Heatsink fan is finally here and installed! I've done my malware removal work and here are the logs. I think you have finally gotten it. I don't have any strange dlls popping up yet in my msconfig startup. If you have gotten this thing out of the system, could you explain what step may have done it and what it was? I saw that the avenger log said no rootkits found so maybe that wasn't what it was? Thank you for your patience. I'll stop talking and let you check the logs....
Combofix LogComboFix 09-04-17.01 - Mike 04/16/2009 12:22.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.557 [GMT -6:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\oloxudipo.dll
.
((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.
2009-04-08 11:13 . 2009-04-16 18:09 0 ----a-w c:\windows\Oginul.bin
2009-04-08 11:13 . 2009-04-16 18:09 408 ----a-w c:\windows\Rkuhohaqitejig.dat
2009-04-08 11:13 . 2009-04-08 11:13 -------- d-----w c:\documents and settings\Mike\Local Settings\Application Data\{A16AB6F3-308C-4819-B08D-4A6E54D1147D}
2009-04-07 16:29 . 2009-04-07 16:29 -------- d-----w c:\documents and settings\Mike\Application Data\IObit
2009-04-05 17:22 . 2009-04-05 17:22 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-05 17:22 . 2009-04-05 17:22 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-05 17:10 . 2009-04-05 17:10 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-03 16:46 . 2009-04-03 16:46 -------- d-----w c:\program files\MSXML 4.0
2009-04-03 02:01 . 2009-04-07 21:03 -------- d-----w c:\windows\system32\CatRoot_bak
2009-04-03 02:00 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-03 01:51 . 2008-05-01 14:30 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-04-02 19:50 . 2009-04-02 19:50 153104 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-02 18:55 . 2009-04-02 19:10 250 ----a-w c:\windows\gmer.ini
2009-04-02 16:28 . 2009-04-02 16:28 -------- d-----w c:\windows\RestoreSafeDeleted
2009-04-02 00:06 . 2009-04-03 01:50 -------- d-----w c:\program files\UnHackMe
2009-04-01 20:41 . 2009-04-01 20:41 -------- d-----w c:\program files\LucasArts
2009-04-01 19:55 . 2009-04-01 19:52 49152 ----a-w c:\windows\system32\md5sum.exe
2009-04-01 04:05 . 2009-04-16 18:26 29988 ----a-w c:\windows\system32\BMXStateBkp-{00000000-00000000-0000000E-00001102-00000004-10031102}.rfx
2009-04-01 04:05 . 2009-04-16 18:26 29988 ----a-w c:\windows\system32\BMXState-{00000000-00000000-0000000E-00001102-00000004-10031102}.rfx
2009-04-01 04:05 . 2009-04-16 18:26 29760 ----a-w c:\windows\system32\BMXCtrlState-{00000000-00000000-0000000E-00001102-00000004-10031102}.rfx
2009-04-01 04:05 . 2009-04-16 18:26 29760 ----a-w c:\windows\system32\BMXBkpCtrlState-{00000000-00000000-0000000E-00001102-00000004-10031102}.rfx
2009-04-01 04:05 . 2009-04-16 18:26 292 ----a-w c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000E-00001102-00000004-10031102}.dat
2009-04-01 04:05 . 2009-04-16 18:26 292 ----a-w c:\windows\system32\DVCState-{00000000-00000000-0000000E-00001102-00000004-10031102}.dat
2009-04-01 04:05 . 2009-04-16 18:26 1080 ----a-w c:\windows\system32\settingsbkup.sfm
2009-04-01 04:05 . 2009-04-16 18:26 1080 ----a-w c:\windows\system32\settings.sfm
2009-03-31 18:58 . 2009-03-31 18:58 -------- d-----w c:\documents and settings\Mike\Application Data\Uniblue
2009-03-31 16:49 . 2009-04-01 15:55 -------- d-----w c:\program files\Spyware Terminator
2009-03-29 18:38 . 2009-03-29 18:38 -------- d-----w c:\program files\Trend Micro
2009-03-28 03:10 . 2009-03-30 23:41 -------- d-----w c:\program files\Security Task Manager
2009-03-23 21:00 . 2009-03-23 21:00 -------- d-----w c:\documents and settings\Mike\Application Data\Media Player Classic
2009-03-23 20:57 . 2008-07-30 19:09 38 ----a-w c:\windows\avisplitter.ini
2009-03-23 20:57 . 2009-03-23 20:57 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-23 17:24 . 2009-03-25 21:03 -------- d-----w c:\program files\FlashGet
2009-03-23 17:13 . 2009-03-23 17:14 -------- d-----w c:\program files\Common Files\DivX Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 01:54 . 2007-12-25 20:27 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-05 17:22 . 2005-08-22 01:00 -------- d-----w c:\program files\Java
2009-04-05 17:10 . 2004-08-18 15:04 -------- d-----w c:\program files\Common Files\Adobe
2009-04-03 22:21 . 2005-10-03 00:08 -------- d-----w c:\program files\Microsoft Picture It! PhotoPub
