?
Solved

Unable to remove Dloader.vku and Dloader.ALP

Posted on 2009-02-12
4
Medium Priority
?
556 Views
Last Modified: 2013-11-22
Hi I'am unable to remove dloader form a PC

Its Windows XP SP3 running Trend Office scan. System restore is turned off.

I Have run the Trend office scan and it cleans the file by deleting them but after a reboot they keep coming back. I have D/L and installed spybot but it comes back clean.

i have also D/L and installed hijackthis but not sure on how to read the log file.

HELP PLEASE.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:11 PM, on 13/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TechSmith\SnagIt 9\Snagit32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=smb&pf=workstation
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'Default user')
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\SnagIt 9\Snagit32.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-AU\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www4.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222252386453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.fujicolor.com.au/en/Photo/ImageUploader4.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 10043 bytes
0
Comment
Question by:djpatto
  • 2
  • 2
4 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 23631070
Does TrendMicro give you the location of the file that keeps on coming back?

It is not showing in your Hijackthis log, but a lot of nasties are able to hide from the hijakcthis scan.
Have you tried using MalwareBytes or Combofix?
I'm interested to know where the downloader actually is residing.

Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php


Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
0
 

Author Comment

by:djpatto
ID: 23643471
Thanks for the quick response

I have done both scans with the results below.

Trend keeps finding the files in c:\documents and settings\administrator\local settings\temp\p30T23mb.exe and c:\windows\system 32\xofe40U.exe

Malwarebytes' Anti-Malware 1.34
Database version: 1762
Windows 5.1.2600 Service Pack 3

15/03/2009 12:25:51 PM
mbam-log-2009-03-15 (12-25-48).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 115776
Time elapsed: 11 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\a6hg1QW1.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\x0fe4OU4.exe.a_a (Trojan.Agent) -> No action taken.


ComboFix 09-02-12.03 - Administrator 2009-03-15 12:07:14.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3567.3087 [GMT 10:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Trend Micro Client-Server Security Agent AntiVirus *On-access scanning disabled* (Outdated)
FW: Trend Micro Client-Server Security Agent Firewall *disabled*
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
E:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2009-02-15 to 2009-03-15  )))))))))))))))))))))))))))))))
.

