WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2

3 posters

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2010 Platform: Window20th January 2010, 2:44 pm

more_horiz
Scan saved at 9:27:25 AM, on 1/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Gene Barnes\My Documents\Downloads\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iuthltpg] C:\Documents and Settings\Gene Barnes\Local Settings\Application Data\lggocl\flvisysguard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PowerDVD] "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" /autostart
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [iuthltpg] C:\Documents and Settings\Gene Barnes\Local Settings\Application Data\lggocl\flvisysguard.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221146466295
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

--
End of file - 7502 bytes


By this morning, all the warnings I was receiving from AVG that my system was infected had disappeared.

?

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/220th January 2010, 6:38 pm

more_horiz
Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [iuthltpg] C:\Documents and Settings\Gene Barnes\Local Settings\Application Data\lggocl\flvisysguard.exe
    O4 - HKCU\..\Run: [iuthltpg] C:\Documents and Settings\Gene Barnes\Local Settings\Application Data\lggocl\flvisysguard.exe



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 DXwU4
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 VvYDg

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/220th January 2010, 9:02 pm

more_horiz
Database version: 3604
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/20/2010 3:53:14 PM
mbam-log-2010-01-20 (15-53-14).txt

Scan type: Quick Scan
Objects scanned: 115894
Time elapsed: 7 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Gene Barnes\My Documents\downloads\Setup83912_2005-20.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gene Barnes\Local Settings\Temp\0.8114602415891404.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gene Barnes\My Documents\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


I can't thank you enough. A donation will be forthcoming.

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/220th January 2010, 9:23 pm

more_horiz
Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 DXwU4
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 VvYDg

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/220th January 2010, 10:35 pm

more_horiz
First log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Gene Barnes at 17:27:48.21 on Wed 01/20/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.430 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
C:\Program Files\iTunes\iTunesHelper.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gene Barnes\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\gene barnes\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [PowerDVD] "c:\program files\cyberlink\powerdvd\PowerDVD.exe" /autostart
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [dlcdmon.exe] "c:\program files\dell photo aio printer 944\dlcdmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 944\memcard.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\geneba~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221146466295
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\geneba~1\applic~1\mozilla\firefox\profiles\czizpajo.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\gene barnes\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-19 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-11 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-11 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-11 108552]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-11 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-11 297752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-19 359624]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]

=============== Created Last 30 ================


==================== Find3M ====================

2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-11 04:17:40 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2009-12-08 02:00:43 26232 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-07 14:21:17 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-07 14:21:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll

============= FINISH: 17:28:27.40 ===============

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/220th January 2010, 10:41 pm

more_horiz
First log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Gene Barnes at 17:27:48.21 on Wed 01/20/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.430 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
C:\Program Files\iTunes\iTunesHelper.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gene Barnes\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\gene barnes\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [PowerDVD] "c:\program files\cyberlink\powerdvd\PowerDVD.exe" /autostart
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [dlcdmon.exe] "c:\program files\dell photo aio printer 944\dlcdmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 944\memcard.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\geneba~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221146466295
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\geneba~1\applic~1\mozilla\firefox\profiles\czizpajo.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\gene barnes\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-19 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-11 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-11 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-11 108552]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-11 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-11 297752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-19 359624]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]

=============== Created Last 30 ================


==================== Find3M ====================

2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-11 04:17:40 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2009-12-08 02:00:43 26232 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-07 14:21:17 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-07 14:21:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll

============= FINISH: 17:28:27.40 ===============

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/220th January 2010, 10:42 pm

more_horiz
Sorry, I didn't know how to


1. Save the logs to desktop

2. Zip and attach the second.

Shall I try again?

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/221st January 2010, 12:01 am

more_horiz
Post it as normal please.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 DXwU4
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 VvYDg

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/221st January 2010, 1:22 am

more_horiz
I use my PC to get news and communicate with friends and family. I'm sorry, but as I said in my initial post, I am not a computer wizard. I did not know how to save the logs to desktop, I have no idea what "zipping" a file means. I have no idea what "post it as normal" means. Please don't think I'm an ingrate, but I don't know how to accommodate you. Everything I've done to this point, I've had to write down your instructions and inch my way through them.

If you were trying to build a guitar, I would be patient in walking you through it.

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/221st January 2010, 1:24 am

more_horiz
Cheers Mate Like you did with the first log (DDS.txt), you posted it above. ^^^

Post the other log too. Smile...

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 DXwU4
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 VvYDg

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/221st January 2010, 1:28 am

more_horiz
Hopefully, learning is taking place:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/10/2008 6:33:51 PM
System Uptime: 1/20/2010 3:54:33 PM (2 hours ago)

Motherboard: Dell Inc. | | 0MF252
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 125.734 GiB free.
D: is CDROM (CDFS)
E: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: Scan
Device ID: USB\VID_413C&PID_5113&MI_00\6&3764BB98&0&0000
Manufacturer:
Name: Scan
PNP Device ID: USB\VID_413C&PID_5113&MI_00\6&3764BB98&0&0000
Service:

==== System Restore Points ===================

RP328: 10/25/2009 8:35:19 PM - System Checkpoint
RP329: 10/27/2009 8:19:51 PM - System Checkpoint
RP330: 10/30/2009 7:27:04 PM - System Checkpoint
RP331: 11/5/2009 9:25:40 PM - System Checkpoint
RP332: 11/6/2009 9:48:26 PM - System Checkpoint
RP333: 11/9/2009 7:48:31 PM - System Checkpoint
RP334: 11/11/2009 7:26:42 PM - System Checkpoint
RP335: 11/13/2009 6:56:51 PM - System Checkpoint
RP336: 11/17/2009 8:44:02 PM - System Checkpoint
RP337: 11/19/2009 10:54:04 AM - System Checkpoint
RP338: 11/20/2009 7:43:09 PM - System Checkpoint
RP339: 11/22/2009 12:26:53 PM - System Checkpoint
RP340: 11/23/2009 1:18:36 PM - System Checkpoint
RP341: 11/25/2009 8:01:07 PM - System Checkpoint
RP342: 11/27/2009 8:02:25 PM - System Checkpoint
RP343: 11/29/2009 6:56:12 PM - System Checkpoint
RP344: 11/30/2009 10:15:00 PM - System Checkpoint
RP345: 12/1/2009 10:41:13 PM - System Checkpoint
RP346: 12/4/2009 7:10:48 PM - System Checkpoint
RP347: 12/6/2009 12:58:52 PM - System Checkpoint
RP348: 12/7/2009 9:19:11 AM - Avg8 Update
RP349: 12/7/2009 9:21:24 AM - Avg8 Update
RP350: 12/7/2009 9:02:10 PM - Software Distribution Service 3.0
RP351: 12/8/2009 7:30:08 AM - Software Distribution Service 3.0
RP352: 12/9/2009 7:52:18 AM - Software Distribution Service 3.0
RP353: 12/9/2009 12:26:23 PM - Avg8 Update
RP354: 12/10/2009 4:57:02 PM - Software Distribution Service 3.0
RP355: 12/11/2009 7:20:55 PM - System Checkpoint
RP356: 12/12/2009 9:36:47 AM - Avg8 Update
RP357: 12/12/2009 9:37:42 AM - Avg8 Update
RP358: 12/13/2009 4:48:01 PM - System Checkpoint
RP359: 12/14/2009 9:24:00 PM - System Checkpoint
RP360: 12/15/2009 8:16:38 AM - Software Distribution Service 3.0
RP361: 12/16/2009 9:28:40 AM - System Checkpoint
RP362: 12/17/2009 6:47:53 PM - System Checkpoint
RP363: 12/17/2009 6:49:21 PM - Software Distribution Service 3.0
RP364: 12/18/2009 8:27:03 PM - System Checkpoint
RP365: 12/19/2009 8:40:43 PM - System Checkpoint
RP366: 12/21/2009 4:42:11 PM - Software Distribution Service 3.0
RP367: 12/22/2009 9:43:42 AM - Avg8 Update
RP368: 12/23/2009 6:31:15 PM - System Checkpoint
RP369: 12/24/2009 11:50:01 AM - Software Distribution Service 3.0
RP370: 12/25/2009 12:45:16 PM - System Checkpoint
RP371: 12/26/2009 6:23:03 PM - System Checkpoint
RP372: 12/27/2009 8:02:53 PM - System Checkpoint
RP373: 12/28/2009 9:32:34 AM - Avg8 Update
RP374: 12/29/2009 8:30:43 AM - Software Distribution Service 3.0
RP375: 12/30/2009 11:28:51 AM - System Checkpoint
RP376: 1/1/2010 12:30:17 PM - Software Distribution Service 3.0
RP377: 1/2/2010 8:26:51 PM - System Checkpoint
RP378: 1/3/2010 8:33:17 PM - System Checkpoint
RP379: 1/4/2010 9:21:44 AM - Avg8 Update
RP380: 1/4/2010 6:54:49 PM - Software Distribution Service 3.0
RP381: 1/6/2010 5:47:47 PM - System Checkpoint
RP382: 1/7/2010 8:53:49 PM - System Checkpoint
RP383: 1/8/2010 7:58:36 AM - Software Distribution Service 3.0
RP384: 1/9/2010 11:58:01 AM - System Checkpoint
RP385: 1/10/2010 8:31:50 PM - System Checkpoint
RP386: 1/11/2010 10:11:09 AM - Software Distribution Service 3.0
RP387: 1/12/2010 11:00:24 AM - System Checkpoint
RP388: 1/13/2010 11:52:35 AM - System Checkpoint
RP389: 1/14/2010 8:14:14 AM - Software Distribution Service 3.0
RP390: 1/15/2010 8:35:01 AM - Software Distribution Service 3.0
RP391: 1/17/2010 8:48:13 AM - System Checkpoint
RP392: 1/19/2010 4:20:55 AM - Software Distribution Service 3.0
RP393: 1/20/2010 8:29:05 AM - Installed Java(TM) SE Development Kit 6 Update 18
RP394: 1/20/2010 8:30:10 AM - Installed Java(TM) 6 Update 18
RP395: 1/20/2010 11:18:07 AM - Software Distribution Service 3.0

