Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Cryptor


  • This topic is locked This topic is locked
30 replies to this topic

#1 schatzie13

schatzie13

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 26 July 2009 - 12:04 AM

Dear Bleeping Computer Experts,

This is my first post so please bear with me. I have exhausted all other means of attempting to eradicate this virus/malware. Having been at it for awhile I appreciate any assistance that can be provided.

Thanks in advance for your assistance, time expertise and patience.

schatzie13


As follows is the DDS Log;


DDS (Ver_09-06-26.01) - NTFSx86
Run by Sally Sondesky at 0:41:01.80 on Sun 07/26/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.428 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sally Sondesky\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: : {c1da5ce9-cd7e-45a7-956a-3f2002c8e012} - c:\windows\system32\uxffkgr.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: {1D036C0D-12D5-45ED-9293-61B9FED5A7D7} = 66.174.95.44 66.174.92.14
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R?Unknown cgrjdetn;cgrjdetn; [x]
R0 aehofghn;aehofghn;c:\windows\system32\drivers\aehofghn.sys [2004-11-15 23424]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-6-5 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-5 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-5 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-5 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-5 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-5 298776]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2009-7-5 29952]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2009-7-5 41856]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2009-7-5 39936]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2009-7-5 59520]
S0 ezxvq;ezxvq;c:\windows\system32\drivers\djbrdl.sys --> c:\windows\system32\drivers\djbrdl.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-3-12 1252232]

=============== Created Last 30 ================

2009-07-25 23:55 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-25 23:42 <DIR> acdshr-- C:\cmdcons
2009-07-25 23:35 219,648 ac------ c:\windows\PEV.exe
2009-07-25 23:35 161,792 ac------ c:\windows\SWREG.exe
2009-07-25 23:35 98,816 ac------ c:\windows\sed.exe
2009-07-25 22:19 <DIR> -cd----- c:\windows\LastGood.Tmp
2009-07-25 22:19 <DIR> -cd----- c:\windows\system32\NtmsData
2009-07-05 22:59 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-05 22:59 <DIR> -cd----- c:\program files\SUPERAntiSpyware
2009-07-05 22:59 <DIR> -cd----- c:\docume~1\sallys~1\applic~1\SUPERAntiSpyware.com
2009-07-05 22:15 <DIR> -cd----- c:\docume~1\sallys~1\applic~1\Smith Micro
2009-07-05 21:06 15,688 ac------ c:\windows\system32\lsdelete.exe
2009-07-05 17:53 77,824 ac------ c:\windows\system32\ptdmwmcp.dll
2009-07-05 17:53 59,520 ac------ c:\windows\system32\drivers\PTDMWWAN.sys
2009-07-05 17:53 41,856 ac------ c:\windows\system32\drivers\PTDMMdm.sys
2009-07-05 17:53 39,936 ac------ c:\windows\system32\drivers\PTDMVsp.sys
2009-07-05 17:53 29,952 ac------ c:\windows\system32\drivers\PTDMBus.sys
2009-07-05 17:53 <DIR> -cd----- c:\program files\PANTECH
2009-07-05 17:52 <DIR> -cd----- c:\program files\Verizon Wireless
2009-07-05 17:50 <DIR> -cd----- c:\docume~1\sallys~1\applic~1\Malwarebytes
2009-07-05 17:50 38,160 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 17:50 19,096 ac------ c:\windows\system32\drivers\mbam.sys
2009-07-05 17:50 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-05 17:50 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-07-05 16:21 64,160 ac------ c:\windows\system32\drivers\Lbd.sys
2009-07-05 16:12 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-05 16:12 <DIR> -cd----- c:\program files\Lavasoft
2009-07-04 09:22 <DIR> -cd----- c:\docume~1\sallys~1\applic~1\sifsknvq
2009-07-02 10:40 148,213 -c------ c:\windows\hpoins36.dat.temp
2009-07-02 10:40 524 -c------ c:\windows\hpomdl36.dat.temp
2009-07-02 10:20 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\WEBREG
2009-07-02 10:14 <DIR> -cd----- c:\program files\Yahoo!
2009-07-02 10:08 974,848 ac---r-- c:\windows\system32\hpost_p02b.dll
2009-07-02 10:08 737,280 ac---r-- c:\windows\system32\hposwia_p02b.dll
2009-07-02 10:08 307,200 ac---r-- c:\windows\system32\hposc_p02a.dll
2009-07-02 10:08 <DIR> -cd----- c:\program files\common files\HP
2009-07-02 10:07 <DIR> -cd----- c:\program files\common files\Hewlett-Packard
2009-07-02 10:07 <DIR> -cd----- c:\program files\HP
2009-07-02 10:06 16,496 ac---r-- c:\windows\system32\drivers\HPZipr12.sys
2009-07-02 10:06 49,920 ac---r-- c:\windows\system32\drivers\HPZid412.sys
2009-07-02 10:06 271,704 ac---r-- c:\windows\system32\hpzids01.dll
2009-07-02 10:06 121,344 ac------ c:\windows\system32\hpf3l083.dll
2009-07-02 10:05 319,456 ac------ c:\windows\system32\difxapi.dll
2009-07-02 10:05 372,736 ac---r-- c:\windows\system32\hppldcoi.dll
2009-07-02 10:05 21,568 ac---r-- c:\windows\system32\drivers\HPZius12.sys
2009-07-02 10:03 32,128 ac------ c:\windows\system32\drivers\usbccgp.sys
2009-07-02 10:03 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-07-02 10:03 147,249 ac------ c:\windows\hpoins36.dat
2009-07-02 10:03 524 -c------ c:\windows\hpomdl36.dat

==================== Find3M ====================

2009-07-25 23:46 102,400 ac------ c:\windows\system32\lqrpzzt.dll
2009-07-25 23:46 23,424 ac------ c:\windows\system32\drivers\wmcqnlbx.sys
2009-07-25 23:35 182,656 ac------ c:\windows\system32\drivers\ndis.sys
2009-07-05 20:56 798 ac------ c:\program files\fnbldiyc.txt
2009-07-04 09:23 335,752 ac------ c:\windows\system32\drivers\avgldx86.sys
2009-06-18 16:34 25,626 -c------ c:\docume~1\sallys~1\applic~1\wklnhst.dat
2009-06-05 15:58 11,952 ac------ c:\windows\system32\avgrsstx.dll
2009-06-05 15:58 108,552 ac------ c:\windows\system32\drivers\avgtdix.sys
2009-06-05 15:57 12,552 ac------ c:\windows\system32\drivers\avgrkx86.sys
2009-05-13 01:15 915,456 ac------ c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 ac------ c:\windows\system32\localspl.dll
2007-07-07 08:48 35,072 -c------ c:\docume~1\sallys~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 0:41:26.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:21 AM

Posted 05 August 2009 - 03:36 AM

Hello and :thumbup2: to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

-----------------------------------------------------------

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:)

#3 schatzie13

schatzie13
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 06 August 2009 - 09:45 AM

Hello Net Surfer.

The situation still stands that we are being plagued by the Win32/Cryptor showing up when scanned by AVG, but no way to eradicate it.

The DDS log still stands as we have done nothing since I posted the previous DDS log. The computer is usable, although I am not allowing anyone to use it as I am concerned about this particular malware continuing its insidious spread throughout the machine.

Now that we are up to date, I look forward to hearing from someone to help me with this situation. I know you are all overburdened and I for one, as do many, appreciate all that you and the rest of the helpers do.

Thanks,
Schatzie13

#4 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:21 AM

Posted 06 August 2009 - 10:25 PM

Hello schatzie13, and :) to Bleeping Computer Malware Removal Forum, My Nick is Net_Surfer I'll be glad to help you with your computer problems.

I will be working on your Malware issues, this may or may not solve other issues you may have with your machine.

Sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to.

Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.


You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown Here.

-----------------------------------------------------------


Please be patient and I'd be grateful if you would note the following:

The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.

1. Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic.
2. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
3. All of my posts need to be checked by my coach before they are posted here your benefit will be "four eyes and two brains" looking into your problem, but my responses may be somewhat delayed so please be patient while I attempt to remove your malware.
4. Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.


In the meantime Please, Do NOT install any new programs or update anything unless told to do so while we are fixing your problem.

Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay
.

Kind regards
Net_Surfer

:thumbup2:

#5 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:21 AM

Posted 07 August 2009 - 03:52 PM

Hello again schatzie13.:)

Please observe these rules while we work:
  • Please Read All Instructions Carefully
  • Perform all actions in the order given.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
  • In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please continue to review my answers until I tell you that your machine is clean and free of malware. (Remember absence of symptoms does not mean that everything is clear).
Just because you can't see a problem doesn't mean it isn't there.

If you can do these things, everything should go smoothly. :thumbup2:

----------------------------^-------------------------------


Please follow the instructions of the next set of steps:

Step #1.

We need to disable Ad-Watch before we run our fixing tools.

Right click on the Ad-Watch icon in the system tray.
At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
Active: This will turn Ad-Watch On\Off without closing it.
Automatic: Suspicious activity will be blocked automatically.
Uncheck both of those boxes.

Instructions how to Disable Ad-Watch if needed. to make sure it won't interfere fixing.



A word of warning if you are a lurker: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use
.

Combofix is a very complex and dangerous tool. It is not a one fit all tool and it is not automatically removing what needs to be removed by itself. It is like a scalpel in the hands of a surgeon. A surgeon can remove exactly what is need and no more while an untrained person would either cut too much or not enough.

Combofix is powerful enough to be able to render your computer unbootable if used wrongly or to leave your computer infected if you do not know what you are doing..



You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Please read Combofix's Disclaimer.

ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix




Please ensure that you have disabled your anti-virus program before using the following tool:


Please download ComboFix from one of these locations:
WARNING: This tool is not a toy and not for everyday use!!!.

Link 1
Link 2

**Note: In the event you already have Combofix please delete it, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • *Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Please insert your flash drive and all usb-drives before running Combofix
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • *Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
    Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

-----------------------------------------------------------

  • Double click Posted Image on your desktop & follow the prompts.
  • If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.
  • Leave your computer alone while ComboFix is running. Do not mouseclick combofix's window while it's running. That may cause it to stall**
    ComboFix will restart your computer if malware is found; allow it to do so.

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
Notes:
ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Step #2.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Step #3.

We need to see more information about what is happening in your machine. Please perform the following scan:

Run random's system information tool (RSIT)

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control
HERE

Please note that it is important that RSIT be run and a log created while in normal mode. *If you run it and create your log while in safe mode, you will be asked to redo it again properly.
  • Download: random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
Please post the contents of both here in your next reply.

log.txt (<<--- will be maximized) and info.txt (<<--- will be minimized)


Summary of the logs I will need in your next reply:
  • The report log of Combofix located at: "C:\ComboFix.txt"
  • The report log of Gmer
  • The two logs of RSIT.
And a description of any remaining problems in your next post.

How is your Computer running now?.


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer

:)

#6 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:21 AM

Posted 09 August 2009 - 05:58 PM

:) Bump :)

Hello schatzie13 . :cool:

Are you still there
??? :thumbup2:

If you are please follow the instructions in my previous post.

Please continue to review my answers until I tell you your machine appears to be clear. Remember absence of symptoms does not mean that everything is clear.


If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Unfortunately, if I do not hear back from you within 3 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread.


Kind regards
Net_Surfer

:)

#7 schatzie13

schatzie13
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 09 August 2009 - 06:21 PM

My apologies NetSurfer. Played hooky for the weekend. Will follow instructions tonight and tomorrow and report back promptly. Thanks for your assistance in this p.i.t.b. matter.

Schatzie13

#8 schatzie13

schatzie13
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 11 August 2009 - 12:07 AM

Dear NetSurfer,

All items are as requested and follow below (I surely hope I have gotten better at following instructions!) Should you prefer that I post with these four as attachments, please let me know. I have attempted to put bold asterisks separating the logs.

At this exact moment, it is running slowly, however I am not seeing (fingers crossed) anything about Win32Cryptor being found by AVG, so here is hoping!!

Patiently awaiting further instructions.

Schatzie13

ComboFix Log
*********************************************

ComboFix 09-08-10.01 - Sally Sondesky 08/10/2009 23:02.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.595 [GMT -4:00]
Running from: c:\documents and settings\Sally Sondesky\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

?


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AEHOFGHN
-------\Service_aehofghn


((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))
.

2009-07-26 05:33 . 2009-07-26 05:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-26 05:22 . 2009-07-26 05:22 3775176 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-26 03:08 . 2009-07-26 03:08 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\Sonic
2009-07-26 02:19 . 2009-07-26 03:17 -------- dc----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 02:54 . 2009-07-02 14:42 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\HPAppData
2009-08-11 02:38 . 2009-06-05 18:05 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-26 05:35 . 2007-09-15 17:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-26 05:23 . 2009-07-05 21:50 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 03:46 . 2004-11-15 23:32 102400 -c--a-w- c:\windows\system32\lqrpzzt.dll
2009-07-26 03:46 . 2004-11-15 23:32 23424 -c--a-w- c:\windows\system32\drivers\wmcqnlbx.sys
2009-07-26 03:35 . 2004-11-15 23:32 182656 -c--a-w- c:\windows\system32\drivers\ndis.sys
2009-07-13 17:36 . 2009-07-05 21:50 38160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-07-05 21:50 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-07-06 03:16 . 2009-07-06 02:59 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\SUPERAntiSpyware.com
2009-07-06 03:16 . 2009-07-06 02:59 -------- dc----w- c:\program files\SUPERAntiSpyware
2009-07-06 02:59 . 2009-07-06 02:59 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-06 02:15 . 2009-07-06 02:15 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\Smith Micro
2009-07-06 00:56 . 2009-07-06 00:56 798 -c--a-w- c:\program files\fnbldiyc.txt
2009-07-06 00:16 . 2009-07-06 00:16 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-05 21:53 . 2009-07-05 21:53 -------- dc----w- c:\program files\PANTECH
2009-07-05 21:52 . 2009-07-05 21:52 -------- dc----w- c:\program files\Verizon Wireless
2009-07-05 21:52 . 2008-10-18 01:14 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\U3
2009-07-05 21:50 . 2009-07-05 21:50 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\Malwarebytes
2009-07-05 21:50 . 2009-07-05 21:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-04 23:45 . 2009-07-02 14:14 -------- dc----w- c:\program files\Yahoo!
2009-07-04 13:23 . 2009-06-05 18:05 335752 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-04 13:22 . 2009-07-04 13:22 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\sifsknvq
2009-07-03 14:15 . 2009-06-16 17:03 2053912 -c----w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-03 14:15 . 2009-06-05 19:58 335752 -c----w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-03 14:15 . 2009-07-03 14:15 2312984 -c----w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgdiagex.exe
2009-07-03 14:15 . 2009-06-10 19:23 3403032 -c----w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-03 14:15 . 2009-06-10 19:23 1206040 -c----w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-03 14:15 . 2009-06-10 19:23 493336 -c----w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtbapi.dll
2009-07-03 14:15 . 2009-06-10 19:23 3298584 -c----w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-03 14:15 . 2009-07-03 14:15 337176 -c----w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-03 14:15 . 2009-06-10 19:23 836888 -c----w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-03 14:14 . 2009-06-05 19:57 1086744 -c----w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-03 14:14 . 2009-06-05 19:57 1471768 -c----w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-02 14:43 . 2009-06-10 19:23 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-02 14:42 . 2009-07-02 14:42 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\Yahoo!
2009-07-02 14:42 . 2006-01-07 12:50 -------- dc----w- c:\program files\Windows Media Connect 2
2009-07-02 14:40 . 2009-07-02 14:03 147249 -c--a-w- c:\windows\hpoins36.dat
2009-07-02 14:34 . 2009-07-02 14:17 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\HP
2009-07-02 14:20 . 2009-07-02 14:20 -------- dc----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-07-02 14:18 . 2005-08-25 21:37 38960 -c----w- c:\documents and settings\Sally Sondesky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-02 14:14 . 2009-07-02 14:07 -------- dc----w- c:\program files\HP
2009-07-02 14:12 . 2009-07-02 14:12 -------- dc----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-07-02 14:10 . 2009-07-02 14:10 -------- dc----w- c:\documents and settings\All Users\Application Data\HP
2009-07-02 14:08 . 2009-07-02 14:08 -------- dc----w- c:\program files\Common Files\HP
2009-07-02 14:07 . 2009-07-02 14:07 -------- dc----w- c:\program files\Common Files\Hewlett-Packard
2009-07-02 14:07 . 2009-07-02 14:07 -------- dc----w- c:\program files\Hewlett-Packard
2009-06-18 20:34 . 2005-08-25 22:44 25626 -c----w- c:\documents and settings\Sally Sondesky\Application Data\wklnhst.dat
2009-06-16 17:02 . 2009-06-05 18:05 27784 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-05 19:58 . 2009-06-05 18:05 11952 -c--a-w- c:\windows\system32\avgrsstx.dll
2009-06-05 19:58 . 2009-06-05 18:05 108552 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-05 19:57 . 2009-06-05 18:05 12552 -c--a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-06-02 17:38 . 2009-06-10 19:23 1004800 -c----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-05-13 05:15 . 2004-11-15 23:32 915456 -c--a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-26_03.53.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-11 03:06 . 2009-08-11 03:06 12288 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-11 03:06 . 2009-08-11 03:06 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-11 03:06 . 2009-08-11 03:06 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-11 03:06 . 2009-08-11 03:06 241664 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-11 03:06 . 2009-08-11 03:06 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-11 03:06 . 2009-08-11 03:06 3178496 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 14:37 1008896 -c--a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1DA5CE9-CD7E-45A7-956A-3F2002C8E012}]
2004-08-04 12:00 102400 -c--a-w- c:\windows\system32\uxffkgr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-10 1948440]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-16 98304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 18:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-05 19:58 11952 -c--a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TAPPSRV"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"Swupdtmr"=2 (0x2)
"SoundMAX Agent Service (default)"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"OwnershipProtocol"=2 (0x2)
"MpfService"=2 (0x2)
"MDM"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"EvtEng"=2 (0x2)
"DVD-RAM_Service"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"CFSvcs"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 aehofghn;aehofghn;c:\windows\system32\drivers\aehofghn.sys [11/15/2004 7:32 PM 23424]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [6/5/2009 2:05 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/5/2009 2:05 PM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/5/2009 2:05 PM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/5/2009 2:05 PM 298776]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [7/5/2009 5:53 PM 29952]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [7/5/2009 5:53 PM 41856]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [7/5/2009 5:53 PM 39936]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [7/5/2009 5:53 PM 59520]
S0 ezxvq;ezxvq;c:\windows\system32\drivers\djbrdl.sys --> c:\windows\system32\drivers\djbrdl.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
TCP: {1D036C0D-12D5-45ED-9293-61B9FED5A7D7} = 66.174.95.44 66.174.92.14
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 23:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(208)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-08-11 23:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-11 03:13
ComboFix2.txt 2009-07-26 03:56

Pre-Run: 87,311,892,480 bytes free
Post-Run: 87,287,943,168 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
233 --- E O F --- 2009-07-04 13:38
*****************************



Gmer Log
*****************************

GMER 1.0.15.15020 [nhp2dhot.exe] - http://www.gmer.net
Rootkit quick scan 2009-08-10 23:30:30
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

******************************


RSIT Log.txt
*******************************

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sally Sondesky at 2009-08-10 23:37:49
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 83 GB (87%) free of 95 GB
Total RAM: 1015 MB (58% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-10-16 322864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-06-05 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\DOCUME~1\SALLYS~1\Desktop\Natasha\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-03 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1DA5CE9-CD7E-45A7-956A-3F2002C8E012}]
c:\windows\system32\uxffkgr.dll [2004-08-04 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-10 1948440]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-11-16 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-10-28 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLCC]
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-03 122939]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dll32]
dll32 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2004-10-15 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
C:\Program Files\Browser MOUSE\mouse32a.exe [2005-08-25 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1127653601\ee\AOLHostManager.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2004-10-08 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2004-10-08 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-15 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe [2003-09-05 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
C:\Program Files\Notebook Maximizer\maximizer_startup.exe [2004-05-25 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-09-07 1077301]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
C:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2004-11-16 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reader_s]
C:\WINDOWS\System32\reader_s.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2004-09-15 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-07-27 1388544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-14 688218]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-14 98394]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysldtray]
C:\windows\ld08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool]
C:\WINDOWS\sysguard.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2004-12-14 368640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2003-09-05 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
C:\WINDOWS\system32\TPSMain.exe [2004-08-27 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
C:\Program Files\Toshiba\Tvs\TvsTray.exe [2004-11-12 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0A\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
C:\WINDOWS\system32\RAMASST.exe [2003-03-14 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TAPPSRV"=2
"Symantec Core LC"=2
"Swupdtmr"=2
"SoundMAX Agent Service (default)"=2
"S24EventMonitor"=2
"RegSrvc"=2
"OwnershipProtocol"=2
"MpfService"=2
"MDM"=2
"McSysmon"=3
"McShield"=2
"McProxy"=2
"McODS"=3
"McNASvc"=2
"mcmscsvc"=2
"LiveUpdate Notice Service"=2
"LiveUpdate Notice Ex"=2
"EvtEng"=2
"DVD-RAM_Service"=2
"CLTNetCnService"=2
"CFSvcs"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-05 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-10-08 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-10-15 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Disabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Disabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Disabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Disabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Disabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Disabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Disabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Disabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

======List of files/folders created in the last 1 months======

2009-08-10 23:37:50 ----DC---- C:\Program Files\trend micro
2009-08-10 23:37:49 ----DC---- C:\rsit
2009-08-10 23:13:49 ----DC---- C:\WINDOWS\temp
2009-08-10 23:13:47 ----AC---- C:\ComboFix.txt
2009-07-26 01:33:21 ----DC---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-25 23:42:23 ----AC---- C:\Boot.bak
2009-07-25 23:42:19 ----RASHDC---- C:\cmdcons
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\zip.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\SWXCACLS.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\SWSC.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\SWREG.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\sed.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\PEV.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\NIRCMD.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\grep.exe
2009-07-25 23:35:45 ----DC---- C:\WINDOWS\ERDNT
2009-07-25 23:33:31 ----DC---- C:\Qoobox
2009-07-25 23:08:20 ----DC---- C:\Documents and Settings\Sally Sondesky\Application Data\Sonic
2009-07-25 22:19:32 ----DC---- C:\WINDOWS\system32\NtmsData

======List of files/folders modified in the last 1 months======

2009-08-10 23:37:50 ----DC---- C:\Program Files
2009-08-10 23:36:22 ----AC---- C:\WINDOWS\ModemLog_PANTECH USB Modem #2.txt
2009-08-10 23:29:34 ----DC---- C:\WINDOWS\Prefetch
2009-08-10 23:13:51 ----DC---- C:\WINDOWS\system32\drivers
2009-08-10 23:13:51 ----DC---- C:\WINDOWS\system32
2009-08-10 23:13:49 ----DC---- C:\WINDOWS
2009-08-10 23:12:29 ----DC---- C:\WINDOWS\system32\CatRoot2
2009-08-10 23:10:37 ----AC---- C:\WINDOWS\system.ini
2009-08-10 23:09:35 ----AC---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-08-10 23:08:42 ----HDC---- C:\WINDOWS\inf
2009-08-10 23:06:46 ----DC---- C:\WINDOWS\system32\config
2009-08-10 23:04:50 ----DC---- C:\WINDOWS\AppPatch
2009-08-10 23:04:46 ----DC---- C:\Program Files\Common Files
2009-08-10 23:02:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-10 22:57:21 ----SHDC---- C:\WINDOWS\Installer
2009-08-10 22:57:21 ----HDC---- C:\Config.Msi
2009-08-10 22:54:21 ----DC---- C:\Documents and Settings\Sally Sondesky\Application Data\HPAppData
2009-08-10 22:38:49 ----DC---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-26 02:37:30 ----HDC---- C:\$AVG8.VAULT$
2009-07-26 01:43:14 ----AC---- C:\WINDOWS\ModemLog_PANTECH USB Modem .txt
2009-07-26 01:35:59 ----DC---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-26 01:35:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-26 01:23:24 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-25 23:55:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-25 23:46:25 ----SDC---- C:\WINDOWS\Tasks
2009-07-25 23:46:24 ----AC---- C:\WINDOWS\system32\lqrpzzt.dll
2009-07-25 23:42:23 ----RASHC---- C:\boot.ini
2009-07-25 22:32:56 ----SHD---- C:\System Volume Information
2009-07-25 22:24:23 ----DC---- C:\WINDOWS\repair
2009-07-25 22:24:17 ----DC---- C:\WINDOWS\Registration
2009-07-25 22:21:45 ----HDC---- C:\WINDOWS\$hf_mig$
2009-07-25 22:17:48 ----DC---- C:\WINDOWS\VALUEADD

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-04 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-16 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-05 108552]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-10-23 67024]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-10-23 24698]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2004-01-30 90480]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-08-25 17119]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-11-16 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-07-14 40448]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-03 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-03 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-03 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-03 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-03 86138]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-03 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-03 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-03 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-03 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-10-06 129280]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-28 1270572]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-10-08 752093]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ; C:\WINDOWS\system32\DRIVERS\PTDMBus.sys [2007-08-17 29952]
R3 PTDMMdm;PANTECH USB Modem Drivers ; C:\WINDOWS\system32\DRIVERS\PTDMMdm.sys [2007-08-17 41856]
R3 PTDMVsp;PANTECH USB Modem Serial Port ; C:\WINDOWS\system32\DRIVERS\PTDMVsp.sys [2007-08-17 39936]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver; C:\WINDOWS\system32\DRIVERS\PTDMWWAN.sys [2007-08-17 59520]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-14 185728]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2004-07-26 4352]
R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2004-11-12 29056]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 asoialsp;asoialsp; \??\C:\DOCUME~1\SALLYS~1\LOCALS~1\Temp\asoialsp.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-13 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-13 21568]
S3 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2004-08-27 62592]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-12-08 3222784]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-11-26 224000]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-05 298776]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-11-10 36864]
S4 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S4 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-23 106496]
S4 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 OwnershipProtocol;OwnershipProtocol; C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe [2004-10-15 98304]
S4 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
S4 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
S4 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S4 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2004-05-13 53248]
S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-11-04 1252232]
S4 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2004-12-14 34816]

-----------------EOF-----------------
********************************************

RSIT Info.log

info.txt logfile of random's system information tool 1.06 2009-08-10 23:37:52

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA561482-C49D-4687-A61C-96236C1688F0}\Setup.exe" -l0x9
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Browser MOUSE-->C:\Program Files\Browser MOUSE\uninst00.exe
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe" DVD-RAM Driver
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Imaging Device Functions 12.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 3.5-->C:\Program Files\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU.msi-->MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework SDK (English) 1.1-->MsiExec.exe /X{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Interactive Training-->C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Standard for Students and Teachers-->MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Notebook Maximizer-->C:\WINDOWS\iun6002.exe "C:\Program Files\Notebook Maximizer\irunin.ini"
PANTECH PC USB Modem Software-->C:\Program Files\PANTECH\PANTECH USB Modem\PTDMUninstall.exe
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio Burn Engine-->MsiExec.exe /X{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Documents and Settings\Sally Sondesky\Desktop\Natasha\Spybot - Search & Destroy\unins000.exe"
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{73B2BC65-F997-4208-AEE5-CF8B809A3A71}
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Hotkey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
Toshiba Registration-->MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
Toshiba Tbiosdrv Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu"
TOSHIBA TouchPad ON/Off Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9
TOSHIBA Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9
TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Touch and Launch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VZAccess Manager-->C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: AVG Anti-Virus (disabled) (outdated)

======System event log======

Computer Name: VANSANT-SOCIETY
Event Code: 6161
Message: The document PRNT0216 owned by Sally Sondesky failed to print on printer Canon i250. Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 20568. Total number of pages in the document: 5. Number of pages printed: 0. Client machine: \\VANSANT-SOCIETY. Win32 error code returned by the print processor: 5 (0x5).

Record Number: 171941
Source Name: Print
Time Written: 20090621134239.000000-240
Event Type: error
User: VANSANT-SOCIETY\Sally Sondesky

Computer Name: VANSANT-SOCIETY
Event Code: 7023
Message: The SFF Storage Protocol for SDBusSupport service terminated with the following error:
Access is denied.


Record Number: 171921
Source Name: Service Control Manager
Time Written: 20090621133911.000000-240
Event Type: error
User:

Computer Name: VANSANT-SOCIETY
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0012F0C2354D. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 171920
Source Name: Dhcp
Time Written: 20090621133904.000000-240
Event Type: warning
User:

Computer Name: VANSANT-SOCIETY
Event Code: 7023
Message: The SFF Storage Protocol for SDBusSupport service terminated with the following error:
Access is denied.


Record Number: 171828
Source Name: Service Control Manager
Time Written: 20090620203910.000000-240
Event Type: error
User:

Computer Name: VANSANT-SOCIETY
Event Code: 7023
Message: The SFF Storage Protocol for SDBusSupport service terminated with the following error:
Access is denied.


Record Number: 171807
Source Name: Service Control Manager
Time Written: 20090619201250.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: VANSANT-SOCIETY
Event Code: 1517
Message: Windows saved user VANSANT-SOCIETY\Sally Sondesky registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 40084
Source Name: Userenv
Time Written: 20080630090957.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: VANSANT-SOCIETY
Event Code: 1517
Message: Windows saved user VANSANT-SOCIETY\Sally Sondesky registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 40077
Source Name: Userenv
Time Written: 20080629211520.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: VANSANT-SOCIETY
Event Code: 1517
Message: Windows saved user VANSANT-SOCIETY\Sally Sondesky registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 40070
Source Name: Userenv
Time Written: 20080629152647.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: VANSANT-SOCIETY
Event Code: 1517
Message: Windows saved user VANSANT-SOCIETY\Sally Sondesky registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 40063
Source Name: Userenv
Time Written: 20080629121709.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: VANSANT-SOCIETY
Event Code: 1517
Message: Windows saved user VANSANT-SOCIETY\Sally Sondesky registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 40056
Source Name: Userenv
Time Written: 20080629085417.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

*********************

#9 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:21 AM

Posted 11 August 2009 - 08:45 AM

Hello again schatzie13.:)

Please observe these rules while we work:
  • Please Read All Instructions Carefully
  • Perform all actions in the order given.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
  • In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please continue to review my answers until I tell you that your machine is clean and free of malware. (Remember absence of symptoms does not mean that everything is clear).
Just because you can't see a problem doesn't mean it isn't there.

If you can do these things, everything should go smoothly. :thumbup2:

----------------------------^-------------------------------


Going over your logs I noticed: Viewpoint Manager installed, Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

----------------------------*-------------------------------

Before we start fixing anything you should write/print out these instructions or copy/paste them to a NotePad file.

let's do the following to see if we can get rid of your malware.


