0

Hi! Everyone, I'm having problems with my PC. It started when I tried to open Media Player Classic. As soon as I open it window shut it down. send or don't send report to micro$oft... Then I had a Data Execution Problem? or something like that. Ran a HijackThis Had it evaluated at: http://hijackthis.de/index.php?langselect=english. Showed no problems. Then did a AVG Rootkit scan and came up with this:
C:WINDOWS\System32\Drivers\am06lqr.SYS
C:WINDOWS\System32\Drivers\a0ingzg3.SYS
C:WINDOWS\System32\Drivers\adr10ol7.SYS
Each time a different result. In other words deleted one and another pops up. Then I ran RootkitRevealer from Micro$oft and it show this http://i173.photobucket.com/albums/w68/Red_Dog57/root.jpg

Please Help!

2
Contributors
11
Replies
12
Views
9 Years
Discussion Span
Last Post by crunchie
0

I did a Panda scan,It was clean.
I also did a hijackthis log here it is:
Logfile of HijackThis v1.99.1
Scan saved at 2:08:36 PM, on 3/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Blue Dog\Desktop\B\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6071126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6071126
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.microsoft.com/?kbid=936357
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

Maybe this will help.

0

Hi and welcome to the Daniweb forums :).

Hijackthis latest version.

==

Please download ComboFix by sUBs from HERE or HERE Save it to your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.

"%userprofile%\desktop\ComboFix.exe" /KillAll


ClickOK and this will start ComboFix.
When finished, it will produce a log. Please save that log to a Notepad File and include it in your next reply along with a fresh HJT log.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

* Re-enable all the programs that were disabled prior to the running of ComboFix.

* Post the following logs/Reports: ComboFix.txt
Fresh HijackThis log run after all the other tools have performed their cleanup.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Attachments th_RunBox_KillAll.jpg 10.4 KB
0

Here is the ComboFix.txt:
ComboFix 08-03-10.1 - Blue Dog 2008-03-13 13:12:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.635 [GMT -5:00]
Running from: C:\Documents and Settings\Blue Dog\desktop\ComboFix.exe
Command switches used :: /KillAll
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))
.

2008-03-12 21:30 . 2008-03-12 21:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-12 21:30 . 2008-03-12 21:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-12 13:26 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-12 13:14 . 2008-03-12 13:53 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-12 13:14 . 2008-03-12 13:14 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-12 13:14 . 2008-03-12 13:14 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-12 13:14 . 2008-03-12 13:14 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-11 16:25 . 2008-03-11 16:39 <DIR> d-------- C:\Downloads
2008-03-11 02:40 . 2008-03-11 02:40 <DIR> d-------- C:\Program Files\Activision Value
2008-03-09 20:15 . 2008-03-09 20:15 <DIR> d-------- C:\Documents and Settings\Blue Dog\Application Data\Ubisoft
2008-03-09 20:15 . 2008-03-09 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-03-09 20:09 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-09 20:09 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-09 20:09 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-09 20:09 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-09 20:09 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-03-09 13:14 . 2007-07-02 05:27 338,304 --a------ C:\WINDOWS\system32\_AxShlEx.dll
2008-03-09 13:11 . 2008-03-09 13:11 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-03-09 11:36 . 2008-03-09 11:38 <DIR> d-------- C:\Program Files\Mafia-WinterEdition
2008-03-08 10:34 . 2008-03-11 22:36 <DIR> d-------- C:\Documents and Settings\Administrator.DCP2H4F1\Application Data\AVG7
2008-03-07 20:03 . 2008-03-09 20:48 <DIR> d-------- C:\Program Files\Oxygen Interactive
2008-03-06 12:42 . 2008-03-06 12:42 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-03 18:56 . 2008-03-03 18:56 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT
2008-03-03 17:31 . 2008-03-03 18:56 <DIR> d-------- C:\WINDOWS\system32\RNBOSENT
2008-03-03 17:31 . 2008-03-03 17:31 <DIR> d-------- C:\Program Files\GLOBEtrotter Software Inc
2008-03-03 17:31 . 2006-11-22 11:01 693,760 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-03-03 17:31 . 2008-03-03 17:31 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-03-03 17:31 . 2001-06-21 22:39 20,032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS
2008-03-03 17:31 . 1998-07-10 05:31 7,328 --a------ C:\WINDOWS\system32\drivers\ds1410d.sys
2008-03-03 17:31 . 2008-03-03 17:31 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-03-03 17:31 . 2008-03-03 02:40 2,577 --a------ C:\WINDOWS\system32\config.hsp
2008-03-03 17:31 . 2008-03-03 17:31 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-03-03 17:23 . 2008-03-03 18:11 <DIR> d-------- C:\FLEXLM
2008-03-03 02:52 . 2008-03-03 02:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-03 02:52 . 2008-03-12 14:34 <DIR> d-------- C:\Documents and Settings\Blue Dog\Application Data\AVG7
2008-03-03 02:52 . 2008-03-03 02:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-03 02:52 . 2008-03-03 03:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-01 17:33 . 2008-03-01 17:33 <DIR> d-------- C:\Program Files\Belkin
2008-02-26 19:43 . 2008-02-26 19:56 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-02-26 19:43 . 2008-02-26 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-02-26 10:01 . 2007-11-25 23:27 <DIR> d-------- C:\Documents and Settings\Administrator.DCP2H4F1\Application Data\Roxio
2008-02-26 10:01 . 2007-11-25 23:13 <DIR> d-------- C:\Documents and Settings\Administrator.DCP2H4F1\Application Data\InstallShield
2008-02-26 10:01 . 2007-11-25 23:21 <DIR> d-------- C:\Documents and Settings\Administrator.DCP2H4F1\Application Data\GTek
2008-02-26 09:50 . 2007-01-18 07:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-02-24 04:12 . 2008-02-24 04:12 <DIR> d-------- C:\Documents and Settings\Blue Dog\Application Data\Apple Computer
2008-02-24 04:10 . 2008-02-24 04:10 <DIR> d-------- C:\Program Files\QuickTime
2008-02-24 04:09 . 2008-02-24 04:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-23 23:07 . 2008-02-24 10:04 <DIR> d-------- C:\Documents and Settings\Blue Dog\Application Data\DMCache
2008-02-23 21:46 . 2008-02-23 21:46 <DIR> d-------- C:\Program Files\Valvesoftware
2008-02-22 15:15 . 2008-02-22 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-02-21 14:11 . 2008-03-11 13:17 <DIR> d-------- C:\Program Files\Ubisoft
2008-02-21 11:03 . 2008-02-21 11:03 <DIR> d-------- C:\Program Files\Microsoft Reader
2008-02-21 11:03 . 2003-06-05 18:15 57,436 --a------ C:\WINDOWS\DASShp.dll
2008-02-13 10:38 . 2008-02-13 10:38 <DIR> d-------- C:\Documents and Settings\Blue Dog\Application Data\Gamelab
2008-02-13 10:37 . 2008-02-13 10:37 15 --a------ C:\WINDOWS\popcinfo.dat
2008-02-13 00:08 . 2008-02-13 00:09 <DIR> d-------- C:\Program Files\Sierra