==== Installed Programs ======================

µTorrent
ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/221st January 2010, 4:53 am

more_horiz
Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 CF_download_FF

    BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

While my help is always free, please consider donating to keep this site alive: Donate

BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 2wg6fte

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/221st January 2010, 6:05 am

more_horiz
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.361 [GMT -5:00]
Running from: c:\documents and settings\Gene Barnes\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-20 20:39 . 2010-01-20 20:39 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\Malwarebytes
2010-01-20 20:38 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 20:38 . 2010-01-20 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-20 20:38 . 2010-01-20 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 20:38 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 13:30 . 2010-01-20 13:30 -------- d-----w- c:\program files\Sun
2010-01-20 13:30 . 2010-01-20 13:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-19 09:42 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-19 09:42 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-19 09:42 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-19 09:42 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-19 09:42 . 2010-01-19 10:11 -------- d-----w- c:\program files\Spyware Doctor
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\PC Tools
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-19 03:13 . 2010-01-19 03:13 -------- d-----w- c:\program files\ESET
2010-01-17 14:47 . 2010-01-20 03:00 -------- d-----w- c:\documents and settings\Gene Barnes\Local Settings\Application Data\lggocl
2010-01-13 13:17 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 05:51 . 2008-09-17 22:59 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\OpenOffice.org2
2010-01-21 05:50 . 2008-09-19 02:16 -------- d-----w- c:\program files\Dl_cats
2010-01-20 16:23 . 2008-09-30 00:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-20 16:19 . 2008-09-30 01:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 13:31 . 2008-09-11 15:57 -------- d-----w- c:\program files\Common Files\Java
2010-01-20 13:30 . 2008-09-11 15:57 -------- d-----w- c:\program files\Java
2010-01-14 16:12 . 2009-12-08 02:02 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 15:00 . 2010-01-09 15:33 1924744 ----a-w- c:\documents and settings\Gene Barnes\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-01-12 13:53 . 2008-11-10 23:16 1 ----a-w- c:\documents and settings\Gene Barnes\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-06 20:00 . 2008-09-11 15:34 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-22 14:43 . 2009-12-12 14:37 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-16 18:27 . 2009-12-16 18:27 -------- d-----w- c:\documents and settings\Elaine\Application Data\OpenOffice.org2
2009-12-11 04:17 . 2008-12-21 18:29 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-12-08 13:53 . 2008-11-10 01:19 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\Apple Computer
2009-12-08 02:00 . 2009-12-08 02:00 26232 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-07 15:37 . 2009-12-07 15:36 -------- d-----w- c:\program files\iTunes
2009-12-07 15:37 . 2009-12-07 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-07 15:36 . 2009-12-07 15:36 -------- d-----w- c:\program files\iPod
2009-12-07 15:36 . 2008-11-10 01:11 -------- d-----w- c:\program files\Common Files\Apple
2009-12-07 15:35 . 2009-12-07 15:34 -------- d-----w- c:\program files\QuickTime
2009-12-07 15:31 . 2009-12-07 15:31 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-07 15:29 . 2009-12-07 15:29 -------- d-----w- c:\program files\Safari
2009-12-07 15:28 . 2009-12-07 15:28 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-07 15:28 . 2009-12-07 15:28 -------- d-----w- c:\program files\Bonjour
2009-12-07 14:21 . 2008-09-11 17:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-07 14:21 . 2008-09-11 17:58 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-07 14:21 . 2008-09-11 17:58 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-23 23:06 . 2008-12-26 02:20 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\uTorrent
2009-11-21 15:51 . 2006-03-15 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:46 . 2006-03-15 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2006-03-15 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2006-03-15 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-25 135664]
"PowerDVD"="c:\program files\CyberLink\PowerDVD\PowerDVD.exe" [2007-01-10 955952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 430080]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-07 290816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-14 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Gene Barnes\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-12-21 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-07 14:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 17:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-15 02:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 02:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 02:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 02:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 19:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-08-18 22:41 1832272 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Gene Barnes\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/19/2010 4:42 AM 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/11/2008 12:58 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/11/2008 12:58 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/11/2008 12:58 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/11/2008 12:58 PM 297752]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/19/2010 4:42 AM 359624]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-746137067-725345543-1003Core.job
- c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-25 14:07]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-746137067-725345543-1003UA.job
- c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-25 14:07]

2010-01-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
FF - ProfilePath - c:\documents and settings\Gene Barnes\Application Data\Mozilla\Firefox\Profiles\czizpajo.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
MSConfigStartUp-IDTSysTrayApp - sttray.exe
AddRemove-HijackThis - c:\documents and settings\Gene Barnes\My Documents\Downloads\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 00:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\stsystra.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dlcdcoms.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2010-01-21 00:56:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-21 05:56

Pre-Run: 134,922,833,920 bytes free
Post-Run: 135,310,704,640 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - B02B3ADE182162BB4CD365F5471CD90B

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.361 [GMT -5:00]
Running from: c:\documents and settings\Gene Barnes\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-20 20:39 . 2010-01-20 20:39 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\Malwarebytes
2010-01-20 20:38 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 20:38 . 2010-01-20 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-20 20:38 . 2010-01-20 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 20:38 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 13:30 . 2010-01-20 13:30 -------- d-----w- c:\program files\Sun
2010-01-20 13:30 . 2010-01-20 13:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-19 09:42 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-19 09:42 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-19 09:42 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-19 09:42 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-19 09:42 . 2010-01-19 10:11 -------- d-----w- c:\program files\Spyware Doctor
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\PC Tools
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-19 03:13 . 2010-01-19 03:13 -------- d-----w- c:\program files\ESET
2010-01-17 14:47 . 2010-01-20 03:00 -------- d-----w- c:\documents and settings\Gene Barnes\Local Settings\Application Data\lggocl
2010-01-13 13:17 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 05:51 . 2008-09-17 22:59 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\OpenOffice.org2
2010-01-21 05:50 . 2008-09-19 02:16 -------- d-----w- c:\program files\Dl_cats
2010-01-20 16:23 . 2008-09-30 00:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-20 16:19 . 2008-09-30 01:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 13:31 . 2008-09-11 15:57 -------- d-----w- c:\program files\Common Files\Java
2010-01-20 13:30 . 2008-09-11 15:57 -------- d-----w- c:\program files\Java
2010-01-14 16:12 . 2009-12-08 02:02 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 15:00 . 2010-01-09 15:33 1924744 ----a-w- c:\documents and settings\Gene Barnes\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-01-12 13:53 . 2008-11-10 23:16 1 ----a-w- c:\documents and settings\Gene Barnes\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-06 20:00 . 2008-09-11 15:34 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-22 14:43 . 2009-12-12 14:37 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-16 18:27 . 2009-12-16 18:27 -------- d-----w- c:\documents and settings\Elaine\Application Data\OpenOffice.org2
2009-12-11 04:17 . 2008-12-21 18:29 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-12-08 13:53 . 2008-11-10 01:19 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\Apple Computer
2009-12-08 02:00 . 2009-12-08 02:00 26232 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-07 15:37 . 2009-12-07 15:36 -------- d-----w- c:\program files\iTunes
2009-12-07 15:37 . 2009-12-07 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-07 15:36 . 2009-12-07 15:36 -------- d-----w- c:\program files\iPod
2009-12-07 15:36 . 2008-11-10 01:11 -------- d-----w- c:\program files\Common Files\Apple
2009-12-07 15:35 . 2009-12-07 15:34 -------- d-----w- c:\program files\QuickTime
2009-12-07 15:31 . 2009-12-07 15:31 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-07 15:29 . 2009-12-07 15:29 -------- d-----w- c:\program files\Safari
2009-12-07 15:28 . 2009-12-07 15:28 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-07 15:28 . 2009-12-07 15:28 -------- d-----w- c:\program files\Bonjour
2009-12-07 14:21 . 2008-09-11 17:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-07 14:21 . 2008-09-11 17:58 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-07 14:21 . 2008-09-11 17:58 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-23 23:06 . 2008-12-26 02:20 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\uTorrent
2009-11-21 15:51 . 2006-03-15 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:46 . 2006-03-15 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2006-03-15 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2006-03-15 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-25 135664]
"PowerDVD"="c:\program files\CyberLink\PowerDVD\PowerDVD.exe" [2007-01-10 955952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 430080]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-07 290816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-14 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Gene Barnes\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-12-21 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-07 14:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 17:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-15 02:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 02:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 02:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 02:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 19:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-08-18 22:41 1832272 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Gene Barnes\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/19/2010 4:42 AM 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/11/2008 12:58 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/11/2008 12:58 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/11/2008 12:58 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/11/2008 12:58 PM 297752]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/19/2010 4:42 AM 359624]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-746137067-725345543-1003Core.job
- c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-25 14:07]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-746137067-725345543-1003UA.job
- c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-25 14:07]

