C:\ComboFix.txt along with a new HijackThis log

[AAB0726]

ComboFix 09-02-12.03 - MICHAEL BOSCHERT 2009-02-14 11:17:15.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.209 [GMT -6:00]

Running from: c:\documents and settings\MICHAEL BOSCHERT\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Outdated)

FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled*

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\MICHAEL BOSCHERT\Application Data\Google\ckzty22913935.exe

c:\documents and settings\MICHAEL BOSCHERT\Application Data\Google\msnkpl32.dll

c:\program files\Common\helper.sig

c:\program files\MorpheusBar\bar\1.bin\M0PLUGIN.DLL

c:\program files\MorpheusBar\bar\1.bin\M0POPSWT.DLL

c:\program files\MorpheusBar\bar\1.bin\NPMORPBR.DLL

c:\program files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL

c:\windows\IE4 Error Log.txt

c:\windows\system32\404Fix.exe

c:\windows\system32\Agent.OMZ.Fix.exe

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\o4Patch.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

.

((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))

.

2009-02-13 17:33 . 2009-02-13 17:33 <DIR> d-------- c:\program files\Avira

2009-02-13 17:33 . 2009-02-13 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira

2009-02-12 20:03 . 2009-02-12 20:03 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2009-02-12 20:03 . 2009-02-12 20:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-02-12 18:00 . 2009-02-12 18:00 <DIR> d-------- c:\documents and settings\MICHAEL BOSCHERT\Application Data\Malwarebytes

2009-02-12 17:59 . 2009-02-12 17:59 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-12 17:59 . 2009-02-12 17:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-02-12 17:59 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-12 17:59 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-12 07:02 . 2009-02-12 19:52 <DIR> d--h----- C:\$AVG8.VAULT$

2009-02-12 06:59 . 2009-02-13 17:13 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-02-12 06:59 . 2009-02-12 17:55 <DIR> d-------- c:\documents and settings\MICHAEL BOSCHERT\Application Data\AVGTOOLBAR

2009-02-12 06:59 . 2009-02-12 06:59 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-02-12 06:59 . 2009-02-12 06:59 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-02-12 06:59 . 2009-02-12 06:59 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-02-12 06:58 . 2009-02-12 06:58 <DIR> d-------- c:\program files\AVG

2009-02-12 06:58 . 2009-02-12 17:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8

2009-02-11 20:53 . 2009-02-11 20:53 <DIR> d-------- c:\program files\Common Files\Download Manager

2009-02-11 19:08 . 2009-02-13 17:20 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2009-02-10 08:42 . 2009-02-11 19:21 54,171 --a------ c:\windows\Sysvxd.exe

2009-02-05 19:24 . 2009-02-14 11:17 <DIR> d-------- c:\program files\Common

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-13 23:38 --------- d-----w c:\program files\Trend Micro

2009-02-12 23:50 --------- d-----w c:\program files\MySpace

2009-01-18 22:24 --------- d-----w c:\program files\LabelMaker

2009-01-17 03:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll

2009-01-03 03:01 --------- d-----w c:\program files\Poker World

2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe

2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-12-19 00:38 --------- d-----w c:\program files\Google

2008-12-17 21:36 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap

2008-12-11 11:57 333,184 ------w c:\windows\system32\dllcache\srv.sys

2008-11-26 18:53 4,704 --sha-w c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-18 68856]

"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ShowLOMControl"="1 (0x1)" [X]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-15 839680]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-28 26112]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696]

"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]

"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-12 1601304]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-03-28 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-12 06:59 10520 c:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"=c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Morpheus\\Morpheus.exe"=

"c:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-12 325128]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-12 107272]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-12 298264]

R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-08-30 205328]

R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-08-30 36368]

S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]

S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]

S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ANTIVIRSCHEDULER

*NewlyCreated* - ANTIVIRSERVICE

*NewlyCreated* - AVGIO

*NewlyCreated* - AVGNTFLT

*NewlyCreated* - AVIPBB

.

Contents of the 'Scheduled Tasks' folder

2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

.

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - c:\program files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL

HKLM-Run-realtecks - c:\documents and settings\MICHAEL BOSCHERT\Application Data\Google\ckzty22913935.exe

.

------- Supplementary Scan -------

.

mWindow Title = Microsoft Internet Explorer provided by CenturyTel

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-14 11:18:56

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)

c:\windows\System32\BCMLogon.dll

c:\windows\system32\igfxdev.dll

.

Completion time: 2009-02-14 11:21:25

ComboFix-quarantined-files.txt 2009-02-14 17:20:55

Pre-Run: 24,757,526,528 bytes free

Post-Run: 24,799,608,832 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

188 --- E O F --- 2009-02-13 23:20:02

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:24:43, on 2/14/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\AVG\AVG8\aAvgApi.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll

O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)

O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [showLOMControl]

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games

[Tigger93]

Please continue with your original topic here:

http://www.malwarebytes.org/forums/index.php?showtopic=11294