2009-04-03 13:10 . 2009-01-11 16:49 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-02 01:50 . 2008-06-28 16:42 -------- d-----w c:\documents and settings\Mike\Application Data\Talkback
2009-04-02 01:50 . 2007-12-25 15:54 -------- d-----w c:\program files\iTunes
2009-04-01 20:37 . 2007-05-06 02:53 -------- d--h--w c:\documents and settings\Mike\Application Data\Move Networks
2009-04-01 00:40 . 2008-11-30 17:06 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-01 00:40 . 2008-11-30 17:06 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 18:05 . 2009-03-29 18:05 0 ----a-w C:\rundll32.txt
2009-03-26 22:49 . 2009-01-11 16:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 22:49 . 2009-01-11 16:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-26 20:01 . 2008-08-20 21:45 -------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-03-26 12:16 . 2004-08-18 13:54 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 17:14 . 2008-01-08 19:19 -------- d-----w c:\program files\DivX
2009-03-05 00:37 . 2008-12-24 03:31 -------- d-----w c:\documents and settings\Mike\Application Data\U3
2009-03-05 00:36 . 2009-03-05 00:36 -------- d-----w c:\program files\Risk II
2009-02-28 01:38 . 2004-12-04 23:07 55 ----a-w C:\DVDPATH.TXT
2009-02-23 22:52 . 2009-02-22 17:54 -------- d-----w c:\documents and settings\Mike\Application Data\GetRightToGo
2009-02-09 10:19 . 2002-09-25 19:17 1846272 ----a-w c:\windows\system32\win32k.sys
2009-01-29 12:13 . 2008-08-20 21:50 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-27 01:34 . 2009-01-27 01:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-01-27 01:34 . 2009-01-27 01:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-01-27 01:34 . 2009-01-27 01:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-01-27 01:34 . 2009-01-27 01:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-01-27 01:34 . 2009-01-27 01:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-01-27 01:34 . 2009-01-27 01:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-01-24 19:37 . 2008-07-02 17:40 34 ----a-w c:\documents and settings\Mike\jagex_runescape_preferences.dat
2008-10-16 21:41 . 2004-10-23 01:50 281888 ----a-w c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-01-13 13:27 . 2008-01-13 13:27 276808 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-09-28 16:27 . 2005-09-28 16:27 127 ----a-w c:\documents and settings\Mike\Local Settings\Application Data\fusioncache.dat
2004-08-30 13:21 . 2004-08-30 13:21 0 -c-ha-w c:\documents and settings\Mike\hpothb07.dat
2007-10-05 13:56 . 2007-10-04 13:40 81 --sh--r c:\windows\ICSET.BIN
2007-11-29 00:20 . 2007-11-29 00:19 24 -csha-w c:\windows\SC617931F.tmp
2002-08-01 01:55 . 2006-12-07 16:20 636 --sh--w c:\windows\WSYS049.SYS
2006-10-15 13:41 . 2006-10-15 13:39 80 --sh--r c:\windows\system32\7401C44507.dll
2007-06-10 03:39 . 2007-06-10 03:39 56 --sh--r c:\windows\system32\7401C44507.sys
2007-06-27 17:39 . 2007-06-10 03:39 1682 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-08-08 311350]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-05 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]
c:\documents and settings\Mike\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2005-9-27 208896]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-8-8 24633]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-29 12:13 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"MSACM.MI-SC4"= MI-SC4.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ipsdifx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Instant Update Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Instant Update Reminder.lnk
backup=c:\windows\pss\Instant Update Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^UltimateZip Quick Start.lnk]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\UltimateZip Quick Start.lnk
backup=c:\windows\pss\UltimateZip Quick Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-31 01:05 344064 ----a-w c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
2002-09-30 05:00 45056 ----a-w c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2002-10-29 13:18 49152 ----a-w c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-08-20 18:57 221184 ----a-w c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-07-25 14:14 188416 ----a-w c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2003-08-20 21:15 483328 ----a-r c:\windows\System32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2004-04-14 21:04 40960 ----a-w c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 10:40 218032 ----a-w c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-11 19:10 267048 ----a-w c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-09-14 03:36 50688 ----a-w c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
