 ----D---- C:\Program Files\palmOne
2009-01-17 05:40:07 ----D---- C:\Program Files\MSXML 4.0
2009-01-14 00:11:03 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2009-02-12 09:31:50 ----D---- C:\Program Files
2009-02-12 09:31:32 ----D---- C:\Program Files\Windows Media Connect 2
2009-02-12 09:24:56 ----A---- C:\WINDOWS\ModemLog_U.S. Robotics 56K FAX EXT.txt
2009-02-12 09:17:01 ----D---- C:\WINDOWS\Temp
2009-02-12 09:14:32 ----D---- C:\WINDOWS\Help
2009-02-12 08:52:08 ----D---- C:\WINDOWS\system32\DRIVERS
2009-02-12 08:07:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-12 07:44:11 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\OpenOffice.org2
2009-02-12 07:42:51 ----AH---- C:\WINDOWS\system32\FFASTLOG.TXT
2009-02-12 07:42:38 ----D---- C:\WINDOWS
2009-02-12 07:05:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-12 06:51:50 ----D---- C:\WINDOWS\SYSTEM32
2009-02-12 06:51:50 ----D---- C:\WINDOWS\Internet Logs
2009-02-12 06:50:46 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-02-09 05:09:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-09 04:42:56 ----A---- C:\WINDOWS\system.ini
2009-02-09 04:30:31 ----D---- C:\WINDOWS\system32\CONFIG
2009-02-09 04:28:35 ----D---- C:\Program Files\Common Files
2009-02-09 04:28:34 ----D---- C:\WINDOWS\AppPatch
2009-02-09 04:19:03 ----D---- C:\WINDOWS\Prefetch
2009-02-09 03:53:02 ----RASH---- C:\boot.ini
2009-02-06 01:40:18 ----HD---- C:\WINDOWS\INF
2009-02-06 01:31:43 ----D---- C:\unzipped
2009-02-05 00:47:49 ----D---- C:\Program Files\Mozilla Firefox
2009-02-05 00:47:33 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\AVGTOOLBAR
2009-02-03 20:12:23 ----HD---- C:\$AVG8.VAULT$
2009-02-03 08:04:39 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-02 07:18:19 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\Free Download Manager
2009-02-02 07:18:19 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-02-02 07:18:03 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-02-02 05:32:35 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-02-02 05:32:29 ----D---- C:\Program Files\Internet Explorer
2009-02-02 05:32:11 ----D---- C:\WINDOWS\ie7updates
2009-02-02 05:31:50 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-02 05:31:43 ----A---- C:\WINDOWS\imsins.BAK
2009-02-02 05:11:28 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\Skype
2009-01-24 03:23:09 ----D---- C:\Program Files\Spyware Doctor
2009-01-24 02:46:20 ----A---- C:\WINDOWS\WIN.INI
2009-01-24 02:46:15 ----D---- C:\WINDOWS\pss
2009-01-17 13:40:17 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-17 09:08:50 ----SHD---- C:\WINDOWS\Installer
2009-01-17 09:08:35 ----D---- C:\Config.Msi
2009-01-17 07:53:01 ----D---- C:\WINDOWS\A5W_DATA
2009-01-17 07:52:22 ----A---- C:\WINDOWS\A5W.INI
2009-01-17 06:38:47 ----D---- C:\WINDOWS\system32\unknown
2009-01-17 05:40:08 ----D---- C:\WINDOWS\WinSxS
2009-01-17 03:31:17 ----D---- C:\Program Files\WINZIP
2009-01-16 22:37:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-16 22:35:49 ----D---- C:\WINDOWS\Minidump
2009-01-14 01:31:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-13 15:54:31 ----D---- C:\Documents and Settings\Bruce Gilbert\Application Data\Mozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-02 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-02 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-02 107272]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-08-08 13535]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-08 25160]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2009-01-05 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2009-01-05 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-09-03 32768]
R3 EPPSCSIx;EPPSCSI Driver; C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys [2007-07-07 105124]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-29 260096]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-03-04 1066278]
S3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-09-08 96704]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
S3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
S3 INIDVD;Initio USB DVD Filter Driver; C:\WINDOWS\system32\DRIVERS\inidvd.sys [2007-11-08 7936]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MR97310_VGA_DUAL_CAMERA;Dual-Mode Digital Camera; C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2002-11-07 116110]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2004-04-13 16509]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2007-06-14 411168]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-02 903960]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-02 298264]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 Diskeeper;Diskeeper; G:\Executive Software\DiskkeeperLite\DKService.exe [2002-10-16 176128]
R2 EPSON_PM_RPCV2_01;EPSON V3 Service2(03); C:\WINDOWS\system32\E_S00RP1.EXE [2004-06-01 65536]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-10 137200]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe [2003-05-14 45056]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-05 1079176]
R2 Seagate Sync Service;Seagate Sync Service; C:\Program Files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]
R2 StatusAgent4;Epson Printer Status Agent4; C:\WINDOWS\system32\SAgent4.exe [2004-06-01 122880]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584]
S2 IomegaAccess;IomegaAccess; C:\Program Files\Iomega\Tools_NT\IOMEGAACCESS.EXE [1999-02-08 139264]
S2 ZipToA;ZipToA; C:\WINDOWS\system32\ZipToA.exe [1999-02-08 151552]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]

-----------------EOF-----------------
TKU V.Much 4 your continued effort!
Kind regards to you & yours,
'bye, 'bye 4 now - Bruce Gilbert.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users