2010-01-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
FF - ProfilePath - c:\documents and settings\Gene Barnes\Application Data\Mozilla\Firefox\Profiles\czizpajo.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
MSConfigStartUp-IDTSysTrayApp - sttray.exe
AddRemove-HijackThis - c:\documents and settings\Gene Barnes\My Documents\Downloads\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 00:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\stsystra.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dlcdcoms.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2010-01-21 00:56:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-21 05:56

Pre-Run: 134,922,833,920 bytes free
Post-Run: 135,310,704,640 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - B02B3ADE182162BB4CD365F5471CD90B

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.361 [GMT -5:00]
Running from: c:\documents and settings\Gene Barnes\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-20 20:39 . 2010-01-20 20:39 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\Malwarebytes
2010-01-20 20:38 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 20:38 . 2010-01-20 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-20 20:38 . 2010-01-20 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 20:38 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 13:30 . 2010-01-20 13:30 -------- d-----w- c:\program files\Sun
2010-01-20 13:30 . 2010-01-20 13:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-19 09:42 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-19 09:42 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-19 09:42 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-19 09:42 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-19 09:42 . 2010-01-19 10:11 -------- d-----w- c:\program files\Spyware Doctor
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\PC Tools
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-19 03:13 . 2010-01-19 03:13 -------- d-----w- c:\program files\ESET
2010-01-17 14:47 . 2010-01-20 03:00 -------- d-----w- c:\documents and settings\Gene Barnes\Local Settings\Application Data\lggocl
2010-01-13 13:17 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 05:51 . 2008-09-17 22:59 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\OpenOffice.org2
2010-01-21 05:50 . 2008-09-19 02:16 -------- d-----w- c:\program files\Dl_cats
2010-01-20 16:23 . 2008-09-30 00:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-20 16:19 . 2008-09-30 01:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 13:31 . 2008-09-11 15:57 -------- d-----w- c:\program files\Common Files\Java
2010-01-20 13:30 . 2008-09-11 15:57 -------- d-----w- c:\program files\Java
2010-01-14 16:12 . 2009-12-08 02:02 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 15:00 . 2010-01-09 15:33 1924744 ----a-w- c:\documents and settings\Gene Barnes\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-01-12 13:53 . 2008-11-10 23:16 1 ----a-w- c:\documents and settings\Gene Barnes\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-06 20:00 . 2008-09-11 15:34 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-22 14:43 . 2009-12-12 14:37 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-16 18:27 . 2009-12-16 18:27 -------- d-----w- c:\documents and settings\Elaine\Application Data\OpenOffice.org2
2009-12-11 04:17 . 2008-12-21 18:29 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-12-08 13:53 . 2008-11-10 01:19 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\Apple Computer
2009-12-08 02:00 . 2009-12-08 02:00 26232 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-07 15:37 . 2009-12-07 15:36 -------- d-----w- c:\program files\iTunes
2009-12-07 15:37 . 2009-12-07 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-07 15:36 . 2009-12-07 15:36 -------- d-----w- c:\program files\iPod
2009-12-07 15:36 . 2008-11-10 01:11 -------- d-----w- c:\program files\Common Files\Apple
2009-12-07 15:35 . 2009-12-07 15:34 -------- d-----w- c:\program files\QuickTime
2009-12-07 15:31 . 2009-12-07 15:31 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-07 15:29 . 2009-12-07 15:29 -------- d-----w- c:\program files\Safari
2009-12-07 15:28 . 2009-12-07 15:28 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-07 15:28 . 2009-12-07 15:28 -------- d-----w- c:\program files\Bonjour
2009-12-07 14:21 . 2008-09-11 17:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-07 14:21 . 2008-09-11 17:58 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-07 14:21 . 2008-09-11 17:58 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-23 23:06 . 2008-12-26 02:20 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\uTorrent
2009-11-21 15:51 . 2006-03-15 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:46 . 2006-03-15 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2006-03-15 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2006-03-15 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-25 135664]
"PowerDVD"="c:\program files\CyberLink\PowerDVD\PowerDVD.exe" [2007-01-10 955952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 430080]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-07 290816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-14 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Gene Barnes\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-12-21 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-07 14:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 17:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-15 02:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 02:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 02:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 02:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 19:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-08-18 22:41 1832272 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Gene Barnes\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/19/2010 4:42 AM 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/11/2008 12:58 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/11/2008 12:58 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/11/2008 12:58 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/11/2008 12:58 PM 297752]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/19/2010 4:42 AM 359624]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-746137067-725345543-1003Core.job
- c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-25 14:07]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-746137067-725345543-1003UA.job
- c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-25 14:07]

2010-01-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
FF - ProfilePath - c:\documents and settings\Gene Barnes\Application Data\Mozilla\Firefox\Profiles\czizpajo.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
MSConfigStartUp-IDTSysTrayApp - sttray.exe
AddRemove-HijackThis - c:\documents and settings\Gene Barnes\My Documents\Downloads\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 00:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\stsystra.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dlcdcoms.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2010-01-21 00:56:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-21 05:56

Pre-Run: 134,922,833,920 bytes free
Post-Run: 135,310,704,640 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - B02B3ADE182162BB4CD365F5471CD90B

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/221st January 2010, 5:18 pm

more_horiz
Hello.
I think the attach.txt was cut off, or you haven't copied/pasted it right?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 DXwU4
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 VvYDg

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/221st January 2010, 6:13 pm

more_horiz
Oops. I updated combo-fix and reran. I think there's some adventitious stuff at the end:


Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.485 [GMT -5:00]
Running from: c:\documents and settings\Gene Barnes\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-20 20:39 . 2010-01-20 20:39 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\Malwarebytes
2010-01-20 20:38 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 20:38 . 2010-01-20 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-20 20:38 . 2010-01-20 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 20:38 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 13:30 . 2010-01-20 13:30 -------- d-----w- c:\program files\Sun
2010-01-20 13:30 . 2010-01-20 13:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-19 09:42 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-19 09:42 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-19 09:42 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-19 09:42 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-19 09:42 . 2010-01-19 10:11 -------- d-----w- c:\program files\Spyware Doctor
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\PC Tools
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-19 03:13 . 2010-01-19 03:13 -------- d-----w- c:\program files\ESET
2010-01-17 14:47 . 2010-01-20 03:00 -------- d-----w- c:\documents and settings\Gene Barnes\Local Settings\Application Data\lggocl
2010-01-13 13:17 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 15:33 . 2010-01-12 15:00 1924744 ----a-w- c:\documents and settings\Gene Barnes\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 05:51 . 2008-09-17 22:59 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\OpenOffice.org2
2010-01-21 05:50 . 2008-09-19 02:16 -------- d-----w- c:\program files\Dl_cats
2010-01-20 16:23 . 2008-09-30 00:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-20 16:19 . 2008-09-30 01:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 13:31 . 2008-09-11 15:57 -------- d-----w- c:\program files\Common Files\Java
2010-01-20 13:30 . 2008-09-11 15:57 -------- d-----w- c:\program files\Java
2010-01-14 16:12 . 2009-12-08 02:02 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 13:53 . 2008-11-10 23:16 1 ----a-w- c:\documents and settings\Gene Barnes\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-06 20:00 . 2008-09-11 15:34 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-22 14:43 . 2009-12-12 14:37 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-16 18:27 . 2009-12-16 18:27 -------- d-----w- c:\documents and settings\Elaine\Application Data\OpenOffice.org2
2009-12-11 04:17 . 2008-12-21 18:29 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-12-08 13:53 . 2008-11-10 01:19 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\Apple Computer
2009-12-08 02:00 . 2009-12-08 02:00 26232 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-07 15:37 . 2009-12-07 15:36 -------- d-----w- c:\program files\iTunes
2009-12-07 15:37 . 2009-12-07 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-07 15:36 . 2009-12-07 15:36 -------- d-----w- c:\program files\iPod
2009-12-07 15:36 . 2008-11-10 01:11 -------- d-----w- c:\program files\Common Files\Apple
2009-12-07 15:35 . 2009-12-07 15:34 -------- d-----w- c:\program files\QuickTime
2009-12-07 15:31 . 2009-12-07 15:31 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-07 15:29 . 2009-12-07 15:29 -------- d-----w- c:\program files\Safari
2009-12-07 15:28 . 2009-12-07 15:28 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-07 15:28 . 2009-12-07 15:28 -------- d-----w- c:\program files\Bonjour
2009-12-07 14:21 . 2008-09-11 17:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-07 14:21 . 2008-09-11 17:58 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-07 14:21 . 2008-09-11 17:58 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-23 23:06 . 2008-12-26 02:20 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\uTorrent
2009-11-21 15:51 . 2006-03-15 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:46 . 2006-03-15 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2006-03-15 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2006-03-15 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-25 135664]
"PowerDVD"="c:\program files\CyberLink\PowerDVD\PowerDVD.exe" [2007-01-10 955952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 430080]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-07 290816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-14 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Gene Barnes\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-12-21 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-07 14:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 17:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-15 02:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 02:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 02:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 02:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 19:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-08-18 22:41 1832272 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Gene Barnes\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/19/2010 4:42 AM 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/11/2008 12:58 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/11/2008 12:58 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/11/2008 12:58 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/11/2008 12:58 PM 297752]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/19/2010 4:42 AM 359624]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-746137067-725345543-1003Core.job
- c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-25 14:07]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-746137067-725345543-1003UA.job
- c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-25 14:07]

2010-01-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
FF - ProfilePath - c:\documents and settings\Gene Barnes\Application Data\Mozilla\Firefox\Profiles\czizpajo.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(252)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-21 12:57:33
ComboFix-quarantined-files.txt 2010-01-21 17:57
ComboFix2.txt 2010-01-21 05:56

Pre-Run: 135,286,095,872 bytes free
Post-Run: 135,241,986,048 bytes free

- - End Of File - - 097196A9EF792C2D13D87FFF0288F697

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.485 [GMT -5:00]
Running from: c:\documents and settings\Gene Barnes\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-20 20:39 . 2010-01-20 20:39 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\Malwarebytes
2010-01-20 20:38 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 20:38 . 2010-01-20 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-20 20:38 . 2010-01-20 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 20:38 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 13:30 . 2010-01-20 13:30 -------- d-----w- c:\program files\Sun
2010-01-20 13:30 . 2010-01-20 13:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-19 09:42 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-19 09:42 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-19 09:42 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-19 09:42 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-19 09:42 . 2010-01-19 10:11 -------- d-----w- c:\program files\Spyware Doctor
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\PC Tools
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-19 03:13 . 2010-01-19 03:13 -------- d-----w- c:\program files\ESET
2010-01-17 14:47 . 2010-01-20 03:00 -------- d-----w- c:\documents and settings\Gene Barnes\Local Settings\Application Data\lggocl
2010-01-13 13:17 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 15:33 . 2010-01-12 15:00 1924744 ----a-w- c:\documents and settings\Gene Barnes\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 05:51 . 2008-09-17 22:59 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\OpenOffice.org2
2010-01-21 05:50 . 2008-09-19 02:16 -------- d-----w- c:\program files\Dl_cats
2010-01-20 16:23 . 2008-09-30 00:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-20 16:19 . 2008-09-30 01:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 13:31 . 2008-09-11 15:57 -------- d-----w- c:\program files\Common Files\Java
2010-01-20 13:30 . 2008-09-11 15:57 -------- d-----w- c:\program files\Java
2010-01-14 16:12 . 2009-12-08 02:02 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 13:53 . 2008-11-10 23:16 1 ----a-w- c:\documents and settings\Gene Barnes\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-06 20:00 . 2008-09-11 15:34 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-22 14:43 . 2009-12-12 14:37 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-16 18:27 . 2009-12-16 18:27 -------- d-----w- c:\documents and settings\Elaine\Application Data\OpenOffice.org2
2009-12-11 04:17 . 2008-12-21 18:29 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-12-08 13:53 . 2008-11-10 01:19 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\Apple Computer
2009-12-08 02:00 . 2009-12-08 02:00 26232 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-07 15:37 . 2009-12-07 15:36 -------- d-----w- c:\program files\iTunes
2009-12-07 15:37 . 2009-12-07 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-07 15:36 . 2009-12-07 15:36 -------- d-----w- c:\program files\iPod
2009-12-07 15:36 . 2008-11-10 01:11 -------- d-----w- c:\program files\Common Files\Apple
2009-12-07 15:35 . 2009-12-07 15:34 -------- d-----w- c:\program files\QuickTime
2009-12-07 15:31 . 2009-12-07 15:31 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-07 15:29 . 2009-12-07 15:29 -------- d-----w- c:\program files\Safari
2009-12-07 15:28 . 2009-12-07 15:28 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-07 15:28 . 2009-12-07 15:28 -------- d-----w- c:\program files\Bonjour
2009-12-07 14:21 . 2008-09-11 17:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-07 14:21 . 2008-09-11 17:58 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-07 14:21 . 2008-09-11 17:58 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-23 23:06 . 2008-12-26 02:20 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\uTorrent
2009-11-21 15:51 . 2006-03-15 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:46 . 2006-03-15 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2006-03-15 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2006-03-15 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-25 135664]
"PowerDVD"="c:\program files\CyberLink\PowerDVD\PowerDVD.exe" [2007-01-10 955952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 430080]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-07 290816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-14 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Gene Barnes\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-12-21 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-07 14:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 17:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-15 02:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 02:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 02:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 02:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 19:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-08-18 22:41 1832272 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Gene Barnes\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/19/2010 4:42 AM 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/11/2008 12:58 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/11/2008 12:58 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/11/2008 12:58 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/11/2008 12:58 PM 297752]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/19/2010 4:42 AM 359624]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-746137067-725345543-1003Core.job
- c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-25 14:07]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-746137067-725345543-1003UA.job
- c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-25 14:07]

2010-01-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
FF - ProfilePath - c:\documents and settings\Gene Barnes\Application Data\Mozilla\Firefox\Profiles\czizpajo.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(252)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-21 12:57:33
ComboFix-quarantined-files.txt 2010-01-21 17:57
ComboFix2.txt 2010-01-21 05:56