2002-06-19 14:50 180224 ----a-w c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 14:50 155648 ----a-w c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
2004-07-29 08:41 1122304 ----a-w c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-07-01 08:12 4112384 ----a-r c:\windows\System32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2004-07-01 08:12 81920 ----a-r c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 20:46 57393 ----a-w c:\program files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickCare2.2]
2007-05-04 13:21 198184 ----a-w c:\program files\Qwest\QuickCare\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-06-20 22:53 1056768 ----a-r c:\program files\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 23:42 32768 ----a-w c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
2002-12-03 22:06 45056 ----a-w c:\program files\Creative\SB Drive Det\SBDrvDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-07-07 16:42 2156368 ------w c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 16:22 155648 ----a-r c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-11-09 03:50 180269 ----a-w c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA]
2002-09-25 19:13 77891 ----a-w c:\windows\SYSTEM32\usrmlnka.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2000-08-08 20:00 24576 ----a-w c:\program files\Microsoft Works\wkfud.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2003-04-11 21:33 118784 ----a-w c:\windows\system32\CTASIO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-04-10 16:36 28672 ----a-w c:\windows\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
2003-06-20 19:06 118784 ----a-r c:\windows\system32\ptipbmf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"SupportSoft RemoteAssist"=3 (0x3)
"sprtlisten"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
R0 OCDE;ZTekWare Original CD Emulator Service; [x]
R2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys [2002-10-21 515803]
R3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys [2002-07-25 10986]
R4 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
S0 PQV2i;PQV2i; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-01-29 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-01-29 107272]
S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
S1 PQIMount;PQIMount; [x]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-29 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-29 298264]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2005-03-02 465988]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e9b2f0c-342d-11da-804d-000ea6c30cd5}]
\Shell\AutoRun\command - f:\jdsecure\Windows\JDSecure31.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/mStart Page =
hxxp://www.google.com/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer =
IE: Open with &ZipScan - c:\progra~1\ZIPSCA~1\zs_ie.htm
Trusted Zone: aol.com\free
Trusted Zone: wikia.com\starwars
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-16 12:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(760)
c:\windows\ipsdifx.dll
- - - - - - - > 'explorer.exe'(4004)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\ipsdifx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\gearsec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-16 12:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-16 18:32
ComboFix2.txt 2009-04-07 19:18
Pre-Run: 101,604,384,768 bytes free
Post-Run: 101,646,069,760 bytes free
290 --- E O F --- 2009-04-03 16:53
GMER LogGMER 1.0.15.14966 -
http://www.gmer.netRootkit scan 2009-04-16 13:24:46
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT spul.sys ZwCreateKey [0xF72D30E0]
SSDT spul.sys ZwEnumerateKey [0xF72F0CA2]
SSDT spul.sys ZwEnumerateValueKey [0xF72F1030]
SSDT spul.sys ZwOpenKey [0xF72D30C0]
SSDT spul.sys ZwQueryKey [0xF72F1108]
SSDT spul.sys ZwQueryValueKey [0xF72F0F88]
SSDT spul.sys ZwSetValueKey [0xF72F119A]
INT 0x62 ? 86F6ABF8
INT 0x63 ? 86F6DBF8
INT 0x73 ? 86F6DBF8
INT 0x82 ? 86F6ABF8
INT 0x94 ? 85BA2BF8
INT 0x94 ? 85BA2BF8
INT 0x94 ? 85BA2BF8
INT 0x94 ? 85BA2BF8
INT 0x94 ? 85BA2BF8
INT 0x94 ? 85BA2BF8
Code \??\C:\DOCUME~1\Mike\LOCALS~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
? spul.sys The system cannot find the file specified. !
? Combo-Fix.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F63FC62C 5 Bytes JMP 85BA21D8
? C:\DOCUME~1\Mike\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72D4046] spul.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72D4142] spul.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72D40C4] spul.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72D47CE] spul.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72D46A4] spul.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72DFD7A] spul.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86F681F8
AttachedDevice \FileSystem\Ntfs \Ntfs PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \FileSystem\Udfs \UdfsCdRom 85139368
Device \FileSystem\Udfs \UdfsDisk 85139368
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 85C7F1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FD91F8
Device \Driver\dmio \Device\DmControl\DmConfig 86FD91F8
Device \Driver\dmio \Device\DmControl\DmPnP 86FD91F8
Device \Driver\dmio \Device\DmControl\DmInfo 86FD91F8
Device \Driver\usbuhci \Device\USBPDO-1 85C7F1F8
Device \Driver\usbuhci \Device\USBPDO-2 85C7F1F8
Device \Driver\usbuhci \Device\USBPDO-3 85C7F1F8
Device \Driver\usbehci \Device\USBPDO-4 85C681F8
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F6B1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \Driver\Cdrom \Device\CdRom0 85C8E1F8
Device \Driver\Cdrom \Device\CdRom1 85C8E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 86F6A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86F6A1F8
Device \Driver\atapi \Device\Ide\IdePort0 86F6A1F8
Device \Driver\atapi \Device\Ide\IdePort1 86F6A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 86F6A1F8
Device \Driver\Cdrom \Device\CdRom2 85C8E1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 851C3500
Device \Driver\NetBT \Device\NetbiosSmb 851C3500
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 85C7F1F8
Device \Driver\usbuhci \Device\USBFDO-1 85C7F1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85198500
Device \Driver\usbuhci \Device\USBFDO-2 85C7F1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85198500
Device \Driver\usbuhci \Device\USBFDO-3 85C7F1F8
Device \Driver\usbehci \Device\USBFDO-4 85C681F8
Device \Driver\Ftdisk \Device\FtControl 86F6B1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B13D3B56-74AC-4161-BABC-D1C8860B70B7} 851C3500
Device \Driver\viamraid \Device\Scsi\viamraid1 86FD81F8
Device \Driver\fasttx2k \Device\Scsi\fasttx2k1 86F691F8
Device \Driver\fasttx2k \Device\Scsi\fasttx2k1Port3Path0Target4Lun0 86F691F8
Device \FileSystem\Cdfs \Cdfs 85A9C328
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x64 0x26 0xE2 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA3 0x27 0xE6 0x0C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2B 0xBD 0xC0 0x4D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xEE 0x5F 0x6C 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xEE 0x5F 0x6C 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xEE 0x5F 0x6C 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x64 0x26 0xE2 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA3 0x27 0xE6 0x0C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2B 0xBD 0xC0 0x4D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xEE 0x5F 0x6C 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xEE 0x5F 0x6C 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xEE 0x5F 0x6C 0xBA ...
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl (size mismatch) 8192/4096 bytes
---- EOF - GMER 1.0.15 ----
Gooredfix.txtGooredFix v1.92 by jpshortstuff
Log created at 13:27 on 16/04/2009 running Option #1 (Mike)
Firefox version 2.0 (en-US)
=====Suspect Goored Entries=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{A16AB6F3-308C-4819-B08D-4A6E54D1147D}"="C:\Documents and Settings\Mike\Local Settings\Application Data\{A16AB6F3-308C-4819-B08D-4A6E54D1147D}"
=====Dumping Registry Values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins" (Folder Missing)
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components" (Folder Missing)
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{A16AB6F3-308C-4819-B08D-4A6E54D1147D}"="C:\Documents and Settings\Mike\Local Settings\Application Data\{A16AB6F3-308C-4819-B08D-4A6E54D1147D}"
Avenger LogLogfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.comPlatform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\WINDOWS\oloxudipo.dll" not found!
Deletion of file "C:\WINDOWS\oloxudipo.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|csikib"
Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|csikib" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
Hijackthis LogLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:45 PM, on 4/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -
http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} -
http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} -
http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -
file://C:\Program Files\Risk\Images\stg_drm.ocx
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) -
http://dlmanager.akamaitools.com.edgesu ... .0.3.1.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/share ... insctl.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail.com/mail/w2/pr02/re ... NPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 4649266154O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://go.divx.com/plugin/DivXBrowserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 4650865312O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} -
http://mediaplayer.walmart.com/installer/install.cabO16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} -
http://pictures06.aim.com/ygp/aol/plugi ... .5.1.7.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://cdn2.zone.msn.com/binFramework/v ... b34246.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/share ... cgdmgr.cabO16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
file://C:\Program Files\Risk\Images\armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 8220 bytes