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 18:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-12 18:39 --------- d-----w C:\Program Files\Digital Line Detect
2008-03-12 18:38 --------- d-----w C:\Program Files\7-Zip
2008-03-12 01:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-11 23:31 --------- d-----w C:\Documents and Settings\Blue Dog\Application Data\LimeWire
2008-03-11 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-11 22:21 --------- d-----w C:\Program Files\Common Files\Real
2008-03-11 18:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-09 18:09 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-09 17:59 --------- d-----w C:\Program Files\CloneDVD
2008-02-27 00:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-26 17:04 --------- d-----w C:\Documents and Settings\Blue Dog\Application Data\Thinstall
2008-02-19 23:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-14 20:50 --------- d-----w C:\Documents and Settings\Blue Dog\Application Data\Chessmaster Challenge
2008-02-12 20:36 --------- d-----w C:\Documents and Settings\Blue Dog\Application Data\7Wonders
2008-02-12 11:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-12 10:52 --------- d-----w C:\Documents and Settings\Blue Dog\Application Data\Lavasoft
2008-02-12 10:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-12 08:59 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-09 07:17 --------- d-----w C:\Program Files\LimeWire
2008-02-07 03:53 22,328 ----a-w C:\Documents and Settings\Blue Dog\Application Data\PnkBstrK.sys
2008-02-05 01:35 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-05 01:35 --------- d--h--r C:\Documents and Settings\Blue Dog\Application Data\SecuROM
2008-02-04 19:50 --------- d-----w C:\Program Files\Bonjour
2008-02-04 19:31 --------- d-----w C:\Program Files\Modem Diagnostic Tool
2008-01-29 00:12 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-28 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2008-01-28 01:51 --------- d-----w C:\Documents and Settings\Blue Dog\Application Data\fltk.org
2008-01-27 02:59 --------- d-----w C:\Documents and Settings\Blue Dog\Application Data\Comodo
2008-01-20 19:42 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-20 19:34 --------- d-----w C:\Documents and Settings\Blue Dog\Application Data\Hewlett-Packard
2008-01-20 19:31 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-01-19 19:33 --------- d-----w C:\Program Files\Microsoft Calculator Plus
2008-01-17 23:58 --------- d-----w C:\Program Files\Microsoft Plus! Photo Story 2 LE
2008-01-16 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-09 05:41 155,995 ----a-w C:\WINDOWS\java\Packages\F1Z7VBT7.ZIP
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-09 13:14 4608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-16 20:48 16132608 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-03 02:52 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-03 02:52 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-25 23:15:53 24576]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Loadout Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Loadout Manager.lnk
backup=C:\WINDOWS\pss\Loadout Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Blue Dog^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Blue Dog\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-07-30 05:40 16384 c:\dell\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 18:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-03-20 18:34 213936 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-03-20 18:34 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindService"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"C:\\Program Files\\GRISOFT\\AVG7\\avginet.exe"=
"C:\\Program Files\\GRISOFT\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\GRISOFT\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 SaiH8000;SaiH8000;C:\WINDOWS\system32\DRIVERS\SaiH8000.sys [2004-07-30 11:25]
S3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys [2003-07-23 14:16]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 19:34:01 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1200857660.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 13:14:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-03-13 13:16:12 - machine was rebooted
.
2008-03-11 22:40:20 --- E O F ---

Here is the HijackThis Log after I got on line:
Logfile of HijackThis v1.99.1
Scan saved at 13:28, on 2008-03-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Blue Dog\Desktop\B\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6071126
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.microsoft.com/?kbid=936357
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

One more thing. I got a lot of Spybot little windows to appove or disapprove values like:
old data: http://www.microsoft.com/isapi/redir.dll?prd=
new data: http://go.microsoft.com/fwlink/?Linkld=5489
on this one I deny it.

0

Hijackthis latest version.

Forgot something.

==

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
C:WINDOWS\System32\Drivers\am06lqr.SYS
C:WINDOWS\System32\Drivers\a0ingzg3.SYS
C:WINDOWS\System32\Drivers\adr10ol7.SYS

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif[/IMG]


7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

  • Combofix.txt
  • A new HijackThis log.

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

0

You want me to type "Type notepad .exe" in the Run Box? or just "notepad .exe"?

0

Combofix.txt
ComboFix 08-03-10.1 - Blue Dog 2008-03-13 15:29:24.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.633 [GMT -5:00]
Running from: C:\Documents and Settings\Blue Dog\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Blue Dog\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))
.