Please follow the instructions of the next set of steps:


Ensure that you have disable Ad-Watch before we run our fixing tools.

Right click on the Ad-Watch icon in the system tray.
At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
Active: This will turn Ad-Watch On\Off without closing it.
Automatic: Suspicious activity will be blocked automatically.
Uncheck both of those boxes.

Instructions how to Disable Ad-Watch if needed. to make sure it won't interfere fixing.

----------------------------***-------------------------------

Step #1.

We need to run an CFScript by using ComboFix again

Please ensure that you disable any running anti-virus or anti-malware programs. If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
  • Close any open browsers.
  • Make sure that combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Open Notepad and copy/paste the text in the below code box into it (Do not include the word: "CODE"):

    KILLALL::
    
    Driver::
    asoialsp
    cgrjdetn
    ezxvq
    aehofghn
    
    File::
    C:\WINDOWS\System32\reader_s.exe
    C:\windows\ld08.exe
    c:\documents and settings\Sally Sondesky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    C:\Documents and Settings\SALLYS\Local Settings\Temp\asoialsp.sys
    c:\windows\system32\uxffkgr.dll
    c:\windows\system32\drivers\aehofghn.sys
    c:\windows\system32\drivers\djbrdl.sys 
    C:\Documents and Settings\sallys\Application Data\sifsknvq
    c:\Documents and Settings\sallys\Application Data\wklnhst.dat
    c:\documents and settings\Sally Sondesky\Application Data\wklnhst.dat
    c:\windows\system32\lqrpzzt.dll
    c:\windows\system32\drivers\wmcqnlbx.sys
    c:\program files\fnbldiyc.txt
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reader_s]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysldtray]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{4982D40A-C53B-4615-B15B-B5B5E98D167C}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{C4069E3A-68F1-403E-B40E-20066696354B}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [-HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c1da5ce9-cd7e-45a7-956a-3f2002c8e012}]
    [-HKEY_CLASSES_ROOT\CLSID\{c1da5ce9-cd7e-45a7-956a-3f2002c8e012}]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000000
  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    Posted Image

  • Now refering to the picture above, use your mouse to drag CFScript.text on top of ComboFix.exe
  • This will start ComboFix again. Please follow the prompts.
  • When finished, after reboot (in case it asks to reboot), it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

* Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


Step #2.

ATF Temp Cleaner

Please download Posted Image ATF Cleaner-3 and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_...refetch-XP.html

Step #3.

Malwarebytes' Anti-Malware

Please download Posted ImageMalwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Tutorial if needed

Step #4.

Your Anti-virus program is outdated, Please update your AVG 8.5 program.

Then...

Re-scan with RSIT and post the log


Summary of the logs I will need in your next reply:
  • The report log of combofix
  • The report log of MBAM
  • The report log of RSIT
And a description of any remaining problems in your next post.

How are things your end schatzie13???.


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer

:)

#10 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:21 AM

Posted 13 August 2009 - 09:45 PM

:) Bump :)
Hello schatzie13. :cool:

Are you still there
???
:thumbup2:

If you are please follow the instructions in my previous post.


It is real important that you follow my steps, since I suspect that Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. Virux is an even more complex file infector which also infects script files (.php, .asp, and .html). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable.

And the longer you take to act against the virut virus, it may infect your whole system. So, we may still have a chance to kill it in time.


Please continue to review my answers until I tell you your machine appears to be clear. Remember absence of symptoms does not mean that everything is clear.


If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Unfortunately, if I do not hear back from you within 3 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread.


Kind regards
Net_Surfer

:)

#11 schatzie13

schatzie13
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 15 August 2009 - 11:34 PM

Hello Net Surfer,

Here we go again. Just to let you know, in the midst of following the instructions provided the Win32/Cryptor infection started being found again by AVG.

As follows are the logs as requested, with the exception of the RSIT txt file. For some reason when I ran RSIT I did not get both files like before. I
even deleted it and downloaded it anew. Please advise what should be done in this situation.

If there is anything that I have not provided, please let me know. As always we are grateful for your assistance.

Thanks,
Schatzie

ComboFixLog08152009
*******************************************************************
ComboFix 09-08-10.01 - Sally Sondesky 08/15/2009 21:55.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.582 [GMT -4:00]
Running from: c:\documents and settings\Sally Sondesky\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sally Sondesky\Desktop\CFscript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point

FILE ::
"c:\documents and settings\Sally Sondesky\Application Data\wklnhst.dat"
"c:\documents and settings\Sally Sondesky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT"
"c:\documents and settings\sallys\Application Data\sifsknvq"
"c:\documents and settings\sallys\Application Data\wklnhst.dat"
"c:\documents and settings\SALLYS\Local Settings\Temp\asoialsp.sys"
"c:\program files\fnbldiyc.txt"
"c:\windows\ld08.exe"
"c:\windows\system32\drivers\aehofghn.sys"
"c:\windows\system32\drivers\djbrdl.sys"
"c:\windows\system32\drivers\wmcqnlbx.sys"
"c:\windows\system32\lqrpzzt.dll"
"c:\windows\System32\reader_s.exe"
"c:\windows\system32\uxffkgr.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

?


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AEHOFGHN
-------\Legacy_ASOIALSP
-------\Service_aehofghn
-------\Service_ezxvq


((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.

2009-08-16 01:46 . 2009-08-16 01:46 -------- dc----w- c:\windows\LastGood.Tmp
2009-08-11 03:37 . 2009-08-11 03:37 -------- dc----w- c:\program files\trend micro
2009-08-11 03:37 . 2009-08-11 03:37 -------- dc----w- C:\rsit
2009-07-26 05:33 . 2009-07-26 05:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-26 05:22 . 2009-07-26 05:22 3775176 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-26 03:08 . 2009-07-26 03:08 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\Sonic
2009-07-26 02:19 . 2009-07-26 03:17 -------- dc----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 01:52 . 2009-07-02 14:42 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\HPAppData
2009-08-16 01:37 . 2004-11-16 05:30 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-13 00:40 . 2005-08-25 22:44 25626 -c--a-w- c:\documents and settings\Sally Sondesky\Application Data\wklnhst.dat
2009-08-11 02:38 . 2009-06-05 18:05 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-26 05:35 . 2007-09-15 17:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-26 05:23 . 2009-07-05 21:50 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 03:46 . 2004-11-15 23:32 102400 -c--a-w- c:\windows\system32\lqrpzzt.dll
2009-07-26 03:46 . 2004-11-15 23:32 23424 -c--a-w- c:\windows\system32\drivers\wmcqnlbx.sys
2009-07-26 03:35 . 2004-11-15 23:32 182656 -c--a-w- c:\windows\system32\drivers\ndis.sys
2009-07-13 17:36 . 2009-07-05 21:50 38160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-07-05 21:50 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-07-06 03:16 . 2009-07-06 02:59 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\SUPERAntiSpyware.com
2009-07-06 03:16 . 2009-07-06 02:59 -------- dc----w- c:\program files\SUPERAntiSpyware
2009-07-06 02:59 . 2009-07-06 02:59 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-06 02:15 . 2009-07-06 02:15 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\Smith Micro
2009-07-06 00:56 . 2009-07-06 00:56 798 -c--a-w- c:\program files\fnbldiyc.txt
2009-07-06 00:16 . 2009-07-06 00:16 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-05 21:53 . 2009-07-05 21:53 -------- dc----w- c:\program files\PANTECH
2009-07-05 21:52 . 2009-07-05 21:52 -------- dc----w- c:\program files\Verizon Wireless
2009-07-05 21:52 . 2008-10-18 01:14 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\U3
2009-07-05 21:50 . 2009-07-05 21:50 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\Malwarebytes
2009-07-05 21:50 . 2009-07-05 21:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-04 23:45 . 2009-07-02 14:14 -------- dc----w- c:\program files\Yahoo!
2009-07-04 13:23 . 2009-06-05 18:05 335752 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-04 13:22 . 2009-07-04 13:22 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\sifsknvq
2009-07-03 17:09 . 2004-11-15 23:32 915456 -c--a-w- c:\windows\system32\wininet.dll
2009-07-02 14:43 . 2009-06-10 19:23 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-02 14:42 . 2009-07-02 14:42 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\Yahoo!
2009-07-02 14:42 . 2006-01-07 12:50 -------- dc----w- c:\program files\Windows Media Connect 2
2009-07-02 14:40 . 2009-07-02 14:03 147249 -c--a-w- c:\windows\hpoins36.dat
2009-07-02 14:34 . 2009-07-02 14:17 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\HP
2009-07-02 14:20 . 2009-07-02 14:20 -------- dc----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-07-02 14:18 . 2005-08-25 21:37 38960 -c----w- c:\documents and settings\Sally Sondesky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-02 14:14 . 2009-07-02 14:07 -------- dc----w- c:\program files\HP
2009-07-02 14:12 . 2009-07-02 14:12 -------- dc----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-07-02 14:10 . 2009-07-02 14:10 -------- dc----w- c:\documents and settings\All Users\Application Data\HP
2009-07-02 14:08 . 2009-07-02 14:08 -------- dc----w- c:\program files\Common Files\HP
2009-07-02 14:07 . 2009-07-02 14:07 -------- dc----w- c:\program files\Common Files\Hewlett-Packard
2009-07-02 14:07 . 2009-07-02 14:07 -------- dc----w- c:\program files\Hewlett-Packard
2009-06-16 17:02 . 2009-06-05 18:05 27784 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-05 19:58 . 2009-06-05 18:05 11952 -c--a-w- c:\windows\system32\avgrsstx.dll
2009-06-05 19:58 . 2009-06-05 18:05 108552 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-05 19:57 . 2009-06-05 18:05 12552 -c--a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-06-03 19:09 . 2004-11-15 23:32 1291264 -c--a-w- c:\windows\system32\quartz.dll
2009-06-02 17:38 . 2009-06-10 19:23 1004800 -c----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-26_03.53.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-07-02 14:42 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2006-10-27 20:09 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
- 2006-10-27 20:09 . 2009-03-08 08:31 55296 c:\windows\system32\msfeedsbs.dll
- 2004-11-15 23:32 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll
+ 2004-11-15 23:32 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-13 00:23 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-13 00:23 . 2009-04-30 21:22 12800 c:\windows\system32\dllcache\xpshims.dll
- 2007-05-10 00:48 . 2009-03-08 08:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-10 00:48 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-11-15 23:32 . 2009-04-30 21:22 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-11-15 23:32 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-08-11 15:04 . 2009-04-30 21:22 12800 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-08-11 15:04 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-08-11 15:04 . 2009-04-30 21:22 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-08-16 01:59 . 2009-08-16 01:59 12288 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-16 01:59 . 2009-08-16 01:59 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-16 01:59 . 2009-08-16 01:59 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2004-11-15 23:32 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2006-10-27 20:09 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
- 2006-10-27 20:09 . 2009-03-08 08:32 594432 c:\windows\system32\msfeeds.dll
+ 2004-11-15 23:32 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2004-11-15 23:32 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll
+ 2004-11-15 23:32 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
- 2004-11-15 23:32 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe
- 2006-05-10 05:25 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\wininet.dll
+ 2006-05-10 05:25 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll
+ 2004-11-15 23:32 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-05-10 00:48 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-10 00:48 . 2009-03-08 08:32 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-13 00:23 . 2009-04-30 21:22 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-13 00:23 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-11-15 23:32 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-11-15 23:32 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-11-15 23:32 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-11-15 23:32 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-08-11 15:01 . 2009-08-11 15:01 248832 c:\windows\Installer\28cc4b4.msi
+ 2009-08-11 15:04 . 2009-05-13 05:15 915456 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-08-11 15:04 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-08-11 15:04 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-08-11 15:04 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-08-11 15:04 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-08-11 15:04 . 2009-04-30 21:22 246272 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-08-11 15:04 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-08-11 15:04 . 2009-04-30 21:22 385536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-08-11 15:04 . 2009-04-30 11:21 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-08-16 01:59 . 2009-08-16 01:59 241664 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-16 01:59 . 2009-08-16 01:59 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2004-11-15 23:32 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2004-11-15 23:32 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll
+ 2006-10-17 17:57 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2006-05-10 05:25 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2006-05-19 15:06 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-10 00:48 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-08-11 15:04 . 2009-04-30 21:22 1207808 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-08-11 15:04 . 2009-05-13 05:15 5936128 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-08-11 15:04 . 2009-04-30 21:22 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2009-08-16 01:59 . 2009-08-16 01:59 3190784 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2005-08-25 20:22 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
+ 2006-10-27 20:09 . 2009-07-19 22:48 11067392 c:\windows\system32\ieframe.dll
+ 2007-05-10 00:48 . 2009-07-19 22:48 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-11 15:04 . 2009-04-30 21:22 11064832 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 14:37 1008896 -c--a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1DA5CE9-CD7E-45A7-956A-3F2002C8E012}]
2004-08-04 12:00 102400 -c--a-w- c:\windows\system32\uxffkgr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-10 1948440]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-16 98304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 18:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-05 19:58 11952 -c--a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TAPPSRV"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"Swupdtmr"=2 (0x2)
"SoundMAX Agent Service (default)"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"OwnershipProtocol"=2 (0x2)
"MpfService"=2 (0x2)
"MDM"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"EvtEng"=2 (0x2)
"DVD-RAM_Service"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"CFSvcs"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 aehofghn;aehofghn;c:\windows\system32\drivers\aehofghn.sys [11/15/2004 7:32 PM 23424]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [6/5/2009 2:05 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/5/2009 2:05 PM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/5/2009 2:05 PM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/5/2009 2:05 PM 298776]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [7/5/2009 5:53 PM 29952]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [7/5/2009 5:53 PM 41856]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [7/5/2009 5:53 PM 39936]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [7/5/2009 5:53 PM 59520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
TCP: {1D036C0D-12D5-45ED-9293-61B9FED5A7D7} = 66.174.95.44 66.174.92.14
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 22:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(2644)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-08-16 22:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-16 02:06
ComboFix2.txt 2009-08-11 03:13
ComboFix3.txt 2009-07-26 03:56

Pre-Run: 87,033,958,400 bytes free
Post-Run: 87,039,795,200 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
296 --- E O F --- 2009-08-11 15:05

***************************************************************************


MBAMLog08152009
***************************************************************************
Malwarebytes' Anti-Malware 1.40
Database version: 2632
Windows 5.1.2600 Service Pack 3

8/15/2009 11:24:41 PM
mbam-log-2009-08-15 (23-24-41).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 194279
Time elapsed: 31 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c1da5ce9-cd7e-45a7-956a-3f2002c8e012} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pqrnaeow (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c1da5ce9-cd7e-45a7-956a-3f2002c8e012} (Trojan.Vundo.H) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\uxffkgr.dll (Trojan.Vundo.H) -> Delete on reboot.


***************************************************************************

RSITLog08152009
***************************************************************************
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sally Sondesky at 2009-08-16 00:28:42
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 83 GB (88%) free of 95 GB
Total RAM: 1015 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:51 AM, on 8/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sally Sondesky\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Sally Sondesky.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\SALLYS~1\Desktop\Natasha\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {C1DA5CE9-CD7E-45A7-956A-3F2002C8E012} - c:\windows\system32\uxffkgr.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\SALLYS~1\Desktop\Natasha\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\SALLYS~1\Desktop\Natasha\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D036C0D-12D5-45ED-9293-61B9FED5A7D7}: NameServer = 66.174.95.44 66.174.92.14
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: pqrnaeow - C:\WINDOWS\SYSTEM32\uxffkgr.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 6190 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-10-16 322864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-15 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\DOCUME~1\SALLYS~1\Desktop\Natasha\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-03 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1DA5CE9-CD7E-45A7-956A-3F2002C8E012}]
c:\windows\system32\uxffkgr.dll [2004-08-04 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-15 2007832]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-11-16 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-10-28 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLCC]
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-03 122939]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dll32]
dll32 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2004-10-15 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
C:\Program Files\Browser MOUSE\mouse32a.exe [2005-08-25 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1127653601\ee\AOLHostManager.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2004-10-08 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2004-10-08 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-15 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe [2003-09-05 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
C:\Program Files\Notebook Maximizer\maximizer_startup.exe [2004-05-25 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-09-07 1077301]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
C:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2004-11-16 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2004-09-15 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-07-27 1388544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-14 688218]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-14 98394]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool]
C:\WINDOWS\sysguard.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2004-12-14 368640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2003-09-05 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
C:\WINDOWS\system32\TPSMain.exe [2004-08-27 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
C:\Program Files\Toshiba\Tvs\TvsTray.exe [2004-11-12 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0A\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
C:\WINDOWS\system32\RAMASST.exe [2003-03-14 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TAPPSRV"=2
"Symantec Core LC"=2
"Swupdtmr"=2
"SoundMAX Agent Service (default)"=2
"S24EventMonitor"=2
"RegSrvc"=2
"OwnershipProtocol"=2
"MpfService"=2
"MDM"=2
"McSysmon"=3
"McShield"=2
"McProxy"=2
"McODS"=3
"McNASvc"=2
"mcmscsvc"=2
"LiveUpdate Notice Service"=2
"LiveUpdate Notice Ex"=2
"EvtEng"=2
"DVD-RAM_Service"=2
"CLTNetCnService"=2
"CFSvcs"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-15 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-10-08 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-10-15 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pqrnaeow]
C:\WINDOWS\system32\uxffkgr.dll [2004-08-04 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Disabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Disabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Disabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Disabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Disabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Disabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Disabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Disabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

======List of files/folders created in the last 1 months======

2009-08-15 23:43:01 ----DC---- C:\Documents and Settings\Sally Sondesky\Application Data\sifsknvq
2009-08-15 23:29:33 ----DC---- C:\WINDOWS\LastGood
2009-08-15 22:48:30 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-15 22:23:00 ----SHDC---- C:\RECYCLER
2009-08-15 22:17:49 ----DC---- C:\WINDOWS\temp
2009-08-15 22:06:21 ----AC---- C:\ComboFix.txt
2009-08-11 11:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-11 11:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-10 23:37:50 ----DC---- C:\Program Files\trend micro
2009-08-10 23:37:49 ----DC---- C:\rsit
2009-07-26 01:33:21 ----DC---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-25 23:42:23 ----AC---- C:\Boot.bak
2009-07-25 23:42:19 ----RASHDC---- C:\cmdcons
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\zip.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\SWXCACLS.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\SWSC.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\SWREG.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\sed.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\PEV.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\NIRCMD.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\grep.exe
2009-07-25 23:35:45 ----DC---- C:\WINDOWS\ERDNT
2009-07-25 23:33:31 ----DC---- C:\Qoobox
2009-07-25 23:08:20 ----DC---- C:\Documents and Settings\Sally Sondesky\Application Data\Sonic
2009-07-25 22:19:32 ----DC---- C:\WINDOWS\system32\NtmsData

