Tech Support Forum - View Single Post

curtiswheat · 08-03-2006, 09:47 AM

Start Time= 06-08-03 11:38:15.15
Running from: C:\Documents and Settings\CWheat\desktop

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\ehkmp.bak1
C:\WINDOWS\system32\ehkmp.bak2
C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\ehkmp.ini2
C:\WINDOWS\system32\ehkmp.tmp

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\{B0A5AD2A-0711-1033-0727-051109040001}

((((((((((((((((((((((((((((((( Files Created from 2006-07-03 to 2006-08-03 ))))))))))))))))))))))))))))))))))

2006-08-01 17:21 73,728 C:\WINDOWS\system32\asuninst.exe
2006-08-01 17:21 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-31 12:43 2 C:\WINDOWS\system32\wnstsit.exe
2006-07-18 09:14 237,621 C:\WINDOWS\system32\stabilize.dll
2006-07-18 09:14 106,563 C:\WINDOWS\system32\stabilize_ger.dll
2006-07-18 09:14 106,563 C:\WINDOWS\system32\stabilize_eng.dll
2006-07-18 08:25 246,784 C:\WINDOWS\UNINST16.EXE
2006-07-18 08:24 322,832 C:\WINDOWS\system32\MFC30.DLL
2006-07-17 11:18 230,168 C:\WINDOWS\system32\xactengine2_2.dll
2006-07-12 10:14 299,520 C:\WINDOWS\uninst.exe
2006-07-05 16:55 2,560 C:\WINDOWS\_MSRSTRT.EXE
2006-07-05 16:21 3,272,704 C:\WINDOWS\system32\sapphire_ae.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-03 11:42 ------- d-------- C:\Program Files\Common Files
2006-08-03 11:36 ------- d-------- C:\Program Files\Mozilla Firefox
2006-08-03 10:29 ------- d-------- C:\Program Files\Windows Defender
2006-08-03 10:28 ------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-08-03 10:24 ------- d-------- C:\Program Files\Microsoft Firewall Client 2004
2006-08-03 10:23 ------- d-------- C:\Program Files\Internet Explorer
2006-08-03 10:21 ------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-03 10:20 ------- d-------- C:\Program Files\Common Files\Autodesk Shared
2006-08-03 09:59 ------- d-------- C:\Program Files\AutoCAD 2007
2006-08-03 09:07 6774 --a------ C:\Documents and Settings\CWheat\Application Data\CleanUp!.log
2006-08-03 08:19 ------- d-------- C:\Program Files\CleanUp!
2006-08-02 12:18 2 --a------ C:\WINDOWS\system32\wnstsit.exe
2006-08-02 12:18 ------- d-------- C:\Program Files\FNTS~1
2006-08-02 10:39 ------- d---s---- C:\Documents and Settings\CWheat\Application Data\Microsoft
2006-08-02 10:39 ------- d-------- C:\Documents and Settings\CWheat\Application Data\NASA
2006-08-02 08:40 ------- d-------- C:\Program Files\Symantec
2006-08-02 08:39 ------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-02 08:37 776096 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-02 08:37 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-08-02 08:37 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-02 08:37 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-08-02 08:37 ------- d-------- C:\Program Files\Grisoft
2006-08-02 08:37 ------- d-------- C:\Documents and Settings\CWheat\Application Data\AVG7
2006-08-01 18:42 ------- d-------- C:\Program Files\SysProtect Free
2006-08-01 18:00 ------- d-------- C:\Program Files\WinRAR
2006-08-01 17:59 ------- d-------- C:\Program Files\PowerISO
2006-08-01 17:05 ------- d-------- C:\Program Files\Image-Line
2006-08-01 13:19 ------- d-------- C:\Program Files\StormLab
2006-08-01 12:53 ------- d-------- C:\WINDOWS\system32\CROSOF~1.NET
2006-08-01 12:52 ------- d-------- Z:\CWheat\My Documents\APPATC~1
2006-08-01 12:20 ------- d-------- C:\Program Files\Lineage II
2006-08-01 09:13 83208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-08-01 09:13 73496 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-08-01 09:13 ------- d-------- C:\Documents and Settings\CWheat\Application Data\Symantec
2006-07-31 16:06 ------- d-------- C:\Documents and Settings\CWheat\Application Data\Lavasoft
2006-07-31 14:22 ------- d-------- C:\Program Files\Lavasoft
2006-07-31 13:56 ------- d-------- C:\Program Files\NASA
2006-07-31 12:42 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-07-31 12:42 311296 --------- C:\WINDOWS\Setup1.exe
2006-07-28 16:12 ------- d-------- C:\Program Files\Winamp
2006-07-21 11:16 ------- d-------- C:\Program Files\DVD Decrypter
2006-07-20 09:00 ------- d-------- C:\Documents and Settings\CWheat\Application Data\Macromedia
2006-07-19 16:12 ------- d-------- C:\Program Files\Common Files\Macromedia
2006-07-19 16:11 ------- d-------- C:\Program Files\Macromedia
2006-07-18 10:31 ------- d--h----- C:\Program Files\InstallShield Installation Information
2006-07-18 10:31 ------- d-------- C:\Program Files\Google
2006-07-18 10:31 ------- d-------- C:\Documents and Settings\CWheat\Application Data\Google
2006-07-18 09:31 3418 --a------ C:\Program Files\DeIsL1.isu
2006-07-18 09:31 ------- d-------- C:\Program Files\Samples
2006-07-18 09:31 ------- d-------- C:\Program Files\Plugins
2006-07-18 09:31 ------- d-------- C:\Program Files\MlTemp
2006-07-18 09:23 ------- d-------- C:\Program Files\FilmFX2
2006-07-18 09:21 73 --a------ C:\WINDOWS\system32\ssprs.dll
2006-07-18 09:21 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2006-07-18 09:19 ------- d-------- C:\Program Files\Alpha Magic
2006-07-18 09:14 ------- d-------- C:\Program Files\Video Stabilizer
2006-07-18 09:14 ------- d-------- C:\Program Files\Adobe
2006-07-18 08:24 ------- d-------- C:\Program Files\Intergraph
2006-07-17 10:57 ------- d-------- C:\Program Files\Axaware
2006-07-13 14:40 ------- d-------- C:\Program Files\Copy of Lineage II
2006-07-13 08:41 ------- d-------- C:\Documents and Settings\CWheat\Application Data\Adobe
2006-07-12 13:56 ------- d-------- C:\Documents and Settings\CWheat\Application Data\AdobeUM
2006-07-12 13:36 ------- d-------- C:\Program Files\Common Files\Adobe
2006-07-06 14:26 ------- d-------- C:\Program Files\BitComet
2006-07-06 09:10 96256 --a------ C:\WINDOWS\system32\drivers\sptd3421.sys
2006-07-05 16:55 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-07-05 16:21 ------- d-------- C:\Program Files\GenArts
2006-06-29 16:29 ------- d-------- C:\Documents and Settings\CWheat\Application Data\LimeWire
2006-06-28 11:43 ------- d-------- C:\Program Files\Eye of the Storm
2006-06-28 10:03 ------- d-------- C:\Program Files\Autodesk
2006-06-28 09:52 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-06-27 13:05 ------- d-------- C:\Program Files\MSN Messenger
2006-06-26 10:15 ------- d-------- C:\Program Files\LDA Games
2006-06-19 16:45 ------- d-------- C:\Documents and Settings\CWheat\Application Data\Media Player Classic
2006-06-19 16:20 702768 --a------ C:\WINDOWS\system32\WgaLogon.dll
2006-06-19 09:13 ------- d-------- C:\Documents and Settings\CWheat\Application Data\Axaware
2006-06-16 14:34 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-06-09 14:58 ------- d-------- C:\Program Files\FlexiSIGN-PRO 7.5v5
2006-06-08 11:36 ------- d-------- C:\Program Files\Ontrack
2006-06-06 08:49 ------- d-------- C:\Documents and Settings\CWheat\Application Data\Ahead
2006-06-05 14:33 ------- d-------- C:\Program Files\AV Vcs 4.0 DIAMOND
2006-05-31 07:24 230168 --a------ C:\WINDOWS\system32\xactengine2_2.dll
2006-05-19 08:59 94720 --a------ C:\WINDOWS\system32\iphlpapi.dll
2006-05-19 08:59 148480 --a------ C:\WINDOWS\system32\dnsapi.dll
2006-05-19 08:59 111616 --a------ C:\WINDOWS\system32\dhcpcsvc.dll
2006-05-05 14:23 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
2006-05-05 14:23 1025 --a------ C:\WINDOWS\system32\clauth2.dll
2006-05-05 14:23 1025 --a------ C:\WINDOWS\system32\clauth1.dll
2006-05-03 11:35 6656 --a------ C:\WINDOWS\system32\haspvdd.dll
2006-05-03 11:35 383 --a------ C:\WINDOWS\system32\haspdos.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\
73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\
00
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=dword:00000001
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"DisablePersonalDirChange"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Acrobat Assistant.lnk"
"backup"="C:\\WINDOWS\\pss\\Acrobat Assistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Distillr\\AcroTray.exe "
"item"="Acrobat Assistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Firewall Client Management.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Firewall Client Management.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Firewall Client Management.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}\\NewShortcut1_8C7A59A89ABE459A9A9308C281A4A264.exe "
"item"="Microsoft Firewall Client Management"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^paroc.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\paroc.exe"
"backup"="C:\\WINDOWS\\pss\\paroc.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\paroc.exe"
"item"="paroc"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aapb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKCU"
"command"="\"\\\\SERVER\\Users\\CWheat\\MYDOCU~1\\APPATC~1\\rundll32.exe\" -vt yazr"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acrotray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Adobe Acrobat 7.0\\Distillr\\Acrotray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VersionCueCS2Tray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mssysmgr"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\Ahead\\NEROPH~1\\data\\Xtras\\mssysmgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mobsync"
"hkey"="HKLM"
"command"="%SystemRoot%\\system32\\mobsync.exe /logon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\thrhv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="xsgnub"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\xsgnub.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vptray"
"hkey"="HKLM"
"command"="C:\\Program Files\\NavNT\\vptray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wkkfuy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="xsgnub"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\xsgnub.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"InCDsrvR"=dword:00000002
"DefWatch"=dword:00000002
"cmdService"=dword:00000002
"ose"=dword:00000003
"awhost32"=dword:00000003
"Autodesk Licensing Service"=dword:00000002
"Adobe Version Cue CS2"=dword:00000003
"Adobe LM Service"=dword:00000003

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: Thu 08/03/2006 11:42:49.98
ComboFix ver 06.08.03.3 - This logfile is located at C:\ComboFix.txt

ComboFix.txt

Logfile of HijackThis v1.99.1
Scan saved at 11:45:12 AM, on 8/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SIGMANEST\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://SERVER:8080/array.dll?Get.Routing.Script
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = SERVER:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://server/connectcomputer/nshelp.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2000i\AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file://C:\Program Files\AutoCAD 2000i\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2000i\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = doubler.local
O17 - HKLM\Software\..\Telephony: DomainName = doubler.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = doubler.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = doubler.local
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winkgg32 - winkgg32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe