Tech Support Forum - View Single Post

techfem · 05-12-2008, 07:21 AM

Thank you so much for all of your help. I really appreciate it. We are still having the problem with browsing computers. Logs are below.

ComboFix 08-05-08.1 - Administrator 2008-05-12 8:34:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.613 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\SVCH0S.EXE
C:\WINDOWS\system\ewbdhe080504.exe
C:\WINDOWS\system32\drivers\lass.sys
C:\WINDOWS\system32\fdwbdhd16_080504.dll
C:\WINDOWS\system32\inf\svchowb.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\lass.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4

((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-09 12:51 . 2008-05-09 12:51 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-09 11:55 . 2008-05-09 11:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-09 08:44 . 2008-05-09 08:44 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-09 08:40 . 2008-05-09 08:59 <DIR> d-------- C:\SDFix
2008-05-08 21:36 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-08 21:36 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-08 14:34 . 2008-04-13 19:12 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-05-08 14:34 . 2008-04-13 19:12 18,944 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-05-08 14:33 . 2008-04-13 13:45 31,744 --a------ C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-05-08 14:33 . 2008-04-13 13:46 19,200 --a------ C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-05-08 14:33 . 2008-04-13 13:36 8,832 --a------ C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-05-08 14:33 . 2008-04-13 19:12 8,192 --a------ C:\WINDOWS\system32\dllcache\wshirda.dll
2008-05-08 14:32 . 2008-04-13 19:12 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-05-08 14:31 . 2008-04-13 13:45 60,032 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-08 14:31 . 2008-04-13 13:45 26,112 --a------ C:\WINDOWS\system32\dllcache\usbser.sys
2008-05-08 14:31 . 2008-04-13 13:45 17,152 --a------ C:\WINDOWS\system32\dllcache\usbohci.sys
2008-05-08 14:31 . 2008-04-13 13:45 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-08 14:30 . 2008-04-13 19:12 82,944 --a------ C:\WINDOWS\system32\dllcache\tp4mon.exe
2008-05-08 14:29 . 2008-04-13 13:40 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
2008-05-08 14:29 . 2008-04-13 13:46 15,232 --a------ C:\WINDOWS\system32\dllcache\streamip.sys
2008-05-08 14:28 . 2008-04-13 13:40 7,552 --a------ C:\WINDOWS\system32\dllcache\sonyait.sys
2008-05-08 14:27 . 2008-04-13 13:36 16,000 --a------ C:\WINDOWS\system32\dllcache\smbbatt.sys
2008-05-08 14:27 . 2008-04-13 13:46 11,136 --a------ C:\WINDOWS\system32\dllcache\slip.sys
2008-05-08 14:27 . 2008-04-13 13:36 6,912 --a------ C:\WINDOWS\system32\dllcache\smbclass.sys
2008-05-08 14:26 . 2008-04-13 13:45 11,520 --a------ C:\WINDOWS\system32\dllcache\scsiscan.sys
2008-05-08 14:25 . 2008-04-13 13:40 43,904 --a------ C:\WINDOWS\system32\dllcache\sbp2port.sys
2008-05-08 14:25 . 2008-04-13 19:12 29,696 --a------ C:\WINDOWS\system32\dllcache\rw450ext.dll
2008-05-08 14:25 . 2008-04-13 19:12 27,648 --a------ C:\WINDOWS\system32\dllcache\rw430ext.dll
2008-05-08 14:24 . 2008-04-13 19:12 159,232 --a------ C:\WINDOWS\system32\dllcache\ptpusd.dll
2008-05-08 14:24 . 2008-04-13 13:40 79,104 --a------ C:\WINDOWS\system32\dllcache\rocket.sys
2008-05-08 14:24 . 2008-04-13 13:40 6,016 --a------ C:\WINDOWS\system32\dllcache\qic157.sys
2008-05-08 14:23 . 2008-04-13 19:12 363,520 --a------ C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-05-08 14:23 . 2008-04-13 19:10 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-05-08 14:23 . 2008-04-13 19:10 211,584 --a------ C:\WINDOWS\system32\dllcache\perm2dll.dll
2008-05-08 14:23 . 2008-04-13 19:12 33,280 --a------ C:\WINDOWS\system32\dllcache\psisrndr.ax
2008-05-08 14:23 . 2008-04-13 13:44 28,032 --a------ C:\WINDOWS\system32\dllcache\perm3.sys
2008-05-08 14:23 . 2008-04-13 13:44 27,904 --a------ C:\WINDOWS\system32\dllcache\perm2.sys
2008-05-08 14:23 . 2008-04-13 13:41 17,664 --a------ C:\WINDOWS\system32\dllcache\ppa3.sys
2008-05-08 14:23 . 2008-04-13 13:40 8,832 --a------ C:\WINDOWS\system32\dllcache\powerfil.sys
2008-05-08 14:21 . 2008-04-13 13:31 2,065,792 --a------ C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-05-08 14:21 . 2008-04-13 13:46 61,696 --a------ C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-05-08 14:21 . 2008-04-13 13:54 28,672 --a------ C:\WINDOWS\system32\dllcache\nscirda.sys