======List of files/folders modified in the last 1 months======

2009-08-16 00:22:35 ----SHD---- C:\System Volume Information
2009-08-16 00:06:35 ----DC---- C:\WINDOWS\Prefetch
2009-08-15 23:49:57 ----DC---- C:\Documents and Settings\Sally Sondesky\Application Data\HPAppData
2009-08-15 23:43:43 ----HDC---- C:\WINDOWS\inf
2009-08-15 23:39:37 ----DC---- C:\WINDOWS\system32\drivers
2009-08-15 23:39:26 ----DC---- C:\WINDOWS\system32
2009-08-15 23:39:11 ----AC---- C:\WINDOWS\system32\avgrsstx.dll
2009-08-15 23:34:43 ----AC---- C:\WINDOWS\ModemLog_PANTECH USB Modem #2.txt
2009-08-15 23:29:33 ----DC---- C:\WINDOWS
2009-08-15 23:29:31 ----DC---- C:\WINDOWS\system32\CatRoot2
2009-08-15 23:27:50 ----AC---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-08-15 23:27:38 ----DC---- C:\WINDOWS\system32\Restore
2009-08-15 23:26:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-15 22:48:30 ----DC---- C:\Program Files
2009-08-15 22:03:25 ----AC---- C:\WINDOWS\system.ini
2009-08-15 22:00:10 ----DC---- C:\WINDOWS\system32\config
2009-08-15 21:58:15 ----DC---- C:\WINDOWS\AppPatch
2009-08-15 21:58:12 ----DC---- C:\Program Files\Common Files
2009-08-15 21:54:40 ----HDC---- C:\WINDOWS\$hf_mig$
2009-08-15 21:37:06 ----DC---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-08-12 20:25:38 ----DC---- C:\WINDOWS\system32\FxsTmp
2009-08-11 14:47:29 ----DC---- C:\vansant2
2009-08-11 11:05:35 ----AC---- C:\WINDOWS\imsins.BAK
2009-08-11 11:05:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-11 11:05:05 ----DC---- C:\Program Files\Internet Explorer
2009-08-11 11:01:45 ----SHDC---- C:\WINDOWS\Installer
2009-08-11 11:01:45 ----HDC---- C:\Config.Msi
2009-08-11 11:01:44 ----DC---- C:\WINDOWS\WinSxS
2009-08-11 00:10:08 ----HDC---- C:\$AVG8.VAULT$
2009-08-10 22:38:49 ----DC---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-26 01:43:14 ----AC---- C:\WINDOWS\ModemLog_PANTECH USB Modem .txt
2009-07-26 01:35:59 ----DC---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-26 01:35:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-25 23:46:25 ----SDC---- C:\WINDOWS\Tasks
2009-07-25 23:46:24 ----AC---- C:\WINDOWS\system32\lqrpzzt.dll
2009-07-25 23:42:23 ----RASHC---- C:\boot.ini
2009-07-25 22:24:23 ----DC---- C:\WINDOWS\repair
2009-07-25 22:24:17 ----DC---- C:\WINDOWS\Registration
2009-07-25 22:17:48 ----DC---- C:\WINDOWS\VALUEADD
2009-07-19 18:48:58 ----AC---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 09:18:59 ----AC---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-15 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-15 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-05 108552]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-10-23 67024]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-10-23 24698]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2004-01-30 90480]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-08-25 17119]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-11-16 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-07-14 40448]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-03 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-03 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-03 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-03 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-03 86138]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-03 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-03 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-03 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-03 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-10-06 129280]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-28 1270572]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-10-08 752093]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ; C:\WINDOWS\system32\DRIVERS\PTDMBus.sys [2007-08-17 29952]
R3 PTDMMdm;PANTECH USB Modem Drivers ; C:\WINDOWS\system32\DRIVERS\PTDMMdm.sys [2007-08-17 41856]
R3 PTDMVsp;PANTECH USB Modem Serial Port ; C:\WINDOWS\system32\DRIVERS\PTDMVsp.sys [2007-08-17 39936]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver; C:\WINDOWS\system32\DRIVERS\PTDMWWAN.sys [2007-08-17 59520]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-14 185728]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2004-07-26 4352]
R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2004-11-12 29056]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-12-08 3222784]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-13 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-13 21568]
S3 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2004-08-27 62592]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-11-26 224000]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-15 297752]
R2 cgrjdetn;Microsoft ACPI Control Method Battery Support; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-11-10 36864]
S4 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S4 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-23 106496]
S4 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 OwnershipProtocol;OwnershipProtocol; C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe [2004-10-15 98304]
S4 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
S4 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
S4 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S4 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2004-05-13 53248]
S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-11-04 1252232]
S4 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2004-12-14 34816]

-----------------EOF-----------------

#12 schatzie13

schatzie13
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 15 August 2009 - 11:38 PM

Dear Net_Surfer,

One thing I neglected to mention is that the system is running incredibly slow. And when I attempt to connect to the internet using my Verizon Wirless card, I have to launch the vz access manager several times before it actually activates.

Just thought I would mention it.

Have a wonderful night.

Thanks,
Schatzie

#13 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:21 AM

Posted 16 August 2009 - 01:38 PM

Hello schatzie13, :)

The file you posted from RSIT is ok, after you had ran it once, the tool will only create one log.


---------------------------^--------------------------------

Firewall Warning

Going over your logs I noticed that you are in need of a firewall with outbound protection

While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: *PC Tool Firewall Plus or Zonealarm.
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall HERE

Important Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.

*If you choose the PC Tools Firewall Plus and you are asked to install ThreatFire do not do so.

---------------------------**--------------------------------

Please carefully follow the next set of steps:

Step #1.

Please read these instructions carefully and then write or print out or copy this page to Notepad file, in order to assist you when carrying out the fix. .


VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled.
NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.

**Note:
You already have Combofix and I need you to please delete it from your desktop, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

after you delete combofix, Please do the following:


Please download ComboFix from one of these locations:
WARNING: This tool is not a toy and not for everyday use!!!.

Link 1
Link 2

Next...

You should not have any open browsers or live internet connections when you are following the procedures below.


We need to run a CF Script by using ComboFix again
  • Make sure that combofix.exe that you downloaded is on your Desktop. but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Open Notepad and copy/paste the text in the below code box into it (Do not include the word: CODE):

    killall::
    
    driver::
    aehofghn
    
    File::
    c:\windows\system32\drivers\aehofghn.sys
    C:\WINDOWS\system32\lqrpzzt.dll
    C:\WINDOWS\system32\uxffkgr.dll
    c:\windows\system32\drivers\wmcqnlbx.sys
    c:\program files\fnbldiyc.txt
    c:\documents and settings\Sally Sondesky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    c:\documents and settings\Sally Sondesky\Application Data\sifsknvq
    
    registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dll32]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1DA5CE9-CD7E-45A7-956A-3F2002C8E012}]
    [-HKEY_CLASSES_ROOT\CLSID\{c1da5ce9-cd7e-45a7-956a-3f2002c8e012}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pqrnaeow]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=-
    [-HKEY_CLASSES_ROOT\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
    [HKEY_CLASSES_ROOT\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]
    @="Microsoft Url Search Hook"
    [HKEY_CLASSES_ROOT\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InProcServer32]
    @="C:\\WINDOWS\\system32\\ieframe.dll"
    "ThreadingModel"="Apartment"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "*{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
    [-HKEY_CLASSES_ROOT\CLSID\*{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""
    [HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    @="Microsoft Url Search Hook"
    [HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InProcServer32]
    @="C:\\WINDOWS\\system32\\ieframe.dll"
    "ThreadingModel"="Apartment"
  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    Posted Image

  • Now refering to the picture above, use your mouse to drag CFScript.text on top of ComboFix.exe
  • This will start ComboFix again. Please follow the prompts.
  • When finished, after reboot (in case it asks to reboot), it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
CAUTION: Do not mouseclick combofix's window while it is running. That may cause it to stall.

* Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


Step #2.

We need to create a regfix file and then run it to edit your registry:

Please open Notepad: (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below: (Do NOT include the word: CODE)

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""

[HKEY_CLASSES_ROOT\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]
@="Microsoft Url Search Hook"

[HKEY_CLASSES_ROOT\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InProcServer32]
@="C:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""

[HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
@="Microsoft Url Search Hook"

[HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InProcServer32]
@="C:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"


Name the file as regedit.reg, making sure save as type is set to " All Files ". It should look like this ----> Posted Image
Double click on regedit.reg & allow it to run.
when a window pops up and ask if this information should be merged, press Yes and ok.

Step #3.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java Runtime Environment (JRE) .
JRE 6 Update 16 is the current one. ( don't install it yet )
Now download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Now install the Java Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)

Step #4.

ESET Online Scan

Sometimes malware that is removed from your computer leaves other traces behind. These traces may not be active, but they are unwanted on your computer.
Therefore, by using ESET online scanner it is possible for us to find leftover or missed malware files on your computer and we can now further clean up your computer
.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)
Posted Image
Credit: Billy Oneal for the canned instructions. You can refer to this animation by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Step #5.

Please Re-scan with RSIT and post the log here in your next reply.

Summary of the logs I will need in your next reply:
  • The report log of ComboFix
  • The report log of ESET online scan
  • The log of RSIT.
And a description of any remaining problems in your next post.

How are things at your end schatzie13???.


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer

:thumbup2:

#14 schatzie13

schatzie13
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 20 August 2009 - 03:58 AM

Dear Net_Surfer,

As follows are the ComboFix log, the ESET scan log as well as the RSIT log. Uxffkgr.dll (Win32/Cryptor) is popping up
fast and furiously now. I surely hope it is not spreading as fast as it is popping up. Even though it indicates as having deleted it after quarantine, it is alive, kicking and cycling much faster than before. The speed at which it is popping up is making it hard to even type a short note to you.

Thanks for your help,
Schatzie13

******************************************
ComboFix Log 08192009
******************************************
ComboFix 09-08-19.01 - Sally Sondesky 08/19/2009 21:55.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.585 [GMT -4:00]
Running from: c:\documents and settings\Sally Sondesky\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sally Sondesky\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

FILE ::
"c:\documents and settings\Sally Sondesky\Application Data\sifsknvq"
"c:\documents and settings\Sally Sondesky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT"
"c:\program files\fnbldiyc.txt"
"c:\windows\system32\drivers\aehofghn.sys"
"c:\windows\system32\drivers\wmcqnlbx.sys"
"c:\windows\system32\lqrpzzt.dll"
"c:\windows\system32\uxffkgr.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sally Sondesky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
c:\program files\fnbldiyc.txt
c:\windows\ModemLog_PANTECH USB Modem .txt
c:\windows\system32\drivers\aehofghn.sys . . . . failed to delete
c:\windows\system32\drivers\wmcqnlbx.sys . . . . failed to delete
c:\windows\system32\lqrpzzt.dll . . . . failed to delete
c:\windows\system32\uxffkgr.dll . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AEHOFGHN
-------\Legacy_CGRJDETN
-------\Service_aehofghn
-------\Service_cgrjdetn


((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-08-20 01:11 . 2009-08-20 01:11 -------- dc----w- c:\windows\LastGood.Tmp
2009-08-20 01:09 . 2009-08-20 01:09 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\PCToolsFirewallPlus
2009-08-20 01:07 . 2009-03-06 20:45 130424 -c--a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-20 01:07 . 2008-12-18 16:16 73840 -c--a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-20 01:06 . 2008-12-11 12:38 159600 -c--a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-20 01:06 . 2009-08-20 02:03 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-20 01:06 . 2009-08-20 01:07 -------- dc----w- c:\program files\Common Files\PC Tools
2009-08-20 01:06 . 2008-09-22 15:29 97408 -c--a-w- c:\windows\system32\drivers\pctfw.sys
2009-08-20 01:06 . 2009-01-21 13:38 95640 -c--a-w- c:\windows\system32\drivers\pctplfw.sys
2009-08-20 01:06 . 2009-08-20 01:09 -------- dc----w- c:\program files\PC Tools Firewall Plus
2009-08-16 03:43 . 2009-08-16 03:43 -------- dc----w- c:\documents and settings\Sally Sondesky\Local Settings\Application Data\sifsknvq
2009-08-16 03:43 . 2009-08-16 03:43 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\sifsknvq
2009-08-16 02:48 . 2009-08-03 17:36 38160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-16 02:48 . 2009-08-16 02:48 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-16 02:48 . 2009-08-03 17:36 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-08-16 01:51 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 03:37 . 2009-08-16 04:28 -------- dc----w- c:\program files\trend micro
2009-08-11 03:37 . 2009-08-16 04:29 -------- dc----w- C:\rsit
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-29 04:37 . 2009-07-29 04:37 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-07-29 04:37 . 2009-07-29 04:37 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-07-26 05:33 . 2009-07-26 05:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-26 03:08 . 2009-07-26 03:08 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\Sonic
2009-07-26 02:19 . 2009-07-26 03:17 -------- dc----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-20 01:24 . 2009-07-02 14:42 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\HPAppData
2009-08-16 03:39 . 2009-06-05 18:05 11952 -c--a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 03:39 . 2009-06-05 18:05 27784 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-16 03:39 . 2009-06-05 18:05 335240 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 01:37 . 2004-11-16 05:30 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-13 00:40 . 2005-08-25 22:44 25626 -c--a-w- c:\documents and settings\Sally Sondesky\Application Data\wklnhst.dat
2009-08-11 02:38 . 2009-06-05 18:05 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-05 09:01 . 2004-11-15 23:32 204800 -c--a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-11-15 23:32 119808 -c--a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2004-11-15 23:32 81920 -c--a-w- c:\windows\system32\fontsub.dll
2009-07-26 05:35 . 2007-09-15 17:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-26 03:46 . 2004-11-15 23:32 102400 -c--a-w- c:\windows\system32\lqrpzzt.dll
2009-07-26 03:46 . 2004-11-15 23:32 23424 -c--a-w- c:\windows\system32\drivers\wmcqnlbx.sys
2009-07-26 03:35 . 2004-11-15 23:32 182656 -c--a-w- c:\windows\system32\drivers\ndis.sys
2009-07-17 19:01 . 2004-11-15 23:32 58880 -c--a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-11-15 23:33 286208 -c--a-w- c:\windows\system32\wmpdxm.dll
2009-07-06 03:16 . 2009-07-06 02:59 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\SUPERAntiSpyware.com
2009-07-06 03:16 . 2009-07-06 02:59 -------- dc----w- c:\program files\SUPERAntiSpyware
2009-07-06 02:59 . 2009-07-06 02:59 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-06 02:15 . 2009-07-06 02:15 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\Smith Micro
2009-07-06 00:16 . 2009-07-06 00:16 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-05 21:53 . 2009-07-05 21:53 -------- dc----w- c:\program files\PANTECH
2009-07-05 21:52 . 2009-07-05 21:52 -------- dc----w- c:\program files\Verizon Wireless
2009-07-05 21:52 . 2008-10-18 01:14 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\U3
2009-07-05 21:50 . 2009-07-05 21:50 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\Malwarebytes
2009-07-05 21:50 . 2009-07-05 21:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-04 23:45 . 2009-07-02 14:14 -------- dc----w- c:\program files\Yahoo!
2009-07-03 17:09 . 2004-11-15 23:32 915456 -c--a-w- c:\windows\system32\wininet.dll
2009-07-02 14:43 . 2009-06-10 19:23 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-02 14:42 . 2009-07-02 14:42 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\Yahoo!
2009-07-02 14:42 . 2006-01-07 12:50 -------- dc----w- c:\program files\Windows Media Connect 2
2009-07-02 14:40 . 2009-07-02 14:03 147249 -c--a-w- c:\windows\hpoins36.dat
2009-07-02 14:34 . 2009-07-02 14:17 -------- dc----w- c:\documents and settings\Sally Sondesky\Application Data\HP
2009-07-02 14:20 . 2009-07-02 14:20 -------- dc----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-07-02 14:14 . 2009-07-02 14:07 -------- dc----w- c:\program files\HP
2009-07-02 14:12 . 2009-07-02 14:12 -------- dc----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-07-02 14:10 . 2009-07-02 14:10 -------- dc----w- c:\documents and settings\All Users\Application Data\HP
2009-07-02 14:08 . 2009-07-02 14:08 -------- dc----w- c:\program files\Common Files\HP
2009-07-02 14:07 . 2009-07-02 14:07 -------- dc----w- c:\program files\Common Files\Hewlett-Packard
2009-07-02 14:07 . 2009-07-02 14:07 -------- dc----w- c:\program files\Hewlett-Packard
2009-06-12 12:31 . 2004-11-15 23:32 76288 -c--a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-11-15 23:32 84992 -c--a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-11-16 02:23 2066432 -c--a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-11-15 23:32 132096 -c--a-w- c:\windows\system32\wkssvc.dll
2009-06-05 19:58 . 2009-06-05 18:05 108552 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-05 19:57 . 2009-06-05 18:05 12552 -c--a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-06-03 19:09 . 2004-11-15 23:32 1291264 -c--a-w- c:\windows\system32\quartz.dll
2009-06-02 17:38 . 2009-06-10 19:23 1004800 -c----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-08-16_02.03.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-11-15 23:33 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-08-16 03:29 . 2009-08-16 03:29 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2004-11-15 23:32 . 2004-08-04 12:00 8122112 c:\windows\system32\hhsrmbnv.dat
+ 2004-11-16 02:23 . 2009-06-10 13:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2004-11-15 23:33 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll
+ 2005-08-25 20:22 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2004-11-15 23:33 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:56 1062144 -c--a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1DA5CE9-CD7E-45A7-956A-3F2002C8E012}]
2004-08-04 12:00 102400 -c--a-w- c:\windows\system32\uxffkgr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-16 98304]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 18:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 03:39 11952 -c--a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TAPPSRV"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"Swupdtmr"=2 (0x2)
"SoundMAX Agent Service (default)"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"OwnershipProtocol"=2 (0x2)
"MpfService"=2 (0x2)
"MDM"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"EvtEng"=2 (0x2)
"DVD-RAM_Service"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"CFSvcs"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 aehofghn;aehofghn;c:\windows\system32\drivers\aehofghn.sys [11/15/2004 7:32 PM 23424]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [6/5/2009 2:05 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/5/2009 2:05 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/5/2009 2:05 PM 108552]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/19/2009 9:06 PM 159600]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/5/2009 2:05 PM 297752]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [8/19/2009 9:07 PM 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [8/19/2009 9:06 PM 95640]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [7/5/2009 5:53 PM 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [7/5/2009 5:53 PM 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [7/5/2009 5:53 PM 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [7/5/2009 5:53 PM 59520]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PCTPLFW

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 22:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1156)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3268)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-08-20 22:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-20 02:07
ComboFix2.txt 2009-08-16 02:06
ComboFix3.txt 2009-08-11 03:13
ComboFix4.txt 2009-07-26 03:56

Pre-Run: 87,325,138,944 bytes free
Post-Run: 87,290,179,584 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
271 --- E O F --- 2009-08-16 04:44



************************************************
ESET Scan Log
************************************************
C:\Qoobox\Quarantine\[4]-Submit_2009-08-15_21.55.29.zip multiple threats deleted - quarantined
C:\Qoobox\Quarantine\[4]-Submit_2009-08-19_21.55.28.zip multiple threats deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\_uxffkgr_.dll.zip a variant of Win32/Kryptik.NJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_aehofghn_.sys.zip Win32/BHO.EXT trojan deleted - quarantined



*************************************************
RSIT Log 082009
*************************************************

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sally Sondesky at 2009-08-20 04:36:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 83 GB (87%) free of 95 GB
Total RAM: 1015 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:07 AM, on 8/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sally Sondesky\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Sally Sondesky.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\SALLYS~1\Desktop\Natasha\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {C1DA5CE9-CD7E-45A7-956A-3F2002C8E012} - c:\windows\system32\uxffkgr.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\SALLYS~1\Desktop\Natasha\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\SALLYS~1\Desktop\Natasha\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D036C0D-12D5-45ED-9293-61B9FED5A7D7}: NameServer = 66.174.95.44 66.174.92.14
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: pqrnaeow - C:\WINDOWS\SYSTEM32\uxffkgr.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

--
End of file - 6796 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-10-16 322864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-15 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\DOCUME~1\SALLYS~1\Desktop\Natasha\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-03 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1062144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1DA5CE9-CD7E-45A7-956A-3F2002C8E012}]
c:\windows\system32\uxffkgr.dll [2004-08-04 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1062144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-15 2007832]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-11-16 98304]
"00PCTFW"=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2009-02-23 2652056]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-19 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-10-28 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLCC]
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-03 122939]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2004-10-15 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
C:\Program Files\Browser MOUSE\mouse32a.exe [2005-08-25 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1127653601\ee\AOLHostManager.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2004-10-08 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2004-10-08 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-15 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe [2003-09-05 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
C:\Program Files\Notebook Maximizer\maximizer_startup.exe [2004-05-25 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-09-07 1077301]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
C:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2004-11-16 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2004-09-15 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-07-27 1388544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-14 688218]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-14 98394]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool]
C:\WINDOWS\sysguard.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2004-12-14 368640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2003-09-05 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
C:\WINDOWS\system32\TPSMain.exe [2004-08-27 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
C:\Program Files\Toshiba\Tvs\TvsTray.exe [2004-11-12 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0A\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
C:\WINDOWS\system32\RAMASST.exe [2003-03-14 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TAPPSRV"=2
"Symantec Core LC"=2
"Swupdtmr"=2
"SoundMAX Agent Service (default)"=2
"S24EventMonitor"=2
"RegSrvc"=2
"OwnershipProtocol"=2
"MpfService"=2
"MDM"=2
"McSysmon"=3
"McShield"=2
"McProxy"=2
"McODS"=3
"McNASvc"=2
"mcmscsvc"=2
"LiveUpdate Notice Service"=2
"LiveUpdate Notice Ex"=2
"EvtEng"=2
"DVD-RAM_Service"=2
"CLTNetCnService"=2
"CFSvcs"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-15 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-10-08 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-10-15 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pqrnaeow]
C:\WINDOWS\system32\uxffkgr.dll [2004-08-04 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Disabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Disabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Disabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Disabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Disabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Disabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Disabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Disabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