Pre-Run: 135,286,095,872 bytes free
Post-Run: 135,241,986,048 bytes free

- - End Of File - - 097196A9EF792C2D13D87FFF0288F697

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.485 [GMT -5:00]
Running from: c:\documents and settings\Gene Barnes\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-20 20:39 . 2010-01-20 20:39 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\Malwarebytes
2010-01-20 20:38 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 20:38 . 2010-01-20 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-20 20:38 . 2010-01-20 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 20:38 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 13:30 . 2010-01-20 13:30 -------- d-----w- c:\program files\Sun
2010-01-20 13:30 . 2010-01-20 13:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-19 09:42 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-19 09:42 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-19 09:42 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-19 09:42 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-19 09:42 . 2010-01-19 10:11 -------- d-----w- c:\program files\Spyware Doctor
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\PC Tools
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-19 03:13 . 2010-01-19 03:13 -------- d-----w- c:\program files\ESET
2010-01-17 14:47 . 2010-01-20 03:00 -------- d-----w- c:\documents and settings\Gene Barnes\Local Settings\Application Data\lggocl
2010-01-13 13:17 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 15:33 . 2010-01-12 15:00 1924744 ----a-w- c:\documents and settings\Gene Barnes\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 05:51 . 2008-09-17 22:59 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\OpenOffice.org2
2010-01-21 05:50 . 2008-09-19 02:16 -------- d-----w- c:\program files\Dl_cats
2010-01-20 16:23 . 2008-09-30 00:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-20 16:19 . 2008-09-30 01:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 13:31 . 2008-09-11 15:57 -------- d-----w- c:\program files\Common Files\Java
2010-01-20 13:30 . 2008-09-11 15:57 -------- d-----w- c:\program files\Java
2010-01-14 16:12 . 2009-12-08 02:02 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 13:53 . 2008-11-10 23:16 1 ----a-w- c:\documents and settings\Gene Barnes\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-06 20:00 . 2008-09-11 15:34 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-22 14:43 . 2009-12-12 14:37 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-16 18:27 . 2009-12-16 18:27 -------- d-----w- c:\documents and settings\Elaine\Application Data\OpenOffice.org2
2009-12-11 04:17 . 2008-12-21 18:29 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-12-08 13:53 . 2008-11-10 01:19 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\Apple Computer
2009-12-08 02:00 . 2009-12-08 02:00 26232 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-07 15:37 . 2009-12-07 15:36 -------- d-----w- c:\program files\iTunes
2009-12-07 15:37 . 2009-12-07 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-07 15:36 . 2009-12-07 15:36 -------- d-----w- c:\program files\iPod
2009-12-07 15:36 . 2008-11-10 01:11 -------- d-----w- c:\program files\Common Files\Apple
2009-12-07 15:35 . 2009-12-07 15:34 -------- d-----w- c:\program files\QuickTime
2009-12-07 15:31 . 2009-12-07 15:31 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-07 15:29 . 2009-12-07 15:29 -------- d-----w- c:\program files\Safari
2009-12-07 15:28 . 2009-12-07 15:28 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-07 15:28 . 2009-12-07 15:28 -------- d-----w- c:\program files\Bonjour
2009-12-07 14:21 . 2008-09-11 17:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-07 14:21 . 2008-09-11 17:58 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-07 14:21 . 2008-09-11 17:58 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-23 23:06 . 2008-12-26 02:20 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\uTorrent
2009-11-21 15:51 . 2006-03-15 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:46 . 2006-03-15 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2006-03-15 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2006-03-15 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-25 135664]
"PowerDVD"="c:\program files\CyberLink\PowerDVD\PowerDVD.exe" [2007-01-10 955952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 430080]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-07 290816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-14 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Gene Barnes\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-12-21 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-07 14:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 17:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-15 02:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 02:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 02:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 02:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 19:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-08-18 22:41 1832272 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Gene Barnes\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/19/2010 4:42 AM 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/11/2008 12:58 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/11/2008 12:58 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/11/2008 12:58 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/11/2008 12:58 PM 297752]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/19/2010 4:42 AM 359624]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-746137067-725345543-1003Core.job
- c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-25 14:07]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-746137067-725345543-1003UA.job
- c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-25 14:07]

2010-01-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
FF - ProfilePath - c:\documents and settings\Gene Barnes\Application Data\Mozilla\Firefox\Profiles\czizpajo.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(252)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-21 12:57:33
ComboFix-quarantined-files.txt 2010-01-21 17:57
ComboFix2.txt 2010-01-21 05:56

Pre-Run: 135,286,095,872 bytes free
Post-Run: 135,241,986,048 bytes free

- - End Of File - - 097196A9EF792C2D13D87FFF0288F697

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.485 [GMT -5:00]
Running from: c:\documents and settings\Gene Barnes\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-20 20:39 . 2010-01-20 20:39 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\Malwarebytes
2010-01-20 20:38 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 20:38 . 2010-01-20 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-20 20:38 . 2010-01-20 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 20:38 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 13:30 . 2010-01-20 13:30 -------- d-----w- c:\program files\Sun
2010-01-20 13:30 . 2010-01-20 13:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-19 09:42 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-19 09:42 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-19 09:42 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-19 09:42 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-19 09:42 . 2010-01-19 10:11 -------- d-----w- c:\program files\Spyware Doctor
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\PC Tools
2010-01-19 09:42 . 2010-01-19 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-19 03:13 . 2010-01-19 03:13 -------- d-----w- c:\program files\ESET
2010-01-17 14:47 . 2010-01-20 03:00 -------- d-----w- c:\documents and settings\Gene Barnes\Local Settings\Application Data\lggocl
2010-01-13 13:17 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 15:33 . 2010-01-12 15:00 1924744 ----a-w- c:\documents and settings\Gene Barnes\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 05:51 . 2008-09-17 22:59 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\OpenOffice.org2
2010-01-21 05:50 . 2008-09-19 02:16 -------- d-----w- c:\program files\Dl_cats
2010-01-20 16:23 . 2008-09-30 00:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-20 16:19 . 2008-09-30 01:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 13:31 . 2008-09-11 15:57 -------- d-----w- c:\program files\Common Files\Java
2010-01-20 13:30 . 2008-09-11 15:57 -------- d-----w- c:\program files\Java
2010-01-14 16:12 . 2009-12-08 02:02 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 13:53 . 2008-11-10 23:16 1 ----a-w- c:\documents and settings\Gene Barnes\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-06 20:00 . 2008-09-11 15:34 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-22 14:43 . 2009-12-12 14:37 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-16 18:27 . 2009-12-16 18:27 -------- d-----w- c:\documents and settings\Elaine\Application Data\OpenOffice.org2
2009-12-11 04:17 . 2008-12-21 18:29 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-12-08 13:53 . 2008-11-10 01:19 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\Apple Computer
2009-12-08 02:00 . 2009-12-08 02:00 26232 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-07 15:37 . 2009-12-07 15:36 -------- d-----w- c:\program files\iTunes
2009-12-07 15:37 . 2009-12-07 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-07 15:36 . 2009-12-07 15:36 -------- d-----w- c:\program files\iPod
2009-12-07 15:36 . 2008-11-10 01:11 -------- d-----w- c:\program files\Common Files\Apple
2009-12-07 15:35 . 2009-12-07 15:34 -------- d-----w- c:\program files\QuickTime
2009-12-07 15:31 . 2009-12-07 15:31 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-07 15:29 . 2009-12-07 15:29 -------- d-----w- c:\program files\Safari
2009-12-07 15:28 . 2009-12-07 15:28 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-07 15:28 . 2009-12-07 15:28 -------- d-----w- c:\program files\Bonjour
2009-12-07 14:21 . 2008-09-11 17:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-07 14:21 . 2008-09-11 17:58 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-07 14:21 . 2008-09-11 17:58 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-23 23:06 . 2008-12-26 02:20 -------- d-----w- c:\documents and settings\Gene Barnes\Application Data\uTorrent
2009-11-21 15:51 . 2006-03-15 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:46 . 2006-03-15 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2006-03-15 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2006-03-15 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-25 135664]
"PowerDVD"="c:\program files\CyberLink\PowerDVD\PowerDVD.exe" [2007-01-10 955952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 430080]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-07 290816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-14 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Gene Barnes\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-12-21 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-07 14:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 17:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-15 02:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 02:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 02:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 02:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 19:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-08-18 22:41 1832272 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Gene Barnes\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/19/2010 4:42 AM 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/11/2008 12:58 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/11/2008 12:58 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/11/2008 12:58 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/11/2008 12:58 PM 297752]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/19/2010 4:42 AM 359624]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-746137067-725345543-1003Core.job
- c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-25 14:07]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-746137067-725345543-1003UA.job
- c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-25 14:07]

2010-01-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
FF - ProfilePath - c:\documents and settings\Gene Barnes\Application Data\Mozilla\Firefox\Profiles\czizpajo.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\Gene Barnes\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(252)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-21 12:57:33
ComboFix-quarantined-files.txt 2010-01-21 17:57
ComboFix2.txt 2010-01-21 05:56

Pre-Run: 135,286,095,872 bytes free
Post-Run: 135,241,986,048 bytes free

- - End Of File - - 097196A9EF792C2D13D87FFF0288F697

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/221st January 2010, 11:37 pm

more_horiz
Hello.
I meant attach.txt from DDS.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 DXwU4
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 VvYDg

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/222nd January 2010, 1:42 am

more_horiz
Belahzur, again, I apologize for being so obtuse, but I'm way out of my element. I know I'm making your work more difficult, and I regret that, but can you tell me how to get back to the DDS log?

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/222nd January 2010, 9:28 pm

more_horiz
Re-run DDS if you need to. Smile...

