After every sane person had given up on me for the night i went back and followed SDs instructions:
2. Repair running .exe files.
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Code:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
This unwise step, on my part, brought back my old friend Windows Police Pro. When I tried to open OTM.exe an error appeard claiming the file was corrupt. However, it somehow allowed me to open Combo-Fix which is currently running. Hopefully I will be able to post the contents of that log in my next reply. Actually I will edit this post.
Here is the log from ComboFix
I have also attached scan logs for HJT, MBAM, and Superantispyware.
Thanks for all the help I will await your reply.
ComboFix 09-09-22.03 - James Robinson 09/22/2009 23:50.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.604 [GMT -7:00]
Running from: c:\documents and settings\James Robinson\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\13644684
c:\documents and settings\All Users\Application Data\13644684\13644684
c:\documents and settings\All Users\Application Data\13644684\13644684.exe
c:\documents and settings\All Users\Application Data\13644684\pc13644684ins
c:\documents and settings\All Users\Desktop\nudetube.com.lnk
c:\documents and settings\All Users\Desktop\pornotube.com.lnk
c:\documents and settings\All Users\Desktop\youporn.com.lnk
c:\program files\Protection System
c:\program files\Protection System\core.cga
c:\program files\SafetyCenter
c:\program files\SafetyCenter\main.ico
c:\program files\SafetyCenter\new.exe
c:\program files\SafetyCenter\protector.exe
c:\program files\SafetyCenter\sound.wav
c:\program files\SafetyCenter\start.exe
c:\program files\SafetyCenter\uninstall.exe
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\windows Police Pro.exe
c:\windows\Installer\1980bf.msi
c:\windows\kb913800.exe
c:\windows\msa.exe
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\svchast.exe
c:\windows\system32\bennuar.old
c:\windows\system32\bidisp.dll
c:\windows\system32\bincd32.dat
c:\windows\system32\config\systemprofile\Desktop\System Security 2009.lnk
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security\System Security
c:\windows\system32\dddesot.dll
c:\windows\system32\desot.exe
c:\windows\system32\drivers\SKYNETqrmyctxm.sys
c:\windows\system32\drivers\smss.exe
c:\windows\system32\drivers\UACmirbstlnuk.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\onhelp.htm
c:\windows\system32\sdra64.exe
c:\windows\system32\SKYNETbowkowam.dll
c:\windows\system32\SKYNETgwuxtiqj.dll
c:\windows\system32\SKYNEThoewxdut.dat
c:\windows\system32\SKYNETklldlthw.dll
c:\windows\system32\SKYNETwlvmjiuw.dat
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
c:\windows\system32\tapi.nfo
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkpmkujkjne.dat
c:\windows\system32\UACmjxqoqthgn.dll
c:\windows\system32\UACpekvethtvj.dll
c:\windows\system32\UACrfdxuwvtuw.dll
c:\windows\system32\UACtvmrxwkhkn.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\xqamlerl.job
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNETdqvppxei
-------\Legacy_SKYNETdqvppxei
-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_AntipPolice_
-------\Service_AntipPolice_
((((((((((((((((((((((((( Files Created from 2009-08-23 to 2009-09-23 )))))))))))))))))))))))))))))))
.