2008-05-08 14:21 . 2008-04-13 13:46 10,880 --a------ C:\WINDOWS\system32\dllcache\ndisip.sys
2008-05-08 14:20 . 2008-04-13 13:46 85,248 --a------ C:\WINDOWS\system32\dllcache\nabtsfec.sys
2008-05-08 14:20 . 2008-04-13 13:46 49,024 --a------ C:\WINDOWS\system32\dllcache\mstape.sys
2008-05-08 14:20 . 2008-04-13 13:54 22,016 --a------ C:\WINDOWS\system32\dllcache\msircomm.sys
2008-05-08 14:20 . 2008-04-13 13:39 5,504 --a------ C:\WINDOWS\system32\dllcache\mstee.sys
2008-05-08 14:19 . 2008-04-13 19:12 56,832 --a------ C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-05-08 14:19 . 2008-04-13 13:46 51,200 --a------ C:\WINDOWS\system32\dllcache\msdv.sys
2008-05-08 14:19 . 2008-04-13 13:41 26,112 --a------ C:\WINDOWS\system32\dllcache\memstpci.sys
2008-05-08 14:19 . 2008-04-13 13:46 15,232 --a------ C:\WINDOWS\system32\dllcache\mpe.sys
2008-05-08 14:18 . 2008-04-13 19:11 253,952 --a------ C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-05-08 14:18 . 2008-04-13 19:12 91,136 --a------ C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-05-08 14:18 . 2008-04-13 19:12 61,952 --a------ C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-05-08 14:18 . 2008-04-13 19:11 48,640 --a------ C:\WINDOWS\system32\dllcache\kdsui.dll
2008-05-08 14:18 . 2008-04-13 19:12 43,008 --a------ C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-05-08 14:18 . 2008-04-13 13:40 34,688 --a------ C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2008-05-08 14:18 . 2008-04-13 13:40 7,040 --a------ C:\WINDOWS\system32\dllcache\ltotape.sys
2008-05-08 14:17 . 2008-04-13 19:12 151,552 --a------ C:\WINDOWS\system32\dllcache\irftp.exe
2008-05-08 14:17 . 2008-04-13 13:54 88,192 --a------ C:\WINDOWS\system32\dllcache\irda.sys
2008-05-08 14:17 . 2008-04-13 19:11 28,160 --a------ C:\WINDOWS\system32\dllcache\irmon.dll
2008-05-08 14:17 . 2008-04-13 19:12 16,384 --a------ C:\WINDOWS\system32\dllcache\ipsink.ax
2008-05-08 14:17 . 2008-04-13 19:09 6,144 --a------ C:\WINDOWS\system32\dllcache\kbd106.dll
2008-05-08 14:16 . 2008-04-13 19:11 702,845 --a------ C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-05-08 14:14 . 2008-04-13 13:45 59,136 --a------ C:\WINDOWS\system32\dllcache\gckernel.sys
2008-05-08 14:14 . 2008-04-13 13:40 28,288 --a------ C:\WINDOWS\system32\dllcache\grserial.sys
2008-05-08 14:14 . 2008-04-13 13:36 20,352 --a------ C:\WINDOWS\system32\dllcache\hidbatt.sys
2008-05-08 14:14 . 2008-04-13 13:45 10,624 --a------ C:\WINDOWS\system32\dllcache\gameenum.sys
2008-05-08 14:12 . 2008-04-13 13:39 206,976 --a------ C:\WINDOWS\system32\dllcache\dot4.sys
2008-05-08 14:12 . 2008-04-13 19:12 20,992 --a------ C:\WINDOWS\system32\dllcache\dshowext.ax
2008-05-08 14:12 . 2008-04-13 13:40 8,320 --a------ C:\WINDOWS\system32\dllcache\dlttape.sys
2008-05-08 14:10 . 2008-04-13 19:11 249,856 --a------ C:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-05-08 14:10 . 2008-04-13 19:11 121,856 --a------ C:\WINDOWS\system32\dllcache\camext30.dll
2008-05-08 14:10 . 2008-04-13 13:46 17,024 --a------ C:\WINDOWS\system32\dllcache\ccdecode.sys
2008-05-08 14:10 . 2008-04-13 13:36 13,952 --a------ C:\WINDOWS\system32\dllcache\cmbatt.sys
2008-05-08 14:10 . 2008-04-13 13:36 10,240 --a------ C:\WINDOWS\system32\dllcache\compbatt.sys
2008-05-08 14:10 . 2008-04-13 13:40 8,192 --a------ C:\WINDOWS\system32\dllcache\changer.sys
2008-05-08 14:09 . 2008-04-13 13:46 38,912 --a------ C:\WINDOWS\system32\dllcache\avc.sys
2008-05-08 14:09 . 2008-04-13 19:12 18,432 --a------ C:\WINDOWS\system32\dllcache\bdaplgin.ax
2008-05-08 14:09 . 2008-04-13 13:36 14,208 --a------ C:\WINDOWS\system32\dllcache\battc.sys
2008-05-08 14:09 . 2008-04-13 13:46 13,696 --a------ C:\WINDOWS\system32\dllcache\avcstrm.sys
2008-05-08 14:09 . 2008-04-13 13:46 11,776 --a------ C:\WINDOWS\system32\dllcache\bdasup.sys
2008-05-08 14:08 . 2008-04-13 14:27 2,188,928 --a------ C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-05-08 14:08 . 2008-04-13 13:46 53,376 --a------ C:\WINDOWS\system32\dllcache\1394bus.sys
2008-05-08 14:08 . 2008-04-13 13:46 48,128 --a------ C:\WINDOWS\system32\dllcache\61883.sys
2008-05-08 14:08 . 2008-04-13 13:40 12,288 --a------ C:\WINDOWS\system32\dllcache\4mmdat.sys
2008-05-08 13:59 . 2007-09-27 15:49 101,528 --a------ C:\WINDOWS\system32\drivers\RCFOX.SYS
2008-05-08 13:58 . 2008-05-08 13:58 <DIR> d-------- C:\Program Files\Common Files\Deterministic Networks
2008-05-08 13:58 . 2008-05-08 13:58 <DIR> d-------- C:\Documents and Settings\cvassil\Application Data\InstallShield