2008-03-13 15:27 . 2008-03-13 15:27 130 --a------ C:\Documents and Settings\Blue Dog\.exe
2008-03-12 21:30 . 2008-03-12 21:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-12 21:30 . 2008-03-12 21:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-12 13:26 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-12 13:14 . 2008-03-12 13:53 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-12 13:14 . 2008-03-12 13:14 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-12 13:14 . 2008-03-12 13:14 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-12 13:14 . 2008-03-12 13:14 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-11 16:25 . 2008-03-11 16:39 <DIR> d-------- C:\Downloads
2008-03-11 02:40 . 2008-03-11 02:40 <DIR> d-------- C:\Program Files\Activision Value
2008-03-09 20:15 . 2008-03-09 20:15 <DIR> d-------- C:\Documents and Settings\Blue Dog\Application Data\Ubisoft
2008-03-09 20:15 . 2008-03-09 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-03-09 20:09 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-09 20:09 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-09 20:09 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-09 20:09 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-09 20:09 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-03-09 13:14 . 2007-07-02 05:27 338,304 --a------ C:\WINDOWS\system32\_AxShlEx.dll
2008-03-09 13:11 . 2008-03-09 13:11 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-03-09 11:36 . 2008-03-09 11:38 <DIR> d-------- C:\Program Files\Mafia-WinterEdition
2008-03-08 10:34 . 2008-03-11 22:36 <DIR> d-------- C:\Documents and Settings\Administrator.DCP2H4F1\Application Data\AVG7
2008-03-07 20:03 . 2008-03-09 20:48 <DIR> d-------- C:\Program Files\Oxygen Interactive
2008-03-06 12:42 . 2008-03-06 12:42 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-03 18:56 . 2008-03-03 18:56 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT
2008-03-03 17:31 . 2008-03-03 18:56 <DIR> d-------- C:\WINDOWS\system32\RNBOSENT
2008-03-03 17:31 . 2008-03-03 17:31 <DIR> d-------- C:\Program Files\GLOBEtrotter Software Inc
2008-03-03 17:31 . 2006-11-22 11:01 693,760 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-03-03 17:31 . 2008-03-03 17:31 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-03-03 17:31 . 2001-06-21 22:39 20,032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS
2008-03-03 17:31 . 1998-07-10 05:31 7,328 --a------ C:\WINDOWS\system32\drivers\ds1410d.sys
2008-03-03 17:31 . 2008-03-03 17:31 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-03-03 17:31 . 2008-03-03 02:40 2,577 --a------ C:\WINDOWS\system32\config.hsp
2008-03-03 17:31 . 2008-03-03 17:31 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-03-03 17:23 . 2008-03-03 18:11 <DIR> d-------- C:\FLEXLM
2008-03-03 02:52 . 2008-03-03 02:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-03 02:52 . 2008-03-12 14:34 <DIR> d-------- C:\Documents and Settings\Blue Dog\Application Data\AVG7
2008-03-03 02:52 . 2008-03-03 02:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-03 02:52 . 2008-03-03 03:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-01 17:33 . 2008-03-01 17:33 <DIR> d-------- C:\Program Files\Belkin
2008-02-26 19:43 . 2008-02-26 19:56 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-02-26 19:43 . 2008-02-26 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-02-26 10:01 . 2007-11-25 23:27 <DIR> d-------- C:\Documents and Settings\Administrator.DCP2H4F1\Application Data\Roxio
2008-02-26 10:01 . 2007-11-25 23:13 <DIR> d-------- C:\Documents and Settings\Administrator.DCP2H4F1\Application Data\InstallShield
2008-02-26 10:01 . 2007-11-25 23:21 <DIR> d-------- C:\Documents and Settings\Administrator.DCP2H4F1\Application Data\GTek
2008-02-26 09:50 . 2007-01-18 07:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-02-24 04:12 . 2008-02-24 04:12 <DIR> d-------- C:\Documents and Settings\Blue Dog\Application Data\Apple Computer
2008-02-24 04:10 . 2008-02-24 04:10 <DIR> d-------- C:\Program Files\QuickTime
2008-02-24 04:09 . 2008-02-24 04:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-23 23:07 . 2008-02-24 10:04 <DIR> d-------- C:\Documents and Settings\Blue Dog\Application Data\DMCache
2008-02-23 21:46 . 2008-02-23 21:46 <DIR> d-------- C:\Program Files\Valvesoftware
2008-02-22 15:15 . 2008-02-22 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-02-21 14:11 . 2008-03-11 13:17 <DIR> d-------- C:\Program Files\Ubisoft
2008-02-21 11:03 . 2008-02-21 11:03 <DIR> d-------- C:\Program Files\Microsoft Reader
2008-02-21 11:03 . 2003-06-05 18:15 57,436 --a------ C:\WINDOWS\DASShp.dll
2008-02-13 10:38 . 2008-02-13 10:38 <DIR> d-------- C:\Documents and Settings\Blue Dog\Application Data\Gamelab
2008-02-13 10:37 . 2008-02-13 10:37 15 --a------ C:\WINDOWS\popcinfo.dat
2008-02-13 00:08 . 2008-02-13 00:09 <DIR> d-------- C:\Program Files\Sierra