======List of files/folders created in the last 1 months======

2009-08-20 03:33:43 ----SHDC---- C:\RECYCLER
2009-08-20 03:25:24 ----DC---- C:\Documents and Settings\Sally Sondesky\Application Data\sifsknvq
2009-08-19 23:14:39 ----DC---- C:\Program Files\ESET
2009-08-19 22:44:32 ----AC---- C:\WINDOWS\system32\javaws.exe
2009-08-19 22:44:32 ----AC---- C:\WINDOWS\system32\javaw.exe
2009-08-19 22:44:32 ----AC---- C:\WINDOWS\system32\java.exe
2009-08-19 22:44:32 ----AC---- C:\WINDOWS\system32\deploytk.dll
2009-08-19 22:10:41 ----DC---- C:\WINDOWS\temp
2009-08-19 22:08:56 ----AC---- C:\WINDOWS\ModemLog_PANTECH USB Modem .txt
2009-08-19 22:07:18 ----AC---- C:\ComboFix.txt
2009-08-19 22:06:29 ----DC---- C:\WINDOWS\LastGood
2009-08-19 21:09:20 ----DC---- C:\Documents and Settings\Sally Sondesky\Application Data\PCToolsFirewallPlus
2009-08-19 21:06:44 ----ADC---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-19 21:06:10 ----DC---- C:\Program Files\Common Files\PC Tools
2009-08-19 21:06:06 ----DC---- C:\Program Files\PC Tools Firewall Plus
2009-08-16 00:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-16 00:44:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-08-16 00:44:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-16 00:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-16 00:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-16 00:43:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-16 00:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-16 00:43:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-16 00:42:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-16 00:40:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-15 22:48:30 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-11 11:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-11 11:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-10 23:37:50 ----DC---- C:\Program Files\trend micro
2009-08-10 23:37:49 ----DC---- C:\rsit
2009-07-26 01:33:21 ----DC---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-25 23:42:23 ----AC---- C:\Boot.bak
2009-07-25 23:42:19 ----RASHDC---- C:\cmdcons
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\zip.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\SWXCACLS.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\SWSC.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\SWREG.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\sed.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\PEV.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\NIRCMD.exe
2009-07-25 23:35:48 ----AC---- C:\WINDOWS\grep.exe
2009-07-25 23:35:45 ----DC---- C:\WINDOWS\ERDNT
2009-07-25 23:33:31 ----DC---- C:\Qoobox
2009-07-25 23:08:20 ----DC---- C:\Documents and Settings\Sally Sondesky\Application Data\Sonic
2009-07-25 22:19:32 ----DC---- C:\WINDOWS\system32\NtmsData

======List of files/folders modified in the last 1 months======

2009-08-20 03:26:41 ----DC---- C:\Documents and Settings\Sally Sondesky\Application Data\HPAppData
2009-08-20 03:21:36 ----SHD---- C:\System Volume Information
2009-08-20 03:21:36 ----DC---- C:\WINDOWS\system32\Restore
2009-08-20 03:19:49 ----DC---- C:\WINDOWS
2009-08-20 03:19:48 ----AC---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-08-19 23:14:41 ----SDC---- C:\WINDOWS\Downloaded Program Files
2009-08-19 23:14:39 ----DC---- C:\Program Files
2009-08-19 22:44:38 ----SHDC---- C:\WINDOWS\Installer
2009-08-19 22:44:38 ----HDC---- C:\Config.Msi
2009-08-19 22:44:32 ----DC---- C:\WINDOWS\system32
2009-08-19 22:44:14 ----DC---- C:\Program Files\Java
2009-08-19 22:10:42 ----DC---- C:\WINDOWS\system32\drivers
2009-08-19 22:09:40 ----HDC---- C:\WINDOWS\inf
2009-08-19 22:07:49 ----DC---- C:\WINDOWS\system32\CatRoot
2009-08-19 22:05:48 ----DC---- C:\WINDOWS\system32\CatRoot2
2009-08-19 22:04:08 ----DC---- C:\WINDOWS\Prefetch
2009-08-19 22:04:05 ----AC---- C:\WINDOWS\system.ini
2009-08-19 22:00:03 ----DC---- C:\WINDOWS\system32\config
2009-08-19 21:58:25 ----DC---- C:\WINDOWS\AppPatch
2009-08-19 21:58:21 ----DC---- C:\Program Files\Common Files
2009-08-19 21:54:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-19 21:52:05 ----AC---- C:\WINDOWS\ModemLog_PANTECH USB Modem #2.txt
2009-08-19 21:11:49 ----HDC---- C:\WINDOWS\$hf_mig$
2009-08-16 00:44:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-16 00:44:26 ----AC---- C:\WINDOWS\imsins.BAK
2009-08-16 00:43:06 ----DC---- C:\Program Files\Outlook Express
2009-08-15 23:39:11 ----AC---- C:\WINDOWS\system32\avgrsstx.dll
2009-08-15 21:37:06 ----DC---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-08-12 20:25:38 ----DC---- C:\WINDOWS\system32\FxsTmp
2009-08-11 14:47:29 ----DC---- C:\vansant2
2009-08-11 11:05:05 ----DC---- C:\Program Files\Internet Explorer
2009-08-11 11:01:44 ----DC---- C:\WINDOWS\WinSxS
2009-08-11 00:10:08 ----HDC---- C:\$AVG8.VAULT$
2009-08-10 22:38:49 ----DC---- C:\Documents and Settings\All Users\Application Data\avg8
2009-08-05 05:01:48 ----AC---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-29 20:49:14 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-07-29 00:37:01 ----AC---- C:\WINDOWS\system32\t2embed.dll
2009-07-29 00:37:01 ----AC---- C:\WINDOWS\system32\fontsub.dll
2009-07-26 01:35:59 ----DC---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-26 01:35:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-25 23:46:25 ----SDC---- C:\WINDOWS\Tasks
2009-07-25 23:46:24 ----AC---- C:\WINDOWS\system32\lqrpzzt.dll
2009-07-25 23:42:23 ----RASHC---- C:\boot.ini
2009-07-25 22:24:23 ----DC---- C:\WINDOWS\repair
2009-07-25 22:24:17 ----DC---- C:\WINDOWS\Registration
2009-07-25 22:17:48 ----DC---- C:\WINDOWS\VALUEADD

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-15 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-15 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-05 108552]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-10-23 67024]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-10-23 24698]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2004-01-30 90480]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-08-25 17119]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-11-16 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-07-14 40448]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 PCTAppEvent;PCTAppEvent Driver; \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-03 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-03 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-03 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-03 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-03 86138]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-03 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-03 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-03 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-03 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-10-06 129280]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-28 1270572]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-10-08 752093]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pctplfw;pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys []
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ; C:\WINDOWS\system32\DRIVERS\PTDMBus.sys [2007-08-17 29952]
R3 PTDMMdm;PANTECH USB Modem Drivers ; C:\WINDOWS\system32\DRIVERS\PTDMMdm.sys [2007-08-17 41856]
R3 PTDMVsp;PANTECH USB Modem Serial Port ; C:\WINDOWS\system32\DRIVERS\PTDMVsp.sys [2007-08-17 39936]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver; C:\WINDOWS\system32\DRIVERS\PTDMWWAN.sys [2007-08-17 59520]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SFilter;PCTools Driver; C:\WINDOWS\system32\DRIVERS\pctfw.sys [2008-09-22 97408]
R3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-14 185728]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2004-07-26 4352]
R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2004-11-12 29056]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\SALLYS~1\LOCALS~1\Temp\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-13 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-13 21568]
S3 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2004-08-27 62592]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-12-08 3222784]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-11-26 224000]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-15 297752]
R2 cgrjdetn;Disk Controller; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-19 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [2008-12-11 146800]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-11-10 36864]
S4 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S4 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-23 106496]
S4 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 OwnershipProtocol;OwnershipProtocol; C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe [2004-10-15 98304]
S4 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
S4 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
S4 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S4 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2004-05-13 53248]
S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-11-04 1252232]
S4 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2004-12-14 34816]

-----------------EOF-----------------

#15 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:21 AM

Posted 20 August 2009 - 10:43 AM



NOTICE:
These steps are for member: schatzie13. ONLY. If you are a lurker, do NOT try this on your system! If you are not the topic starter and have a similar problem, do NOT post here; DO NOT follow these directions as they could damage the workings of your system. Please start your own topic.


Hello again shatzie13,, :)

Sorry for the delay.

Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Please carefully follow the next set of steps:


Step #1.

Please read these instructions carefully and then write or print out or copy this page to Notepad file, in order to assist you when carrying out the fix. .


VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled.
NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.

**Note:
You already have Combofix and I need you to run it again,

So. Close all browsers.

Then....

please doubleclick on the combofix icon on your desktop, and run it again and post the log back here.


Step #2.

We are going to delete all the URLSearchHooks and create the defaults one back. luckily it will go away this time. :thumbup2:


Copy the entire contents inside of the CODE box into Notepad, Then,.. hit enter to add a blank line. Then save as remove.reg (save as type: 'all files' ) to the desktop.(Do NOT include the word: CODE)

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
Go to the Desktop and DoubleClick Remove.reg, hit yes on the prompt to add its contents to the Registry!

Step #3.

Please download SWReg by clicking the download link and save it to somewhere you like.
Download SWReg (swreg.exe)

Launch Notepad. Copy the entire contents inside the CODE box below and paste them into a new text file. Save it as FixReg.bat (save as type: All files) and save it in the same folder as where you saved SWReg.
SWReg ACL "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks" >> result.txt
notepad result.txt
del result.txt

Locate FixReg.bat in that folder and double-click on it. Notepad will now open up with the results (some text and numbers).

Copy the entire contents of that file and post them here as a reply to this post.

Reboot your computer.<--- Important

Step #4.

Launch Notepad. Once again, copy the entire contents inside the CODE box below and paste them into a new text file if not already done. Save it as Options.txt to your Desktop.
RegSearch Options File

[Search]
*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
[Exclude]

[Options]
Filter=KVDLUI

If not already downloaded, download Registry Search by clicking the download link below and extract it.
Download Registry Search (regsearch.zip)

Once extracted, double-click the regsearch.exe file to run the program. Click on the Import... button and select the Options.txt file you created above. Click OK and Registry Search will search the registry and report what it finds. Post the results here.

Step #5.

Please download a new copy of GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Step #6.

Please re-scan with RSIT and post the log.


Summary of the logs I will need in your next reply:
  • The log file of ComboFix
  • The log file of Gmer
  • The results of swreg
  • The results of regsearch
  • The log of RSIT.
And a description of any remaining problems in your next post.

How are things your end Schatzie13???.


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users