2008-05-08 13:58 . 2007-09-27 12:10 95,504 --a------ C:\WINDOWS\system32\RCIPHlp.dll
2008-05-08 13:58 . 2005-11-08 09:58 24,876 --a------ C:\WINDOWS\system32\drivers\rcvpn.sys
2008-05-08 12:16 . 2008-05-08 12:16 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-08 12:16 . 2008-05-08 12:16 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-08 12:16 . 2008-05-08 12:16 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-08 12:16 . 2008-05-08 12:16 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-08 11:57 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-08 10:43 . 2008-05-08 12:14 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-08 10:13 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-05-08 10:13 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-05-08 10:11 . 2001-08-17 13:28 765,884 --a------ C:\WINDOWS\system32\dllcache\usrti.sys
2008-05-08 10:10 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-08 10:09 . 2008-04-13 19:11 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-05-08 10:08 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-05-08 10:07 . 2001-08-17 14:56 147,200 --a------ C:\WINDOWS\system32\dllcache\smidispb.dll
2008-05-08 10:06 . 2001-08-17 14:56 252,032 --a------ C:\WINDOWS\system32\dllcache\sis300iv.dll
2008-05-08 10:05 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-05-08 10:04 . 2001-08-17 14:56 210,496 --a------ C:\WINDOWS\system32\dllcache\s3mvirge.dll
2008-05-08 10:03 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-08 05:40 . 2008-05-11 05:55 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-07 18:20 . 2008-05-11 23:53 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-07 18:20 . 2008-05-07 18:20 <DIR> d-------- C:\Program Files\AVG
2008-05-07 18:20 . 2008-05-07 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-07 18:20 . 2008-05-07 18:20 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-07 18:20 . 2008-05-07 18:20 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-07 18:19 . 2008-05-07 18:20 8,192 --a------ C:\Documents and Settings\Mark
2008-05-07 18:19 . 2008-05-07 18:20 8,192 --a------ C:\Documents and Settings\LSCHUL~1
2008-05-07 18:15 . 2004-08-04 05:00 131,584 --a------ C:\WINDOWS\system32\dllcache\pmxviceo.dll
2008-05-07 18:15 . 2004-08-04 05:00 83,748 --a------ C:\WINDOWS\system32\dllcache\prcp.nls
2008-05-07 18:15 . 2004-08-04 05:00 83,748 --a------ C:\WINDOWS\system32\dllcache\prc.nls
2008-05-07 18:15 . 2008-04-13 19:10 67,584 --a------ C:\WINDOWS\system32\dllcache\pmigrate.dll
2008-05-07 18:15 . 2001-08-17 13:53 17,792 --a------ C:\WINDOWS\system32\dllcache\ppa.sys
2008-05-07 18:15 . 2001-08-17 13:51 16,128 --a------ C:\WINDOWS\system32\dllcache\pscr.sys
2008-05-07 18:15 . 2004-08-04 05:00 11,264 --a------ C:\WINDOWS\system32\dllcache\pmxmcro.dll
2008-05-07 18:15 . 2001-08-17 13:53 7,168 --a------ C:\WINDOWS\system32\dllcache\pnrmc.sys
2008-05-07 18:15 . 2004-08-04 05:00 6,144 --a------ C:\WINDOWS\system32\dllcache\pmxgl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-10 17:04 --------- d-----w C:\Program Files\Google
2008-05-08 19:05 --------- d-----w C:\Documents and Settings\cvassil\Application Data\SonicWALL
2008-05-08 18:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 10:40 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-07 23:33 --------- d-----w C:\Program Files\SonicWALL
2008-05-07 22:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-07 02:43 --------- d-----w C:\Program Files\Java
2008-05-06 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-06 14:39 --------- d-----w C:\Program Files\Dell
2008-05-06 14:37 --------- d--h--w C:\Documents and Settings\cvassil\Application Data\Gtek
2008-05-06 14:37 --------- d--h--w C:\Documents and Settings\Administrator\Application Data\GTek
2008-05-06 14:37 --------- d--h--w C:\Documents and Settings\administrator.SUSANDAVIS\Application Data\Gtek
2008-05-06 14:35 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-04-23 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ------w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 18:46 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 18:46 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:41 8,576 ----a-w C:\WINDOWS\system32\drivers\i2omgmt.sys
2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:41 18,560 ----a-w C:\WINDOWS\system32\drivers\i2omp.sys
2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 18:39 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-13 18:39 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-13 18:39 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