2009-09-23 03:58 . 2009-09-23 03:58 -------- d-----w- C:\_OTM
2009-09-20 17:32 . 2009-09-20 17:32 2198 ----a-w- C:\pPPhmrd.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 05:38 . 2009-07-17 06:03 -------- d-----w- c:\program files\doodoo
2009-09-11 05:05 . 2009-07-17 05:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-11 03:57 . 2006-10-10 05:07 88600 ----a-w- c:\documents and settings\James Robinson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-09 04:10 . 2007-01-01 07:44 -------- d-----w- c:\program files\PokerStars
2009-09-09 03:00 . 2009-07-12 19:19 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-09 02:59 . 2005-08-17 01:54 -------- d-----w- c:\program files\GemMaster
2009-09-09 02:57 . 2006-10-03 08:56 -------- d-----w- c:\program files\Dell
2009-09-09 01:06 . 2009-03-16 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-08 15:05 . 2006-10-10 04:56 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-08-28 18:09 . 2009-03-16 04:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 18:09 . 2009-03-16 04:13 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 18:09 . 2007-03-26 03:24 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-24 02:34 . 2009-08-24 02:34 -------- d-----w- c:\program files\MSBuild
2009-08-24 02:34 . 2009-08-24 02:34 -------- d-----w- c:\program files\Reference Assemblies
2009-08-09 04:02 . 2009-04-16 00:14 256 ----a-w- c:\windows\system32\pool.bin
2009-08-08 15:00 . 2009-07-18 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2009-08-05 15:36 . 2006-10-03 09:12 -------- d-----w- c:\program files\Google
2009-08-05 09:01 . 2005-08-16 09:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-18 01:10 . 2009-07-18 01:10 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2005-08-16 09:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 20:36 . 2009-07-17 06:03 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2009-07-17 06:03 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 20:02 . 2009-07-12 19:36 19349 ----a-w- c:\windows\HPHins02.dat
2009-07-11 12:59 . 2009-07-18 16:45 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys
2009-07-11 12:17 . 2009-07-18 16:45 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-07-11 12:17 . 2009-07-18 16:45 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-06-29 16:12 . 2005-08-16 09:18 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2005-08-16 09:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2005-08-16 09:18 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2005-08-16 09:18 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2005-08-16 09:18 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2005-08-16 09:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2005-08-16 09:18 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2005-08-16 09:18 301568 ----a-w- c:\windows\system32\kerberos.dll
2008-03-19 22:50 . 2009-07-11 21:38 97280 ----a-w- c:\program files\Common Files\pcsbClean.exe
2008-03-07 02:31 . 2009-07-11 21:38 134656 ----a-w- c:\program files\Common Files\PCSBoff.exe
2008-11-26 00:18 . 2008-11-26 00:18 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-11-26 00:18 . 2008-11-26 00:18 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-11-26 00:19 . 2008-11-26 00:19 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2006-10-21 04:37 . 2006-10-11 02:39 88 --sh--r- c:\windows\system32\670D5041A4.sys
2006-10-21 04:37 . 2006-10-11 02:39 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 23:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\2ee355a4-4231-4b5c-bf5b-3f37f48ee10b.exe" [2009-08-14 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183168]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-18 148888]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-28 2007832]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 02:46 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 18:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25008:TCP"= 25008:TCP:BitComet 25008 TCP
"25008:UDP"= 25008:UDP:BitComet 25008 UDP
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/28/2009 4:08 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/15/2009 9:13 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/15/2009 9:13 PM 108552]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [7/18/2009 9:45 AM 200784]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [7/18/2009 9:45 AM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [7/18/2009 9:45 AM 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/15/2009 9:12 PM 297752]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [7/18/2009 9:45 AM 362184]
S1 ati2mtagg;ati2mtagg;c:\windows\system32\drivers\ati2mtagg.sys --> c:\windows\system32\drivers\ati2mtagg.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 1029456]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [7/18/2009 9:45 AM 3142344]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-08-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 23:26]
2009-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]
2009-09-23 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-06 18:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\James Robinson\Application Data\Mozilla\Firefox\Profiles\sra2mbqw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://msn.foxsports.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
BHO-{1F84A284-9C04-4F6C-9520-524539D2A300} - c:\windows\system32\bidisp.dll
WebBrowser-{3B905210-4AEE-4814-BFC3-6ACF6D406371} - (no file)
HKU-Default-Run-minix32 - c:\windows\system32\minix32.exe
AddRemove-HijackThis - c:\program files\Trend Micro\sniper.exe\HijackThis.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\Malwarebytes' Anti-Malware\unins000.exe
AddRemove-Win Police Pro - c:\program files\Windows Police Pro\AntiSpyware_Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-23 00:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(600)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(3392)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\mshtml.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-23 0:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-23 07:16
Pre-Run: 30,566,490,112 bytes free
Post-Run: 32,563,552,256 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
314 --- E O F --- 2009-09-20 17:29
[attachment deleted by admin]