2009-03-15 11:54 . 2009-03-15 11:54      118,784      --a------      c:\windows\system32\chg.exe
2009-03-15 10:30 . 2009-03-15 10:30      <DIR>      d--------      c:\program files\Malwarebytes' Anti-Malware
2009-03-15 10:30 . 2009-03-15 10:30      <DIR>      d--------      c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-15 10:30 . 2009-03-15 10:30      <DIR>      d--------      c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-03-15 10:30 . 2009-02-11 10:19      38,496      --a------      c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-15 10:30 . 2009-02-11 10:19      15,504      --a------      c:\windows\system32\drivers\mbam.sys
2009-03-13 07:46 . 2007-12-24 17:37      138,384      --a------      c:\windows\system32\drivers\tmcomm.sys
2009-03-13 07:24 . 2009-03-13 07:24      552      --a------      c:\windows\system32\d3d8caps.dat
2009-03-13 07:18 . 2009-03-13 07:44      <DIR>      d--------      c:\documents and settings\Administrator\.housecall6.6
2009-03-12 13:11 . 2009-03-15 11:53      <DIR>      d--------      c:\program files\Spybot - Search & Destroy
2009-03-12 13:11 . 2009-03-15 11:52      <DIR>      d--------      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-11 17:17 . 2009-03-11 17:17      <DIR>      d--------      c:\program files\CCleaner
2009-03-11 17:16 . 2008-04-14 10:11      21,504      --a------      c:\windows\system32\hidserv.dll
2009-03-11 17:16 . 2008-04-14 10:11      21,504      --a------      c:\windows\system32\dllcache\hidserv.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 02:04      ---------      d-----w      c:\documents and settings\Administrator\Application Data\DNA
2009-03-15 01:54      ---------      d-----w      c:\program files\DNA
2009-03-13 06:28      ---------      d-----w      c:\program files\Trend Micro
2009-02-10 00:57      201,352      ----a-w      c:\windows\system32\PnkBstrB.exe
2009-02-10 00:57      140,216      ----a-w      c:\windows\system32\drivers\PnkBstrK.sys
2009-02-07 23:52      ---------      d-----w      c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-07 20:06      34      ----a-w      c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2009-02-04 07:07      0      ---ha-w      c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-04 07:07      0      ---ha-w      c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-02-03 18:36      ---------      d-----w      c:\documents and settings\Administrator\Application Data\BitTorrent
2009-01-18 05:49      ---------      d-----w      c:\program files\Google
2009-01-16 11:35      3,594,752      ------w      c:\windows\system32\dllcache\mshtml.dll
2008-12-20 22:05      32,256      ----a-w      c:\windows\system32\1D5Qr3y3.exe
2008-12-19 09:10      70,656      ------w      c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10      13,824      ------w      c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25      634,024      ------w      c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23      161,792      ------w      c:\windows\system32\dllcache\ieakui.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-11-20 2295072]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-21 8466432]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-31 1116920]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-12-12 331800]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-13 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-04-01 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-11 872448]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-10-29 398784]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"nwiz"="nwiz.exe" [2007-07-21 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-21 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Snagit 9.lnk - c:\program files\TechSmith\SnagIt 9\Snagit32.exe [2008-11-06 7217480]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-08-20 540184]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [2007-11-02 36368]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [2007-11-02 205328]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90bed70a-afa4-11dd-872c-00215ac74e37}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af33567c-e161-11dd-87a0-00215ac74e37}]
\Shell\AutoRun\command - wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea076baa-b04a-11dd-8730-00215ac74e37}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-03-12 c:\windows\Tasks\At1.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At10.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At100.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At101.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At102.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At103.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At104.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At105.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At106.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At107.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At108.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At109.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At11.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-13 c:\windows\Tasks\At110.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At111.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At112.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At113.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At114.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At115.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At116.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At117.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At118.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At119.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At12.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At120.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At121.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At122.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At123.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At124.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At125.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At126.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At127.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At128.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At129.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At13.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At130.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At131.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At132.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At133.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At134.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At135.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At136.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At137.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At138.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At139.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At14.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At140.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At141.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At142.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At143.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At144.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At145.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At146.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At147.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At148.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At149.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At15.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At150.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At151.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At152.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At153.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At154.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At155.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At156.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At157.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At158.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At159.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At16.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-13 c:\windows\Tasks\At160.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At161.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At162.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At163.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At164.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At165.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At166.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At167.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At168.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At169.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At17.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At170.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At171.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At172.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At173.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At174.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At175.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At176.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At177.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At178.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At179.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At18.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-15 c:\windows\Tasks\At180.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At181.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At182.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At183.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At184.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At185.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At186.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At187.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At188.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At189.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At19.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At190.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At191.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At192.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At193.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At194.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At195.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At196.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At197.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At198.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At199.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At2.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At20.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At200.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At201.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At202.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At203.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At204.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At205.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At206.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At207.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At208.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At209.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At21.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At210.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At211.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At212.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At213.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At214.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At215.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At216.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At217.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At218.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At219.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At22.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At220.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At221.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At222.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At223.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At224.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At225.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At226.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At227.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At228.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At229.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At23.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-13 c:\windows\Tasks\At230.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At231.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At232.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At233.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At234.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At235.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At236.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At237.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At238.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At239.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At24.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At240.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At25.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At26.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At27.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At28.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At29.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At3.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At30.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At31.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At32.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At33.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At34.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At35.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At36.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At37.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At38.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At39.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At4.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-13 c:\windows\Tasks\At40.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At41.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At42.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At43.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At44.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At45.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At46.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At47.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At48.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At49.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At5.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At50.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At51.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At52.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At53.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At54.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At55.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At56.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At57.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At58.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At59.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At6.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-15 c:\windows\Tasks\At60.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At61.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At62.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At63.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At64.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At65.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At66.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At67.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At68.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At69.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At7.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At70.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At71.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At72.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At73.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At74.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At75.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At76.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At77.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At78.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At79.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At8.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At80.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At81.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At82.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At83.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At84.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-15 c:\windows\Tasks\At85.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At86.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At87.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At88.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\At89.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At9.job
- c:\windows\system32\1D5Qr3y3.exe [2008-12-21 08:05]

2009-03-12 c:\windows\Tasks\At90.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At91.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At92.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At93.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At94.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At95.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At96.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At97.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At98.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-12 c:\windows\Tasks\At99.job
- c:\windows\system32\x0fe4OU4.exe []