2008-04-13 18:39 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-09_10.20.40.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-09 13:51:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 13:37:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-05-08 17:24:26 71,640 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-09 18:51:15 71,640 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-08 17:24:26 440,606 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-09 18:51:15 440,606 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-10 12:04 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 19:12 1695232]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-21 16:48 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-21 16:50 86016]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 10:20 282624 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-07 18:20 1177368]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-04-30 18:08 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1268\Scripts\Logon\0\0]
"Script"=mapdrive.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1268\Scripts\Logon\0\1]
"Script"=map2printers.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1268\Scripts\Logon\0\2]
"Script"=Rdrive.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1344\Scripts\Logon\0\0]
"Script"=mapdrive.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1344\Scripts\Logon\0\1]
"Script"=map2printers.vbs

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\apisvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
C:\Program Files\Brownie\BrstsWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2006-07-21 16:47 81920 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-01-18 08:37 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-07 18:20]
R1 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2007-09-27 15:49]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-07 18:20]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 TSScheduleBackup;TimeslipsBackup;C:\WINDOWS\system32\TSSchBkpService.exe [2006-06-15 18:17]
R3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2005-11-08 09:58]
S2 WinRAR Archiver;WinRAR Archiver;C:\Program Files\WinRAR\WinRARSyS.exe [2008-05-05 15:32]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 12:02]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 19:21:31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 08:39:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
.
**************************************************************************
.
Completion time: 2008-05-12 8:40:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-12 13:40:51
ComboFix2.txt 2008-05-09 15:20:49

Pre-Run: 223,178,416,128 bytes free
Post-Run: 223,093,923,840 bytes free

373 --- E O F --- 2008-05-09 08:04:15

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9

44 AM, on 5/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\TSSchBkpService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1190313106721
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1210264436593
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: TimeslipsBackup (TSScheduleBackup) - Unknown owner - C:\WINDOWS\system32\TSSchBkpService.exe
O23 - Service: WinRAR Archiver - Unknown owner - C:\Program Files\WinRAR\WinRARSyS.exe

--
End of file - 7294 bytes

05-12-2008, 07:21 AM	#6 (permalink)
techfem Registered User Join Date: May 2008 Posts: 8 OS: XP SP2	Re: Simultaneous Viruses Thank you so much for all of your help. I really appreciate it. We are still having the problem with browsing computers. Logs are below. ComboFix 08-05-08.1 - Administrator 2008-05-12 8:34:55.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.613 [GMT -5:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt * Created a new restore point FILE :: C:\WINDOWS\SVCH0S.EXE C:\WINDOWS\system\ewbdhe080504.exe C:\WINDOWS\system32\drivers\lass.sys C:\WINDOWS\system32\fdwbdhd16_080504.dll C:\WINDOWS\system32\inf\svchowb.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\lass.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Service_6to4 ((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))) . 2008-05-09 12:51 . 2008-05-09 12:51 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-09 11:55 . 2008-05-09 11:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback 2008-05-09 08:44 . 2008-05-09 08:44 <DIR> d-------- C:\WINDOWS\ERUNT 2008-05-09 08:40 . 2008-05-09 08:59 <DIR> d-------- C:\SDFix 2008-05-08 21:36 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-08 21:36 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-08 14:34 . 2008-04-13 19:12 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2008-05-08 14:34 . 2008-04-13 19:12 18,944 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll 2008-05-08 14:33 . 2008-04-13 13:45 31,744 --a------ C:\WINDOWS\system32\dllcache\wceusbsh.sys 2008-05-08 14:33 . 2008-04-13 13:46 19,200 --a------ C:\WINDOWS\system32\dllcache\wstcodec.sys 2008-05-08 14:33 . 2008-04-13 13:36 8,832 --a------ C:\WINDOWS\system32\dllcache\wmiacpi.sys 2008-05-08 14:33 . 2008-04-13 19:12 8,192 --a------ C:\WINDOWS\system32\dllcache\wshirda.dll 2008-05-08 14:32 . 2008-04-13 19:12 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2008-05-08 14:31 . 2008-04-13 13:45 60,032 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys 2008-05-08 14:31 . 2008-04-13 13:45 26,112 --a------ C:\WINDOWS\system32\dllcache\usbser.sys 2008-05-08 14:31 . 2008-04-13 13:45 17,152 --a------ C:\WINDOWS\system32\dllcache\usbohci.sys 2008-05-08 14:31 . 2008-04-13 13:45 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys 2008-05-08 14:30 . 2008-04-13 19:12 82,944 --a------ C:\WINDOWS\system32\dllcache\tp4mon.exe 2008-05-08 14:29 . 2008-04-13 13:40 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys 2008-05-08 14:29 . 2008-04-13 13:46 15,232 --a------ C:\WINDOWS\system32\dllcache\streamip.sys 2008-05-08 14:28 . 2008-04-13 13:40 7,552 --a------ C:\WINDOWS\system32\dllcache\sonyait.sys 2008-05-08 14:27 . 2008-04-13 13:36 16,000 --a------ C:\WINDOWS\system32\dllcache\smbbatt.sys 2008-05-08 14:27 . 2008-04-13 13:46 11,136 --a------ C:\WINDOWS\system32\dllcache\slip.sys 2008-05-08 14:27 . 2008-04-13 13:36 6,912 --a------ C:\WINDOWS\system32\dllcache\smbclass.sys 2008-05-08 14:26 . 2008-04-13 13:45 11,520 --a------ C:\WINDOWS\system32\dllcache\scsiscan.sys 2008-05-08 14:25 . 2008-04-13 13:40 43,904 --a------ C:\WINDOWS\system32\dllcache\sbp2port.sys 2008-05-08 14:25 . 2008-04-13 19:12 29,696 --a------ C:\WINDOWS\system32\dllcache\rw450ext.dll 2008-05-08 14:25 . 2008-04-13 19:12 27,648 --a------ C:\WINDOWS\system32\dllcache\rw430ext.dll 2008-05-08 14:24 . 2008-04-13 19:12 159,232 --a------ C:\WINDOWS\system32\dllcache\ptpusd.dll 2008-05-08 14:24 . 2008-04-13 13:40 79,104 --a------ C:\WINDOWS\system32\dllcache\rocket.sys 2008-05-08 14:24 . 2008-04-13 13:40 6,016 --a------ C:\WINDOWS\system32\dllcache\qic157.sys 2008-05-08 14:23 . 2008-04-13 19:12 363,520 --a------ C:\WINDOWS\system32\dllcache\psisdecd.dll 2008-05-08 14:23 . 2008-04-13 19:10 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll 2008-05-08 14:23 . 2008-04-13 19:10 211,584 --a------ C:\WINDOWS\system32\dllcache\perm2dll.dll 2008-05-08 14:23 . 2008-04-13 19:12 33,280 --a------ C:\WINDOWS\system32\dllcache\psisrndr.ax 2008-05-08 14:23 . 2008-04-13 13:44 28,032 --a------ C:\WINDOWS\system32\dllcache\perm3.sys 2008-05-08 14:23 . 2008-04-13 13:44 27,904 --a------ C:\WINDOWS\system32\dllcache\perm2.sys 2008-05-08 14:23 . 2008-04-13 13:41 17,664 --a------ C:\WINDOWS\system32\dllcache\ppa3.sys 2008-05-08 14:23 . 2008-04-13 13:40 8,832 --a------ C:\WINDOWS\system32\dllcache\powerfil.sys 2008-05-08 14:21 . 2008-04-13 13:31 2,065,792 --a------ C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-05-08 14:21 . 2008-04-13 13:46 61,696 --a------ C:\WINDOWS\system32\dllcache\ohci1394.sys 2008-05-08 14:21 . 2008-04-13 13:54 28,672 --a------ C:\WINDOWS\system32\dllcache\nscirda.sys 2008-05-08 14:21 . 2008-04-13 13:46 10,880 --a------ C:\WINDOWS\system32\dllcache\ndisip.sys 2008-05-08 14:20 . 2008-04-13 13:46 85,248 --a------ C:\WINDOWS\system32\dllcache\nabtsfec.sys 2008-05-08 14:20 . 2008-04-13 13:46 49,024 --a------ C:\WINDOWS\system32\dllcache\mstape.sys 2008-05-08 14:20 . 2008-04-13 13:54 22,016 --a------ C:\WINDOWS\system32\dllcache\msircomm.sys 2008-05-08 14:20 . 2008-04-13 13:39 5,504 --a------ C:\WINDOWS\system32\dllcache\mstee.sys 2008-05-08 14:19 . 2008-04-13 19:12 56,832 --a------ C:\WINDOWS\system32\dllcache\msdvbnp.ax 2008-05-08 14:19 . 2008-04-13 13:46 51,200 --a------ C:\WINDOWS\system32\dllcache\msdv.sys 2008-05-08 14:19 . 2008-04-13 13:41 26,112 --a------ C:\WINDOWS\system32\dllcache\memstpci.sys 2008-05-08 14:19 . 2008-04-13 13:46 15,232 --a------ C:\WINDOWS\system32\dllcache\mpe.sys 2008-05-08 14:18 . 2008-04-13 19:11 253,952 --a------ C:\WINDOWS\system32\dllcache\kdsusd.dll 2008-05-08 14:18 . 2008-04-13 19:12 91,136 --a------ C:\WINDOWS\system32\dllcache\kswdmcap.ax 2008-05-08 14:18 . 2008-04-13 19:12 61,952 --a------ C:\WINDOWS\system32\dllcache\kstvtune.ax 2008-05-08 14:18 . 2008-04-13 19:11 48,640 --a------ C:\WINDOWS\system32\dllcache\kdsui.dll 2008-05-08 14:18 . 2008-04-13 19:12 43,008 --a------ C:\WINDOWS\system32\dllcache\ksxbar.ax 2008-05-08 14:18 . 2008-04-13 13:40 34,688 --a------ C:\WINDOWS\system32\dllcache\lbrtfdc.sys 2008-05-08 14:18 . 2008-04-13 13:40 7,040 --a------ C:\WINDOWS\system32\dllcache\ltotape.sys 2008-05-08 14:17 . 2008-04-13 19:12 151,552 --a------ C:\WINDOWS\system32\dllcache\irftp.exe 2008-05-08 14:17 . 2008-04-13 13:54 88,192 --a------ C:\WINDOWS\system32\dllcache\irda.sys 2008-05-08 14:17 . 2008-04-13 19:11 28,160 --a------ C:\WINDOWS\system32\dllcache\irmon.dll 2008-05-08 14:17 . 2008-04-13 19:12 16,384 --a------ C:\WINDOWS\system32\dllcache\ipsink.ax 2008-05-08 14:17 . 2008-04-13 19:09 6,144 --a------ C:\WINDOWS\system32\dllcache\kbd106.dll 2008-05-08 14:16 . 2008-04-13 19:11 702,845 --a------ C:\WINDOWS\system32\dllcache\i81xdnt5.dll 2008-05-08 14:14 . 2008-04-13 13:45 59,136 --a------ C:\WINDOWS\system32\dllcache\gckernel.sys 2008-05-08 14:14 . 2008-04-13 13:40 28,288 --a------ C:\WINDOWS\system32\dllcache\grserial.sys 2008-05-08 14:14 . 2008-04-13 13:36 20,352 --a------ C:\WINDOWS\system32\dllcache\hidbatt.sys 2008-05-08 14:14 . 2008-04-13 13:45 10,624 --a------ C:\WINDOWS\system32\dllcache\gameenum.sys 2008-05-08 14:12 . 2008-04-13 13:39 206,976 --a------ C:\WINDOWS\system32\dllcache\dot4.sys 2008-05-08 14:12 . 2008-04-13 19:12 20,992 --a------ C:\WINDOWS\system32\dllcache\dshowext.ax 2008-05-08 14:12 . 2008-04-13 13:40 8,320 --a------ C:\WINDOWS\system32\dllcache\dlttape.sys 2008-05-08 14:10 . 2008-04-13 19:11 249,856 --a------ C:\WINDOWS\system32\dllcache\ctmasetp.dll 2008-05-08 14:10 . 2008-04-13 19:11 121,856 --a------ C:\WINDOWS\system32\dllcache\camext30.dll 2008-05-08 14:10 . 2008-04-13 13:46 17,024 --a------ C:\WINDOWS\system32\dllcache\ccdecode.sys 2008-05-08 14:10 . 2008-04-13 13:36 13,952 --a------ C:\WINDOWS\system32\dllcache\cmbatt.sys 2008-05-08 14:10 . 2008-04-13 13:36 10,240 --a------ C:\WINDOWS\system32\dllcache\compbatt.sys 2008-05-08 14:10 . 2008-04-13 13:40 8,192 --a------ C:\WINDOWS\system32\dllcache\changer.sys 2008-05-08 14:09 . 2008-04-13 13:46 38,912 --a------ C:\WINDOWS\system32\dllcache\avc.sys 2008-05-08 14:09 . 2008-04-13 19:12 18,432 --a------ C:\WINDOWS\system32\dllcache\bdaplgin.ax 2008-05-08 14:09 . 2008-04-13 13:36 14,208 --a------ C:\WINDOWS\system32\dllcache\battc.sys 2008-05-08 14:09 . 2008-04-13 13:46 13,696 --a------ C:\WINDOWS\system32\dllcache\avcstrm.sys 2008-05-08 14:09 . 2008-04-13 13:46 11,776 --a------ C:\WINDOWS\system32\dllcache\bdasup.sys 2008-05-08 14:08 . 2008-04-13 14:27 2,188,928 --a------ C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-05-08 14:08 . 2008-04-13 13:46 53,376 --a------ C:\WINDOWS\system32\dllcache\1394bus.sys 2008-05-08 14:08 . 2008-04-13 13:46 48,128 --a------ C:\WINDOWS\system32\dllcache\61883.sys 2008-05-08 14:08 . 2008-04-13 13:40 12,288 --a------ C:\WINDOWS\system32\dllcache\4mmdat.sys 2008-05-08 13:59 . 2007-09-27 15:49 101,528 --a------ C:\WINDOWS\system32\drivers\RCFOX.SYS 2008-05-08 13:58 . 2008-05-08 13:58 <DIR> d-------- C:\Program Files\Common Files\Deterministic Networks 2008-05-08 13:58 . 2008-05-08 13:58 <DIR> d-------- C:\Documents and Settings\cvassil\Application Data\InstallShield 2008-05-08 13:58 . 2007-09-27 12:10 95,504 --a------ C:\WINDOWS\system32\RCIPHlp.dll 2008-05-08 13:58 . 2005-11-08 09:58 24,876 --a------ C:\WINDOWS\system32\drivers\rcvpn.sys 2008-05-08 12:16 . 2008-05-08 12:16 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-05-08 12:16 . 2008-05-08 12:16 <DIR> d-------- C:\WINDOWS\system32\en 2008-05-08 12:16 . 2008-05-08 12:16 <DIR> d-------- C:\WINDOWS\system32\bits 2008-05-08 12:16 . 2008-05-08 12:16 <DIR> d-------- C:\WINDOWS\l2schemas 2008-05-08 11:57 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-05-08 10:43 . 2008-05-08 12:14 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-05-08 10:13 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe 2008-05-08 10:13 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll 2008-05-08 10:11 . 2001-08-17 13:28 765,884 --a------ C:\WINDOWS\system32\dllcache\usrti.sys 2008-05-08 10:10 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys 2008-05-08 10:09 . 2008-04-13 19:11 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime 2008-05-08 10:08 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys 2008-05-08 10:07 . 2001-08-17 14:56 147,200 --a------ C:\WINDOWS\system32\dllcache\smidispb.dll 2008-05-08 10:06 . 2001-08-17 14:56 252,032 --a------ C:\WINDOWS\system32\dllcache\sis300iv.dll 2008-05-08 10:05 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll 2008-05-08 10:04 . 2001-08-17 14:56 210,496 --a------ C:\WINDOWS\system32\dllcache\s3mvirge.dll 2008-05-08 10:03 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys 2008-05-08 05:40 . 2008-05-11 05:55 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-05-07 18:20 . 2008-05-11 23:53 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-05-07 18:20 . 2008-05-07 18:20 <DIR> d-------- C:\Program Files\AVG 2008-05-07 18:20 . 2008-05-07 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-05-07 18:20 . 2008-05-07 18:20 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-05-07 18:20 . 2008-05-07 18:20 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-05-07 18:19 . 2008-05-07 18:20 8,192 --a------ C:\Documents and Settings\Mark 2008-05-07 18:19 . 2008-05-07 18:20 8,192 --a------ C:\Documents and Settings\LSCHUL~1 2008-05-07 18:15 . 2004-08-04 05:00 131,584 --a------ C:\WINDOWS\system32\dllcache\pmxviceo.dll 2008-05-07 18:15 . 2004-08-04 05:00 83,748 --a------ C:\WINDOWS\system32\dllcache\prcp.nls 2008-05-07 18:15 . 2004-08-04 05:00 83,748 --a------ C:\WINDOWS\system32\dllcache\prc.nls 2008-05-07 18:15 . 2008-04-13 19:10 67,584 --a------ C:\WINDOWS\system32\dllcache\pmigrate.dll 2008-05-07 18:15 . 2001-08-17 13:53 17,792 --a------ C:\WINDOWS\system32\dllcache\ppa.sys 2008-05-07 18:15 . 2001-08-17 13:51 16,128 --a------ C:\WINDOWS\system32\dllcache\pscr.sys 2008-05-07 18:15 . 2004-08-04 05:00 11,264 --a------ C:\WINDOWS\system32\dllcache\pmxmcro.dll 2008-05-07 18:15 . 2001-08-17 13:53 7,168 --a------ C:\WINDOWS\system32\dllcache\pnrmc.sys 2008-05-07 18:15 . 2004-08-04 05:00 6,144 --a------ C:\WINDOWS\system32\dllcache\pmxgl.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-11 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-05-10 17:04 --------- d-----w C:\Program Files\Google 2008-05-08 19:05 --------- d-----w C:\Documents and Settings\cvassil\Application Data\SonicWALL 2008-05-08 18:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-08 10:40 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-05-07 23:33 --------- d-----w C:\Program Files\SonicWALL 2008-05-07 22:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-05-07 02:43 --------- d-----w C:\Program Files\Java 2008-05-06 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-05-06 14:39 --------- d-----w C:\Program Files\Dell 2008-05-06 14:37 --------- d--h--w C:\Documents and Settings\cvassil\Application Data\Gtek 2008-05-06 14:37 --------- d--h--w C:\Documents and Settings\Administrator\Application Data\GTek 2008-05-06 14:37 --------- d--h--w C:\Documents and Settings\administrator.SUSANDAVIS\Application Data\Gtek 2008-05-06 14:35 --------- d-----w C:\Program Files\Common Files\Nullsoft 2008-04-23 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe 2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll 2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe 2008-04-14 00:12 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll 2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe 2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe 2008-04-14 00:12 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll 2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe 2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe 2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ------w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys 2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys 2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys 2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys 2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys 2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys 2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys 2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys 2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys 2008-04-13 18:46 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-13 18:46 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys 2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys 2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys 2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys 2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys 2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys 2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-13 18:41 8,576 ----a-w C:\WINDOWS\system32\drivers\i2omgmt.sys 2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-13 18:41 18,560 ----a-w C:\WINDOWS\system32\drivers\i2omp.sys 2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys 2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys 2008-04-13 18:39 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys 2008-04-13 18:39 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys 2008-04-13 18:39 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys 2008-04-13 18:39 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys . ((((((((((((((((((((((((((((( snapshot@2008-05-09_10.20.40.75 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-09 13:51:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-12 13:37:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE - 2008-05-08 17:24:26 71,640 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-05-09 18:51:15 71,640 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-05-08 17:24:26 440,606 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-05-09 18:51:15 440,606 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-10 12:04 68856] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 19:12 1695232] "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-21 16:48 98304] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-21 16:50 86016] "SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 10:20 282624 C:\WINDOWS\stsystra.exe] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552] "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [ ] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-07 18:20 1177368] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "StartMenuLogOff"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2008-04-30 18:08 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1268\Scripts\Logon\0\0] "Script"=mapdrive.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1268\Scripts\Logon\0\1] "Script"=map2printers.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1268\Scripts\Logon\0\2] "Script"=Rdrive.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1344\Scripts\Logon\0\0] "Script"=mapdrive.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1344\Scripts\Logon\0\1] "Script"=map2printers.vbs [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\apisvc] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2006-07-21 16:47 81920 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-01-18 08:37 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-07 18:20] R1 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2007-09-27 15:49] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-07 18:20] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39] R2 TSScheduleBackup;TimeslipsBackup;C:\WINDOWS\system32\TSSchBkpService.exe [2006-06-15 18:17] R3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2005-11-08 09:58] S2 WinRAR Archiver;WinRAR Archiver;C:\Program Files\WinRAR\WinRARSyS.exe [2008-05-05 15:32] S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39] S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 12:02] . Contents of the 'Scheduled Tasks' folder "2008-05-08 19:21:31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-12 08:39:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Program Files\LogMeIn\x86\ramaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe . ************************************************************************ . Completion time: 2008-05-12 8:40:55 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-12 13:40:51 ComboFix2.txt 2008-05-09 15:20:49 Pre-Run: 223,178,416,128 bytes free Post-Run: 223,093,923,840 bytes free 373 --- E O F --- 2008-05-09 08:04:15 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 944 AM, on 5/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\TSSchBkpService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\dmadmin.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: AutorunsDisabled O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1190313106721 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1210264436593 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe O23 - Service: TimeslipsBackup (TSScheduleBackup) - Unknown owner - C:\WINDOWS\system32\TSSchBkpService.exe O23 - Service: WinRAR Archiver - Unknown owner - C:\Program Files\WinRAR\WinRARSyS.exe -- End of file - 7294 bytes