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 20:27 130 ----a-w C:\Documents and Settings\Blue Dog\.exe
2008-03-12 18:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-12 18:39 --------- d-----w C:\Program Files\Digital Line Detect
2008-03-12 18:38 --------- d-----w C:\Program Files\7-Zip
2008-03-12 01:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-11 23:31 --------- d-----w C:\Documents and Settings\Blue Dog\Application Data\LimeWire
2008-03-11 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-11 22:21 --------- d-----w C:\Program Files\Common Files\Real
2008-03-11 18:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-09 18:09 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-09 17:59 --------- d-----w C:\Program Files\CloneDVD
2008-02-27 00:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-26 17:04 --------- d-----w C:\Documents and Settings\Blue Dog\Application Data\Thinstall
2008-02-19 23:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-14 20:50 --------- d-----w C:\Documents and Settings\Blue Dog\Application Data\Chessmaster Challenge
2008-02-12 20:36 --------- d-----w C:\Documents and Settings\Blue Dog\Application Data\7Wonders
2008-02-12 11:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-12 10:52 --------- d-----w C:\Documents and Settings\Blue Dog\Application Data\Lavasoft
2008-02-12 10:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-12 08:59 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-09 07:17 --------- d-----w C:\Program Files\LimeWire
2008-02-07 03:53 22,328 ----a-w C:\Documents and Settings\Blue Dog\Application Data\PnkBstrK.sys
2008-02-05 01:35 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-05 01:35 --------- d--h--r C:\Documents and Settings\Blue Dog\Application Data\SecuROM
2008-02-04 19:50 --------- d-----w C:\Program Files\Bonjour
2008-02-04 19:31 --------- d-----w C:\Program Files\Modem Diagnostic Tool
2008-01-29 00:12 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-28 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2008-01-28 01:51 --------- d-----w C:\Documents and Settings\Blue Dog\Application Data\fltk.org
2008-01-27 02:59 --------- d-----w C:\Documents and Settings\Blue Dog\Application Data\Comodo
2008-01-20 19:42 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-20 19:34 --------- d-----w C:\Documents and Settings\Blue Dog\Application Data\Hewlett-Packard
2008-01-20 19:31 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-01-19 19:33 --------- d-----w C:\Program Files\Microsoft Calculator Plus
2008-01-17 23:58 --------- d-----w C:\Program Files\Microsoft Plus! Photo Story 2 LE
2008-01-16 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-09 05:41 155,995 ----a-w C:\WINDOWS\java\Packages\F1Z7VBT7.ZIP
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-09 13:14 4608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-16 20:48 16132608 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-03 02:52 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-03 02:52 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-25 23:15:53 24576]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Loadout Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Loadout Manager.lnk
backup=C:\WINDOWS\pss\Loadout Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Blue Dog^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Blue Dog\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-07-30 05:40 16384 c:\dell\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 18:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-03-20 18:34 213936 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-03-20 18:34 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindService"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"C:\\Program Files\\GRISOFT\\AVG7\\avginet.exe"=
"C:\\Program Files\\GRISOFT\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\GRISOFT\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 SaiH8000;SaiH8000;C:\WINDOWS\system32\DRIVERS\SaiH8000.sys [2004-07-30 11:25]
S3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys [2003-07-23 14:16]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 19:34:01 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1200857660.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 15:30:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-13 15:31:01
ComboFix2.txt 2008-03-13 18:16:13
.
2008-03-11 22:40:20 --- E O F ---

new HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 3:33:04 PM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Blue Dog\Desktop\B\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6071126
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.microsoft.com/?kbid=936357
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:13 AM, on 3/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
I:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6071126
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.microsoft.com/?kbid=936357
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 5338 bytes

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.