2009-03-13 c:\windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe []
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-AU\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 12:08:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
Completion time: 2009-03-15 12:09:05
ComboFix-quarantined-files.txt  2009-03-15 02:09:03

Pre-Run: 69,990,416,384 bytes free
Post-Run: 70,072,258,560 bytes free

623      --- E O F ---      2009-03-12 17:01:37
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 2000 total points
ID: 23643735
Run combofix again using this script.
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
------------------------------------------------------------------------
File::
c:\documents and settings\administrator\local settings\temp\p30T23mb.exe
c:\windows\system 32\xofe40U.exe
C:\WINDOWS\system32\a6hg1QW1.dll
C:\WINDOWS\system32\x0fe4OU4.exe.a_a
c:\windows\system32\1D5Qr3y3.exe

AtJob::

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99c6d1bb-7555-474c-91da-d8fb62a9cc75}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
------------------------------------------------------------------------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
0
 

Author Comment

by:djpatto
ID: 23643831
Thanks this is the log after rerunning combo fix

ComboFix 09-02-12.03 - Administrator 2009-03-15 16:34:13.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3567.2826 [GMT 10:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Trend Micro Client-Server Security Agent AntiVirus *On-access scanning disabled* (Outdated)
FW: Trend Micro Client-Server Security Agent Firewall *disabled*
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\documents and settings\administrator\local settings\temp\p30T23mb.exe
c:\windows\system 32\xofe40U.exe
c:\windows\system32\1D5Qr3y3.exe
c:\windows\system32\a6hg1QW1.dll
c:\windows\system32\x0fe4OU4.exe.a_a
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
c:\windows\system32\1D5Qr3y3.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At100.job
c:\windows\Tasks\At101.job
c:\windows\Tasks\At102.job
c:\windows\Tasks\At103.job
c:\windows\Tasks\At104.job
c:\windows\Tasks\At105.job
c:\windows\Tasks\At106.job
c:\windows\Tasks\At107.job
c:\windows\Tasks\At108.job
c:\windows\Tasks\At109.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At110.job
c:\windows\Tasks\At111.job
c:\windows\Tasks\At112.job
c:\windows\Tasks\At113.job
c:\windows\Tasks\At114.job
c:\windows\Tasks\At115.job
c:\windows\Tasks\At116.job
c:\windows\Tasks\At117.job
c:\windows\Tasks\At118.job
c:\windows\Tasks\At119.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At120.job
c:\windows\Tasks\At121.job
c:\windows\Tasks\At122.job
c:\windows\Tasks\At123.job
c:\windows\Tasks\At124.job
c:\windows\Tasks\At125.job
c:\windows\Tasks\At126.job
c:\windows\Tasks\At127.job
c:\windows\Tasks\At128.job
c:\windows\Tasks\At129.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At130.job
c:\windows\Tasks\At131.job
c:\windows\Tasks\At132.job
c:\windows\Tasks\At133.job
c:\windows\Tasks\At134.job
c:\windows\Tasks\At135.job
c:\windows\Tasks\At136.job
c:\windows\Tasks\At137.job
c:\windows\Tasks\At138.job
c:\windows\Tasks\At139.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At140.job
c:\windows\Tasks\At141.job
c:\windows\Tasks\At142.job
c:\windows\Tasks\At143.job
c:\windows\Tasks\At144.job
c:\windows\Tasks\At145.job
c:\windows\Tasks\At146.job
c:\windows\Tasks\At147.job
c:\windows\Tasks\At148.job
c:\windows\Tasks\At149.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At150.job
c:\windows\Tasks\At151.job
c:\windows\Tasks\At152.job
c:\windows\Tasks\At153.job
c:\windows\Tasks\At154.job
c:\windows\Tasks\At155.job
c:\windows\Tasks\At156.job
c:\windows\Tasks\At157.job
c:\windows\Tasks\At158.job
c:\windows\Tasks\At159.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At160.job
c:\windows\Tasks\At161.job
c:\windows\Tasks\At162.job
c:\windows\Tasks\At163.job
c:\windows\Tasks\At164.job
c:\windows\Tasks\At165.job
c:\windows\Tasks\At166.job
c:\windows\Tasks\At167.job
c:\windows\Tasks\At168.job
c:\windows\Tasks\At169.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At170.job
c:\windows\Tasks\At171.job
c:\windows\Tasks\At172.job
c:\windows\Tasks\At173.job
c:\windows\Tasks\At174.job
c:\windows\Tasks\At175.job
c:\windows\Tasks\At176.job
c:\windows\Tasks\At177.job
c:\windows\Tasks\At178.job
c:\windows\Tasks\At179.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At180.job
c:\windows\Tasks\At181.job
c:\windows\Tasks\At182.job
c:\windows\Tasks\At183.job
c:\windows\Tasks\At184.job
c:\windows\Tasks\At185.job
c:\windows\Tasks\At186.job
c:\windows\Tasks\At187.job
c:\windows\Tasks\At188.job
c:\windows\Tasks\At189.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At190.job
c:\windows\Tasks\At191.job
c:\windows\Tasks\At192.job
c:\windows\Tasks\At193.job
c:\windows\Tasks\At194.job
c:\windows\Tasks\At195.job
c:\windows\Tasks\At196.job
c:\windows\Tasks\At197.job
c:\windows\Tasks\At198.job
c:\windows\Tasks\At199.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At200.job
c:\windows\Tasks\At201.job
c:\windows\Tasks\At202.job
c:\windows\Tasks\At203.job
c:\windows\Tasks\At204.job
c:\windows\Tasks\At205.job
c:\windows\Tasks\At206.job
c:\windows\Tasks\At207.job
c:\windows\Tasks\At208.job
c:\windows\Tasks\At209.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At210.job
c:\windows\Tasks\At211.job
c:\windows\Tasks\At212.job
c:\windows\Tasks\At213.job
c:\windows\Tasks\At214.job
c:\windows\Tasks\At215.job
c:\windows\Tasks\At216.job
c:\windows\Tasks\At217.job
c:\windows\Tasks\At218.job
c:\windows\Tasks\At219.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At220.job
c:\windows\Tasks\At221.job
c:\windows\Tasks\At222.job
c:\windows\Tasks\At223.job
c:\windows\Tasks\At224.job
c:\windows\Tasks\At225.job
c:\windows\Tasks\At226.job
c:\windows\Tasks\At227.job
c:\windows\Tasks\At228.job
c:\windows\Tasks\At229.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At230.job
c:\windows\Tasks\At231.job
c:\windows\Tasks\At232.job
c:\windows\Tasks\At233.job
c:\windows\Tasks\At234.job
c:\windows\Tasks\At235.job
c:\windows\Tasks\At236.job
c:\windows\Tasks\At237.job
c:\windows\Tasks\At238.job
c:\windows\Tasks\At239.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At240.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At49.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At50.job
c:\windows\Tasks\At51.job
c:\windows\Tasks\At52.job
c:\windows\Tasks\At53.job
c:\windows\Tasks\At54.job
c:\windows\Tasks\At55.job
c:\windows\Tasks\At56.job
c:\windows\Tasks\At57.job
c:\windows\Tasks\At58.job
c:\windows\Tasks\At59.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At60.job
c:\windows\Tasks\At61.job
c:\windows\Tasks\At62.job
c:\windows\Tasks\At63.job
c:\windows\Tasks\At64.job
c:\windows\Tasks\At65.job
c:\windows\Tasks\At66.job
c:\windows\Tasks\At67.job
c:\windows\Tasks\At68.job
c:\windows\Tasks\At69.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At70.job
c:\windows\Tasks\At71.job
c:\windows\Tasks\At72.job
c:\windows\Tasks\At73.job
c:\windows\Tasks\At74.job
c:\windows\Tasks\At75.job
c:\windows\Tasks\At76.job
c:\windows\Tasks\At77.job
c:\windows\Tasks\At78.job
c:\windows\Tasks\At79.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At80.job
c:\windows\Tasks\At81.job
c:\windows\Tasks\At82.job
c:\windows\Tasks\At83.job
c:\windows\Tasks\At84.job
c:\windows\Tasks\At85.job
c:\windows\Tasks\At86.job
c:\windows\Tasks\At87.job
c:\windows\Tasks\At88.job
c:\windows\Tasks\At89.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\At90.job
c:\windows\Tasks\At91.job
c:\windows\Tasks\At92.job
c:\windows\Tasks\At93.job
c:\windows\Tasks\At94.job
c:\windows\Tasks\At95.job
c:\windows\Tasks\At96.job
c:\windows\Tasks\At97.job
c:\windows\Tasks\At98.job
c:\windows\Tasks\At99.job

.
(((((((((((((((((((((((((   Files Created from 2009-02-15 to 2009-03-15  )))))))))))))))))))))))))))))))
.

2009-03-15 10:30 . 2009-03-15 10:30      <DIR>      d--------      c:\program files\Malwarebytes' Anti-Malware
2009-03-15 10:30 . 2009-03-15 10:30      <DIR>      d--------      c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-15 10:30 . 2009-03-15 10:30      <DIR>      d--------      c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-03-15 10:30 . 2009-02-11 10:19      38,496      --a------      c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-15 10:30 . 2009-02-11 10:19      15,504      --a------      c:\windows\system32\drivers\mbam.sys
2009-03-13 07:46 . 2007-12-24 17:37      138,384      --a------      c:\windows\system32\drivers\tmcomm.sys
2009-03-13 07:24 . 2009-03-13 07:24      552      --a------      c:\windows\system32\d3d8caps.dat
2009-03-13 07:18 . 2009-03-13 07:44      <DIR>      d--------      c:\documents and settings\Administrator\.housecall6.6
2009-03-12 13:11 . 2009-03-15 11:53      <DIR>      d--------      c:\program files\Spybot - Search & Destroy
2009-03-12 13:11 . 2009-03-15 11:52      <DIR>      d--------      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-11 17:17 . 2009-03-11 17:17      <DIR>      d--------      c:\program files\CCleaner
2009-03-11 17:16 . 2008-04-14 10:11      21,504      --a------      c:\windows\system32\hidserv.dll
2009-03-11 17:16 . 2008-04-14 10:11      21,504      --a------      c:\windows\system32\dllcache\hidserv.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 06:25      ---------      d-----w      c:\documents and settings\Administrator\Application Data\DNA
2009-03-15 05:35      ---------      d-----w      c:\program files\DNA
2009-03-13 06:28      ---------      d-----w      c:\program files\Trend Micro
2009-02-10 00:57      201,352      ----a-w      c:\windows\system32\PnkBstrB.exe
2009-02-10 00:57      140,216      ----a-w      c:\windows\system32\drivers\PnkBstrK.sys
2009-02-07 23:52      ---------      d-----w      c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-07 20:06      34      ----a-w      c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2009-02-04 07:07      0      ---ha-w      c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-04 07:07      0      ---ha-w      c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-02-03 18:36      ---------      d-----w      c:\documents and settings\Administrator\Application Data\BitTorrent
2009-01-18 05:49      ---------      d-----w      c:\program files\Google
2009-01-16 11:35      3,594,752      ------w      c:\windows\system32\dllcache\mshtml.dll
2008-12-19 09:10      70,656      ------w      c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10      13,824      ------w      c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25      634,024      ------w      c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23      161,792      ------w      c:\windows\system32\dllcache\ieakui.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-03-15_12.08.25.53   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-15 01:58:19      64,896      ----a-w      c:\windows\system32\perfc009.dat
+ 2009-03-15 05:39:19      64,896      ----a-w      c:\windows\system32\perfc009.dat
- 2009-03-15 01:58:19      410,200      ----a-w      c:\windows\system32\perfh009.dat
+ 2009-03-15 05:39:19      410,200      ----a-w      c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-11-20 2295072]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-21 8466432]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-31 1116920]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-12-12 331800]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-13 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-04-01 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-11 872448]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-10-29 398784]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"nwiz"="nwiz.exe" [2007-07-21 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-21 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Snagit 9.lnk - c:\program files\TechSmith\SnagIt 9\Snagit32.exe [2008-11-06 7217480]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-08-20 540184]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [2007-11-02 36368]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [2007-11-02 205328]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90bed70a-afa4-11dd-872c-00215ac74e37}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af33567c-e161-11dd-87a0-00215ac74e37}]
\Shell\AutoRun\command - wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea076baa-b04a-11dd-8730-00215ac74e37}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-03-15 c:\windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-AU\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 16:35:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
Completion time: 2009-03-15 16:35:54
ComboFix-quarantined-files.txt  2009-03-15 06:35:53
ComboFix2.txt  2009-03-15 02:09:06

Pre-Run: 70,053,330,944 bytes free
Post-Run: 70,042,558,464 bytes free

390      --- E O F ---      2009-03-12 17:01:37
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question