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 DXwU4
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 VvYDg

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/223rd January 2010, 1:09 am

more_horiz
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/10/2008 6:33:51 PM
System Uptime: 1/22/2010 12:48:07 AM (20 hours ago)

Motherboard: Dell Inc. | | 0MF252
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 125.94 GiB free.
D: is CDROM (CDFS)
E: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: Scan
Device ID: USB\VID_413C&PID_5113&MI_00\6&3764BB98&0&0000
Manufacturer:
Name: Scan
PNP Device ID: USB\VID_413C&PID_5113&MI_00\6&3764BB98&0&0000
Service:

==== System Restore Points ===================

RP328: 10/25/2009 8:35:19 PM - System Checkpoint
RP329: 10/27/2009 8:19:51 PM - System Checkpoint
RP330: 10/30/2009 7:27:04 PM - System Checkpoint
RP331: 11/5/2009 9:25:40 PM - System Checkpoint
RP332: 11/6/2009 9:48:26 PM - System Checkpoint
RP333: 11/9/2009 7:48:31 PM - System Checkpoint
RP334: 11/11/2009 7:26:42 PM - System Checkpoint
RP335: 11/13/2009 6:56:51 PM - System Checkpoint
RP336: 11/17/2009 8:44:02 PM - System Checkpoint
RP337: 11/19/2009 10:54:04 AM - System Checkpoint
RP338: 11/20/2009 7:43:09 PM - System Checkpoint
RP339: 11/22/2009 12:26:53 PM - System Checkpoint
RP340: 11/23/2009 1:18:36 PM - System Checkpoint
RP341: 11/25/2009 8:01:07 PM - System Checkpoint
RP342: 11/27/2009 8:02:25 PM - System Checkpoint
RP343: 11/29/2009 6:56:12 PM - System Checkpoint
RP344: 11/30/2009 10:15:00 PM - System Checkpoint
RP345: 12/1/2009 10:41:13 PM - System Checkpoint
RP346: 12/4/2009 7:10:48 PM - System Checkpoint
RP347: 12/6/2009 12:58:52 PM - System Checkpoint
RP348: 12/7/2009 9:19:11 AM - Avg8 Update
RP349: 12/7/2009 9:21:24 AM - Avg8 Update
RP350: 12/7/2009 9:02:10 PM - Software Distribution Service 3.0
RP351: 12/8/2009 7:30:08 AM - Software Distribution Service 3.0
RP352: 12/9/2009 7:52:18 AM - Software Distribution Service 3.0
RP353: 12/9/2009 12:26:23 PM - Avg8 Update
RP354: 12/10/2009 4:57:02 PM - Software Distribution Service 3.0
RP355: 12/11/2009 7:20:55 PM - System Checkpoint
RP356: 12/12/2009 9:36:47 AM - Avg8 Update
RP357: 12/12/2009 9:37:42 AM - Avg8 Update
RP358: 12/13/2009 4:48:01 PM - System Checkpoint
RP359: 12/14/2009 9:24:00 PM - System Checkpoint
RP360: 12/15/2009 8:16:38 AM - Software Distribution Service 3.0
RP361: 12/16/2009 9:28:40 AM - System Checkpoint
RP362: 12/17/2009 6:47:53 PM - System Checkpoint
RP363: 12/17/2009 6:49:21 PM - Software Distribution Service 3.0
RP364: 12/18/2009 8:27:03 PM - System Checkpoint
RP365: 12/19/2009 8:40:43 PM - System Checkpoint
RP366: 12/21/2009 4:42:11 PM - Software Distribution Service 3.0
RP367: 12/22/2009 9:43:42 AM - Avg8 Update
RP368: 12/23/2009 6:31:15 PM - System Checkpoint
RP369: 12/24/2009 11:50:01 AM - Software Distribution Service 3.0
RP370: 12/25/2009 12:45:16 PM - System Checkpoint
RP371: 12/26/2009 6:23:03 PM - System Checkpoint
RP372: 12/27/2009 8:02:53 PM - System Checkpoint
RP373: 12/28/2009 9:32:34 AM - Avg8 Update
RP374: 12/29/2009 8:30:43 AM - Software Distribution Service 3.0
RP375: 12/30/2009 11:28:51 AM - System Checkpoint
RP376: 1/1/2010 12:30:17 PM - Software Distribution Service 3.0
RP377: 1/2/2010 8:26:51 PM - System Checkpoint
RP378: 1/3/2010 8:33:17 PM - System Checkpoint
RP379: 1/4/2010 9:21:44 AM - Avg8 Update
RP380: 1/4/2010 6:54:49 PM - Software Distribution Service 3.0
RP381: 1/6/2010 5:47:47 PM - System Checkpoint
RP382: 1/7/2010 8:53:49 PM - System Checkpoint
RP383: 1/8/2010 7:58:36 AM - Software Distribution Service 3.0
RP384: 1/9/2010 11:58:01 AM - System Checkpoint
RP385: 1/10/2010 8:31:50 PM - System Checkpoint
RP386: 1/11/2010 10:11:09 AM - Software Distribution Service 3.0
RP387: 1/12/2010 11:00:24 AM - System Checkpoint
RP388: 1/13/2010 11:52:35 AM - System Checkpoint
RP389: 1/14/2010 8:14:14 AM - Software Distribution Service 3.0
RP390: 1/15/2010 8:35:01 AM - Software Distribution Service 3.0
RP391: 1/17/2010 8:48:13 AM - System Checkpoint
RP392: 1/19/2010 4:20:55 AM - Software Distribution Service 3.0
RP393: 1/20/2010 8:29:05 AM - Installed Java(TM) SE Development Kit 6 Update 18
RP394: 1/20/2010 8:30:10 AM - Installed Java(TM) 6 Update 18
RP395: 1/20/2010 11:18:07 AM - Software Distribution Service 3.0
RP396: 1/21/2010 11:33:36 AM - System Checkpoint
RP397: 1/22/2010 8:41:44 AM - Software Distribution Service 3.0

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
AVG Free 8.5
Belarc Advisor 7.2
Bonjour
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Photo AIO Printer 944
DriverAgent by TouchStone Software
Google Chrome
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java DB 10.5.3.0
Java(TM) 6 Update 18
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 18
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
Nikon Message Center
Octoshape add-in for Adobe Flash Player
OpenOffice.org 2.4
PictureProject
PowerDVD
QuickTime
Registry Mechanic 8.0
Rhapsody Player Engine
Safari
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sibelius Scorch Plugin
Spybot - Search & Destroy
Spyware Doctor 7.0
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VLC media player 0.9.8a
WebFldrs XP
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

1/20/2010 3:55:05 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/18/2010 5:24:46 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
1/18/2010 10:41:12 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/10/2008 6:33:51 PM
System Uptime: 1/22/2010 12:48:07 AM (20 hours ago)

Motherboard: Dell Inc. | | 0MF252
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 125.94 GiB free.
D: is CDROM (CDFS)
E: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: Scan
Device ID: USB\VID_413C&PID_5113&MI_00\6&3764BB98&0&0000
Manufacturer:
Name: Scan
PNP Device ID: USB\VID_413C&PID_5113&MI_00\6&3764BB98&0&0000
Service:

==== System Restore Points ===================

RP328: 10/25/2009 8:35:19 PM - System Checkpoint
RP329: 10/27/2009 8:19:51 PM - System Checkpoint
RP330: 10/30/2009 7:27:04 PM - System Checkpoint
RP331: 11/5/2009 9:25:40 PM - System Checkpoint
RP332: 11/6/2009 9:48:26 PM - System Checkpoint
RP333: 11/9/2009 7:48:31 PM - System Checkpoint
RP334: 11/11/2009 7:26:42 PM - System Checkpoint
RP335: 11/13/2009 6:56:51 PM - System Checkpoint
RP336: 11/17/2009 8:44:02 PM - System Checkpoint
RP337: 11/19/2009 10:54:04 AM - System Checkpoint
RP338: 11/20/2009 7:43:09 PM - System Checkpoint
RP339: 11/22/2009 12:26:53 PM - System Checkpoint
RP340: 11/23/2009 1:18:36 PM - System Checkpoint
RP341: 11/25/2009 8:01:07 PM - System Checkpoint
RP342: 11/27/2009 8:02:25 PM - System Checkpoint
RP343: 11/29/2009 6:56:12 PM - System Checkpoint
RP344: 11/30/2009 10:15:00 PM - System Checkpoint
RP345: 12/1/2009 10:41:13 PM - System Checkpoint
RP346: 12/4/2009 7:10:48 PM - System Checkpoint
RP347: 12/6/2009 12:58:52 PM - System Checkpoint
RP348: 12/7/2009 9:19:11 AM - Avg8 Update
RP349: 12/7/2009 9:21:24 AM - Avg8 Update
RP350: 12/7/2009 9:02:10 PM - Software Distribution Service 3.0
RP351: 12/8/2009 7:30:08 AM - Software Distribution Service 3.0
RP352: 12/9/2009 7:52:18 AM - Software Distribution Service 3.0
RP353: 12/9/2009 12:26:23 PM - Avg8 Update
RP354: 12/10/2009 4:57:02 PM - Software Distribution Service 3.0
RP355: 12/11/2009 7:20:55 PM - System Checkpoint
RP356: 12/12/2009 9:36:47 AM - Avg8 Update
RP357: 12/12/2009 9:37:42 AM - Avg8 Update
RP358: 12/13/2009 4:48:01 PM - System Checkpoint
RP359: 12/14/2009 9:24:00 PM - System Checkpoint
RP360: 12/15/2009 8:16:38 AM - Software Distribution Service 3.0
RP361: 12/16/2009 9:28:40 AM - System Checkpoint
RP362: 12/17/2009 6:47:53 PM - System Checkpoint
RP363: 12/17/2009 6:49:21 PM - Software Distribution Service 3.0
RP364: 12/18/2009 8:27:03 PM - System Checkpoint
RP365: 12/19/2009 8:40:43 PM - System Checkpoint
RP366: 12/21/2009 4:42:11 PM - Software Distribution Service 3.0
RP367: 12/22/2009 9:43:42 AM - Avg8 Update
RP368: 12/23/2009 6:31:15 PM - System Checkpoint
RP369: 12/24/2009 11:50:01 AM - Software Distribution Service 3.0
RP370: 12/25/2009 12:45:16 PM - System Checkpoint
RP371: 12/26/2009 6:23:03 PM - System Checkpoint
RP372: 12/27/2009 8:02:53 PM - System Checkpoint
RP373: 12/28/2009 9:32:34 AM - Avg8 Update
RP374: 12/29/2009 8:30:43 AM - Software Distribution Service 3.0
RP375: 12/30/2009 11:28:51 AM - System Checkpoint
RP376: 1/1/2010 12:30:17 PM - Software Distribution Service 3.0
RP377: 1/2/2010 8:26:51 PM - System Checkpoint
RP378: 1/3/2010 8:33:17 PM - System Checkpoint
RP379: 1/4/2010 9:21:44 AM - Avg8 Update
RP380: 1/4/2010 6:54:49 PM - Software Distribution Service 3.0
RP381: 1/6/2010 5:47:47 PM - System Checkpoint
RP382: 1/7/2010 8:53:49 PM - System Checkpoint
RP383: 1/8/2010 7:58:36 AM - Software Distribution Service 3.0
RP384: 1/9/2010 11:58:01 AM - System Checkpoint
RP385: 1/10/2010 8:31:50 PM - System Checkpoint
RP386: 1/11/2010 10:11:09 AM - Software Distribution Service 3.0
RP387: 1/12/2010 11:00:24 AM - System Checkpoint
RP388: 1/13/2010 11:52:35 AM - System Checkpoint
RP389: 1/14/2010 8:14:14 AM - Software Distribution Service 3.0
RP390: 1/15/2010 8:35:01 AM - Software Distribution Service 3.0
RP391: 1/17/2010 8:48:13 AM - System Checkpoint
RP392: 1/19/2010 4:20:55 AM - Software Distribution Service 3.0
RP393: 1/20/2010 8:29:05 AM - Installed Java(TM) SE Development Kit 6 Update 18
RP394: 1/20/2010 8:30:10 AM - Installed Java(TM) 6 Update 18
RP395: 1/20/2010 11:18:07 AM - Software Distribution Service 3.0
RP396: 1/21/2010 11:33:36 AM - System Checkpoint
RP397: 1/22/2010 8:41:44 AM - Software Distribution Service 3.0

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
AVG Free 8.5
Belarc Advisor 7.2
Bonjour
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Photo AIO Printer 944
DriverAgent by TouchStone Software
Google Chrome
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java DB 10.5.3.0
Java(TM) 6 Update 18
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 18
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
Nikon Message Center
Octoshape add-in for Adobe Flash Player
OpenOffice.org 2.4
PictureProject
PowerDVD
QuickTime
Registry Mechanic 8.0
Rhapsody Player Engine
Safari
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sibelius Scorch Plugin
Spybot - Search & Destroy
Spyware Doctor 7.0
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VLC media player 0.9.8a
WebFldrs XP
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

1/20/2010 3:55:05 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/18/2010 5:24:46 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
1/18/2010 10:41:12 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/10/2008 6:33:51 PM
System Uptime: 1/22/2010 12:48:07 AM (20 hours ago)

Motherboard: Dell Inc. | | 0MF252
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 125.94 GiB free.
D: is CDROM (CDFS)
E: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: Scan
Device ID: USB\VID_413C&PID_5113&MI_00\6&3764BB98&0&0000
Manufacturer:
Name: Scan
PNP Device ID: USB\VID_413C&PID_5113&MI_00\6&3764BB98&0&0000
Service:

==== System Restore Points ===================

RP328: 10/25/2009 8:35:19 PM - System Checkpoint
RP329: 10/27/2009 8:19:51 PM - System Checkpoint
RP330: 10/30/2009 7:27:04 PM - System Checkpoint
RP331: 11/5/2009 9:25:40 PM - System Checkpoint
RP332: 11/6/2009 9:48:26 PM - System Checkpoint
RP333: 11/9/2009 7:48:31 PM - System Checkpoint
RP334: 11/11/2009 7:26:42 PM - System Checkpoint
RP335: 11/13/2009 6:56:51 PM - System Checkpoint
RP336: 11/17/2009 8:44:02 PM - System Checkpoint
RP337: 11/19/2009 10:54:04 AM - System Checkpoint
RP338: 11/20/2009 7:43:09 PM - System Checkpoint
RP339: 11/22/2009 12:26:53 PM - System Checkpoint
RP340: 11/23/2009 1:18:36 PM - System Checkpoint
RP341: 11/25/2009 8:01:07 PM - System Checkpoint
RP342: 11/27/2009 8:02:25 PM - System Checkpoint
RP343: 11/29/2009 6:56:12 PM - System Checkpoint
RP344: 11/30/2009 10:15:00 PM - System Checkpoint
RP345: 12/1/2009 10:41:13 PM - System Checkpoint
RP346: 12/4/2009 7:10:48 PM - System Checkpoint
RP347: 12/6/2009 12:58:52 PM - System Checkpoint
RP348: 12/7/2009 9:19:11 AM - Avg8 Update
RP349: 12/7/2009 9:21:24 AM - Avg8 Update
RP350: 12/7/2009 9:02:10 PM - Software Distribution Service 3.0
RP351: 12/8/2009 7:30:08 AM - Software Distribution Service 3.0
RP352: 12/9/2009 7:52:18 AM - Software Distribution Service 3.0
RP353: 12/9/2009 12:26:23 PM - Avg8 Update
RP354: 12/10/2009 4:57:02 PM - Software Distribution Service 3.0
RP355: 12/11/2009 7:20:55 PM - System Checkpoint
RP356: 12/12/2009 9:36:47 AM - Avg8 Update
RP357: 12/12/2009 9:37:42 AM - Avg8 Update
RP358: 12/13/2009 4:48:01 PM - System Checkpoint
RP359: 12/14/2009 9:24:00 PM - System Checkpoint
RP360: 12/15/2009 8:16:38 AM - Software Distribution Service 3.0
RP361: 12/16/2009 9:28:40 AM - System Checkpoint
RP362: 12/17/2009 6:47:53 PM - System Checkpoint
RP363: 12/17/2009 6:49:21 PM - Software Distribution Service 3.0
RP364: 12/18/2009 8:27:03 PM - System Checkpoint
RP365: 12/19/2009 8:40:43 PM - System Checkpoint
RP366: 12/21/2009 4:42:11 PM - Software Distribution Service 3.0
RP367: 12/22/2009 9:43:42 AM - Avg8 Update
RP368: 12/23/2009 6:31:15 PM - System Checkpoint
RP369: 12/24/2009 11:50:01 AM - Software Distribution Service 3.0
RP370: 12/25/2009 12:45:16 PM - System Checkpoint
RP371: 12/26/2009 6:23:03 PM - System Checkpoint
RP372: 12/27/2009 8:02:53 PM - System Checkpoint
RP373: 12/28/2009 9:32:34 AM - Avg8 Update
RP374: 12/29/2009 8:30:43 AM - Software Distribution Service 3.0
RP375: 12/30/2009 11:28:51 AM - System Checkpoint
RP376: 1/1/2010 12:30:17 PM - Software Distribution Service 3.0
RP377: 1/2/2010 8:26:51 PM - System Checkpoint
RP378: 1/3/2010 8:33:17 PM - System Checkpoint
RP379: 1/4/2010 9:21:44 AM - Avg8 Update
RP380: 1/4/2010 6:54:49 PM - Software Distribution Service 3.0
RP381: 1/6/2010 5:47:47 PM - System Checkpoint
RP382: 1/7/2010 8:53:49 PM - System Checkpoint
RP383: 1/8/2010 7:58:36 AM - Software Distribution Service 3.0
RP384: 1/9/2010 11:58:01 AM - System Checkpoint
RP385: 1/10/2010 8:31:50 PM - System Checkpoint
RP386: 1/11/2010 10:11:09 AM - Software Distribution Service 3.0
RP387: 1/12/2010 11:00:24 AM - System Checkpoint
RP388: 1/13/2010 11:52:35 AM - System Checkpoint
RP389: 1/14/2010 8:14:14 AM - Software Distribution Service 3.0
RP390: 1/15/2010 8:35:01 AM - Software Distribution Service 3.0
RP391: 1/17/2010 8:48:13 AM - System Checkpoint
RP392: 1/19/2010 4:20:55 AM - Software Distribution Service 3.0
RP393: 1/20/2010 8:29:05 AM - Installed Java(TM) SE Development Kit 6 Update 18
RP394: 1/20/2010 8:30:10 AM - Installed Java(TM) 6 Update 18
RP395: 1/20/2010 11:18:07 AM - Software Distribution Service 3.0
RP396: 1/21/2010 11:33:36 AM - System Checkpoint
RP397: 1/22/2010 8:41:44 AM - Software Distribution Service 3.0

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
AVG Free 8.5
Belarc Advisor 7.2
Bonjour
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Photo AIO Printer 944
DriverAgent by TouchStone Software
Google Chrome
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java DB 10.5.3.0
Java(TM) 6 Update 18
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 18
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
Nikon Message Center
Octoshape add-in for Adobe Flash Player
OpenOffice.org 2.4
PictureProject
PowerDVD
QuickTime
Registry Mechanic 8.0
Rhapsody Player Engine
Safari
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sibelius Scorch Plugin
Spybot - Search & Destroy
Spyware Doctor 7.0
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VLC media player 0.9.8a
WebFldrs XP
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

1/20/2010 3:55:05 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/18/2010 5:24:46 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
1/18/2010 10:41:12 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/10/2008 6:33:51 PM
System Uptime: 1/22/2010 12:48:07 AM (20 hours ago)

Motherboard: Dell Inc. | | 0MF252
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 125.94 GiB free.
D: is CDROM (CDFS)
E: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: Scan
Device ID: USB\VID_413C&PID_5113&MI_00\6&3764BB98&0&0000
Manufacturer:
Name: Scan
PNP Device ID: USB\VID_413C&PID_5113&MI_00\6&3764BB98&0&0000
Service:

==== System Restore Points ===================

RP328: 10/25/2009 8:35:19 PM - System Checkpoint
RP329: 10/27/2009 8:19:51 PM - System Checkpoint
RP330: 10/30/2009 7:27:04 PM - System Checkpoint
RP331: 11/5/2009 9:25:40 PM - System Checkpoint
RP332: 11/6/2009 9:48:26 PM - System Checkpoint
RP333: 11/9/2009 7:48:31 PM - System Checkpoint
RP334: 11/11/2009 7:26:42 PM - System Checkpoint
RP335: 11/13/2009 6:56:51 PM - System Checkpoint
RP336: 11/17/2009 8:44:02 PM - System Checkpoint
RP337: 11/19/2009 10:54:04 AM - System Checkpoint
RP338: 11/20/2009 7:43:09 PM - System Checkpoint
RP339: 11/22/2009 12:26:53 PM - System Checkpoint
RP340: 11/23/2009 1:18:36 PM - System Checkpoint
RP341: 11/25/2009 8:01:07 PM - System Checkpoint
RP342: 11/27/2009 8:02:25 PM - System Checkpoint
RP343: 11/29/2009 6:56:12 PM - System Checkpoint
RP344: 11/30/2009 10:15:00 PM - System Checkpoint
RP345: 12/1/2009 10:41:13 PM - System Checkpoint
RP346: 12/4/2009 7:10:48 PM - System Checkpoint
RP347: 12/6/2009 12:58:52 PM - System Checkpoint
RP348: 12/7/2009 9:19:11 AM - Avg8 Update
RP349: 12/7/2009 9:21:24 AM - Avg8 Update
RP350: 12/7/2009 9:02:10 PM - Software Distribution Service 3.0
RP351: 12/8/2009 7:30:08 AM - Software Distribution Service 3.0
RP352: 12/9/2009 7:52:18 AM - Software Distribution Service 3.0
RP353: 12/9/2009 12:26:23 PM - Avg8 Update
RP354: 12/10/2009 4:57:02 PM - Software Distribution Service 3.0
RP355: 12/11/2009 7:20:55 PM - System Checkpoint
RP356: 12/12/2009 9:36:47 AM - Avg8 Update
RP357: 12/12/2009 9:37:42 AM - Avg8 Update
RP358: 12/13/2009 4:48:01 PM - System Checkpoint
RP359: 12/14/2009 9:24:00 PM - System Checkpoint
RP360: 12/15/2009 8:16:38 AM - Software Distribution Service 3.0
RP361: 12/16/2009 9:28:40 AM - System Checkpoint
RP362: 12/17/2009 6:47:53 PM - System Checkpoint
RP363: 12/17/2009 6:49:21 PM - Software Distribution Service 3.0
RP364: 12/18/2009 8:27:03 PM - System Checkpoint
RP365: 12/19/2009 8:40:43 PM - System Checkpoint
RP366: 12/21/2009 4:42:11 PM - Software Distribution Service 3.0
RP367: 12/22/2009 9:43:42 AM - Avg8 Update
RP368: 12/23/2009 6:31:15 PM - System Checkpoint
RP369: 12/24/2009 11:50:01 AM - Software Distribution Service 3.0
RP370: 12/25/2009 12:45:16 PM - System Checkpoint
RP371: 12/26/2009 6:23:03 PM - System Checkpoint
RP372: 12/27/2009 8:02:53 PM - System Checkpoint
RP373: 12/28/2009 9:32:34 AM - Avg8 Update
RP374: 12/29/2009 8:30:43 AM - Software Distribution Service 3.0
RP375: 12/30/2009 11:28:51 AM - System Checkpoint
RP376: 1/1/2010 12:30:17 PM - Software Distribution Service 3.0
RP377: 1/2/2010 8:26:51 PM - System Checkpoint
RP378: 1/3/2010 8:33:17 PM - System Checkpoint
RP379: 1/4/2010 9:21:44 AM - Avg8 Update
RP380: 1/4/2010 6:54:49 PM - Software Distribution Service 3.0
RP381: 1/6/2010 5:47:47 PM - System Checkpoint
RP382: 1/7/2010 8:53:49 PM - System Checkpoint
RP383: 1/8/2010 7:58:36 AM - Software Distribution Service 3.0
RP384: 1/9/2010 11:58:01 AM - System Checkpoint
RP385: 1/10/2010 8:31:50 PM - System Checkpoint
RP386: 1/11/2010 10:11:09 AM - Software Distribution Service 3.0
RP387: 1/12/2010 11:00:24 AM - System Checkpoint
RP388: 1/13/2010 11:52:35 AM - System Checkpoint
RP389: 1/14/2010 8:14:14 AM - Software Distribution Service 3.0
RP390: 1/15/2010 8:35:01 AM - Software Distribution Service 3.0
RP391: 1/17/2010 8:48:13 AM - System Checkpoint
RP392: 1/19/2010 4:20:55 AM - Software Distribution Service 3.0
RP393: 1/20/2010 8:29:05 AM - Installed Java(TM) SE Development Kit 6 Update 18
RP394: 1/20/2010 8:30:10 AM - Installed Java(TM) 6 Update 18
RP395: 1/20/2010 11:18:07 AM - Software Distribution Service 3.0
RP396: 1/21/2010 11:33:36 AM - System Checkpoint
RP397: 1/22/2010 8:41:44 AM - Software Distribution Service 3.0

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
AVG Free 8.5
Belarc Advisor 7.2
Bonjour
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Photo AIO Printer 944
DriverAgent by TouchStone Software
Google Chrome
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java DB 10.5.3.0
Java(TM) 6 Update 18
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 18
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
Nikon Message Center
Octoshape add-in for Adobe Flash Player
OpenOffice.org 2.4
PictureProject
PowerDVD
QuickTime
Registry Mechanic 8.0
Rhapsody Player Engine
Safari
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sibelius Scorch Plugin
Spybot - Search & Destroy
Spyware Doctor 7.0
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VLC media player 0.9.8a
WebFldrs XP
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

1/20/2010 3:55:05 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/18/2010 5:24:46 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
1/18/2010 10:41:12 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/223rd January 2010, 1:45 am

more_horiz
Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 4
    Java(TM) 6 Update 7

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 DXwU4
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 VvYDg

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/223rd January 2010, 2:29 am

more_horiz
Belahzur, you guys are awesome!!! The machine's been running fine for awhile now. Please keep my email address handy if you ever need a custom acoustic guitar built at a considerable discount. You guys have helped me avert what was a real disaster in my life and I am very grateful. A donation will be forthcoming.

Gene Barnes

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/223rd January 2010, 11:45 pm

more_horiz
Hello.
I have removed your email adress from public view, for your own safety.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 DXwU4
BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 VvYDg

descriptionBankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2 EmptyRe: BankerFox.A and Nuquel.E Scan saved at 9:27:25 AM, on 1/20/2

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum