A decent amount of the "spyware" in AVG is just a bunch of harmless cookies that reside in an old backup folder from a hard drive.
Here you go with everything:
07-04-18 12:01:27 Service Pack 2
ComboFix 07-04-18.2V - Running from: F:\desktop\
((((((((((((((((((((((((((((((( Files Created from 2007-03-18 to 2007-04-18 ))))))))))))))))))))))))))))))))))
2007-04-18 09:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-17 16:45 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-04-17 07:53 <DIR> d-------- C:\DOCUME~1\THEODO~1\DoctorWeb
2007-04-17 07:11 <DIR> d-------- C:\VundoFix Backups
2007-04-17 01:55 <DIR> d-------- C:\Program Files\InterMute
2007-04-16 13:49 <DIR> d-------- C:\DOCUME~1\THEODO~1\APPLIC~1\Lavasoft
2007-04-16 13:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-15 09:29 <DIR> d-------- C:\DOCUME~1\THEODO~1\APPLIC~1\iSproggler
2007-04-14 21:11 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-04-13 11:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Meetro
2007-04-13 09:09 <DIR> d-------- C:\DOCUME~1\THEODO~1\APPLIC~1\vlc
2007-04-08 07:01 208,896 --a------ C:\WINDOWS\system\lame_enc.dll
2007-04-06 18:48 <DIR> d-------- C:\DOCUME~1\THEODO~1\APPLIC~1\DivX
2007-03-27 03:55 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-03-27 03:55 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 03:55 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-03-27 03:55 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-03-27 03:49 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-03-27 03:49 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 03:49 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-03-27 03:49 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 03:49 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-03-27 03:49 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-03-27 03:49 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-03-27 03:49 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-03-27 03:48 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 03:48 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 03:48 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 03:48 639,066 --a------ C:\WINDOWS\system32\DivX.dll
2007-03-19 19:32 <DIR> d-------- C:\Program Files\iPod
2007-03-19 11:34 <DIR> d-------- C:\Program Files\Palm Inc
2007-03-19 11:20 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2007-03-19 11:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotSync
2007-03-19 11:19 <DIR> d-------- C:\DOCUME~1\THEODO~1\APPLIC~1\HotSync
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-18 12:01 -------- d-------- C:\DOCUME~1\THEODO~1\APPLIC~1\launchy
2007-04-17 00:27 -------- d-------- C:\DOCUME~1\THEODO~1\APPLIC~1\utorrent
2007-03-19 19:29 -------- d-------- C:\Program Files\apple software update
2007-03-19 11:19 16694 --a------ C:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-15 19:41 -------- d-------- C:\DOCUME~1\THEODO~1\APPLIC~1\smith micro
2007-03-15 01:30 1449 --a------ C:\WINDOWS\mozver.dat
2007-03-15 01:30 -------- d-------- C:\DOCUME~1\THEODO~1\APPLIC~1\sun
2007-03-15 01:29 -------- d-------- C:\Program Files\java
2007-03-15 01:28 -------- d-------- C:\Program Files\Common Files\java
2007-03-13 21:57 -------- d-------- C:\Program Files\Common Files\macrovision shared
2007-03-12 02:19 -------- d-------- C:\DOCUME~1\THEODO~1\APPLIC~1\gtk-2.0
2007-03-09 06:06 -------- d-------- C:\DOCUME~1\THEODO~1\APPLIC~1\apple computer
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-07 00:32 -------- d-------- C:\Program Files\quicktime
2007-03-06 23:31 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-06 17:13 -------- d-------- C:\DOCUME~1\THEODO~1\APPLIC~1\leadertech
2007-03-06 16:12 -------- d--h----- C:\Program Files\installshield installation information
2007-03-06 16:07 -------- d-------- C:\DOCUME~1\THEODO~1\APPLIC~1\windows desktop search
2007-03-06 16:05 -------- d-------- C:\Program Files\windows desktop search
2007-03-06 15:34 -------- d-------- C:\Program Files\msbuild
2007-03-06 15:34 -------- d-------- C:\Program Files\microsoft works
2007-03-06 15:32 -------- d-------- C:\Program Files\microsoft.net
2007-03-06 15:30 -------- d-------- C:\Program Files\microsoft visual studio 8
2007-03-06 15:20 -------- d-------- C:\Program Files\ltmoh
2007-03-06 06:40 -------- d-------- C:\Program Files\windows media connect 2
2007-03-06 06:35 -------- d-------- C:\Program Files\reference assemblies
2007-03-06 06:24 -------- d-------- C:\Program Files\Common Files\installshield
2007-03-06 05:35 -------- d-------- C:\Program Files\Common Files\network associates
2007-03-06 05:35 -------- d-------- C:\Program Files\Common Files\cisco systems
2007-03-06 05:23 -------- d-------- C:\Program Files\messenger
2007-03-06 05:21 -------- d-------- C:\Program Files\msxml 4.0
2007-03-06 05:11 -------- d-------- C:\Program Files\toshiba
2007-03-06 04:55 -------- d-------- C:\DOCUME~1\THEODO~1\APPLIC~1\toshiba
2007-03-06 04:43 21419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-03-06 04:43 -------- d-------- C:\DOCUME~1\THEODO~1\APPLIC~1\intel
2007-03-06 04:42 -------- d-------- C:\Program Files\intel
2007-03-06 04:29 -------- d-------- C:\Program Files\movie maker
2007-03-06 04:25 -------- d-------- C:\Program Files\windows nt
2007-03-06 04:12 0 -rahs---- C:\MSDOS.SYS
2007-03-06 04:12 0 -rahs---- C:\IO.SYS
2007-03-06 04:12 0 --a------ C:\CONFIG.SYS
2007-03-06 04:12 0 --a------ C:\AUTOEXEC.BAT
2007-03-06 04:12 -------- d-------- C:\Program Files\microsoft frontpage
2007-03-06 04:09 -------- d-------- C:\Program Files\Common Files\mssoap
2007-03-06 04:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-06 04:08 -------- d--h----- C:\Program Files\windowsupdate
2007-03-06 04:08 -------- d-------- C:\Program Files\online services
2007-03-06 04:07 -------- d-------- C:\Program Files\msn gaming zone
2007-03-05 23:01 -------- d-------- C:\Program Files\Common Files\speechengines
2007-03-05 23:01 -------- d-------- C:\Program Files\Common Files\odbc
2007-03-05 23:00 62 --ahs---- C:\DOCUME~1\THEODO~1\APPLIC~1\desktop.ini
2007-02-15 21:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-13 19:55 224256 --a------ C:\WINDOWS\system32\autofat.exe
2007-02-13 19:55 185344 --a------ C:\WINDOWS\system32\autontfs.exe
2007-02-05 16:43 1481728 --------- C:\WINDOWS\system32\mssrch.dll
2007-02-05 16:42 1504768 --------- C:\WINDOWS\system32\tquery.dll
2007-02-05 16:41 134656 --------- C:\WINDOWS\system32\uncdms.dll
2007-02-05 16:41 122368 --------- C:\WINDOWS\system32\uncph.dll
2007-02-05 16:41 108544 --------- C:\WINDOWS\system32\uncne.dll
2007-02-05 16:40 98304 --------- C:\WINDOWS\system32\unccplext.dll
2007-02-05 16:40 260096 --------- C:\WINDOWS\system32\oeph.dll
2007-02-05 16:36 52224 --------- C:\WINDOWS\system32\msstrc.dll
2007-02-05 16:36 27136 --------- C:\WINDOWS\system32\rtffilt.dll
2007-02-05 16:36 111104 --------- C:\WINDOWS\system32\xmlfilter.dll
2007-02-05 16:35 248320 --------- C:\WINDOWS\system32\msshsq.dll
2007-02-05 16:35 167424 --------- C:\WINDOWS\system32\mssphtb.dll
2007-02-05 16:34 300032 --------- C:\WINDOWS\system32\searchindexer.exe
2007-02-05 16:33 331776 --------- C:\WINDOWS\system32\mssph.dll
2007-02-05 16:32 65536 --------- C:\WINDOWS\system32\propdefs.dll
2007-02-05 16:32 182784 --------- C:\WINDOWS\system32\searchprotocolhost.exe
2007-02-05 16:31 76800 --------- C:\WINDOWS\system32\searchfilterhost.exe
2007-02-05 16:30 23552 --------- C:\WINDOWS\system32\msscb.dll
2007-02-05 16:29 98816 --------- C:\WINDOWS\system32\mssitlb.dll
2007-02-05 16:29 51200 --------- C:\WINDOWS\system32\msscntrs.dll
2007-02-05 16:29 255488 --------- C:\WINDOWS\system32\srchadmin.dll
2007-02-05 16:28 733696 --------- C:\WINDOWS\system32\propsys.dll
2007-02-05 16:28 32256 --------- C:\WINDOWS\system32\mssprxy.dll
2007-02-05 16:24 2048 --------- C:\WINDOWS\system32\uncres.dll
2007-02-05 16:24 11264 --------- C:\WINDOWS\system32\oephres.dll
2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-05 15:24 99999 --------- C:\WINDOWS\system32\structuredqueryschema.bin
2007-02-05 15:24 18271 --------- C:\WINDOWS\system32\structuredqueryschematrivial.bin
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1A4F9D2D-CE42-424D-B43E-4B8DB3E1CDD3} C:\WINDOWS\system32\cbabb.dll [x]
{53707962-6F74-2D53-2644-206D7942484F} E:\spybot\SDHelper.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} E:\MICROS~1\Office12\GRA8E1~1.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{D4BFB257-D51A-42D1-A6EE-1EF55A93F884} C:\WINDOWS\system32\jkheb.dll [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"NVRotateSysTray"="rundll32.exe C:\\WINDOWS\\System32\\nvsysrot.dll,Enable"
"00THotkey"="C:\\WINDOWS\\system32\\00THotkey.exe"
"000StTHK"="000StTHK.exe"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"TFNF5"="TFNF5.exe"
"TMESRV.EXE"="e:\\toshiba\\tme3\\TMESRV31.EXE /Logon"
"TMERzCtl.EXE"="e:\\toshiba\\tme3\\TMERzCtl.EXE /Service"
"TMESBS.EXE"="e:\\toshiba\\tme3\\TMESBS32.EXE /Client"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"TPSMain"="TPSMain.exe"
"ShStatEXE"="\"E:\\mcafee\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"E:\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\""
"AGRSMMSG"="AGRSMMSG.exe"
"Windows Defender"="\"E:\\windows defender\\MSASCui.exe\" -hide"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=hex:00,00,00,00
"NoRecentDocsMenu"=hex:01,00,00,00
"NoLowDiskSpaceChecks"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Theodore Golden^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
"path"="C:\\Documents and Settings\\Theodore Golden\\Start Menu\\Programs\\Startup\\OneNote 2007 Screen Clipper and Launcher.lnk"
"backup"="C:\\WINDOWS\\pss\\OneNote 2007 Screen Clipper and Launcher.lnkStartup"
"location"="Startup"
"command"="E:\\MICROS~1\\Office12\\ONENOTEM.EXE /tsr"
"item"="OneNote 2007 Screen Clipper and Launcher"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Theodore Golden^Start Menu^Programs^Startup^palmOne Registration.lnk]
"path"="C:\\Documents and Settings\\Theodore Golden\\Start Menu\\Programs\\Startup\\palmOne Registration.lnk"
"backup"="C:\\WINDOWS\\pss\\palmOne Registration.lnkStartup"
"location"="Startup"
"command"="E:\\palmOne\\register.exe /remind /language=EN /INTL=\"true\" /_NBL=\"true\" /PRNM=\"palmOne\""
"item"="palmOne Registration"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acrotray"
"hkey"="HKLM"
"command"="\"E:\\adobe\\acrobat\\Acrobat\\Acrotray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"E:\\microsoft office\\Office12\\GrooveMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"E:\\itunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ENTDRV51
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-18 12:06:32
C:\ComboFix-quarantined-files.txt ... 07-04-18 12:06
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 7:11:30 AM 4/17/2007
Listing files found while scanning....
C:\WINDOWS\system32\hghkj.bak2
C:\WINDOWS\system32\hghkj.ini
C:\WINDOWS\system32\hghkj.ini2
C:\WINDOWS\system32\hghkj.tmp
C:\WINDOWS\system32\jkhgh.dll
C:\WINDOWS\system32\mdckrtwq.dll
C:\WINDOWS\system32\wrxhbwga.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\hghkj.bak2
C:\WINDOWS\system32\hghkj.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hghkj.ini
C:\WINDOWS\system32\hghkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hghkj.ini2
C:\WINDOWS\system32\hghkj.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hghkj.tmp
C:\WINDOWS\system32\hghkj.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhgh.dll
C:\WINDOWS\system32\jkhgh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mdckrtwq.dll
C:\WINDOWS\system32\mdckrtwq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wrxhbwga.dll
C:\WINDOWS\system32\wrxhbwga.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 4:27:45 PM 4/17/2007
Listing files found while scanning....
C:\WINDOWS\system32\cdfii.bak1
C:\WINDOWS\system32\cdfii.ini
C:\WINDOWS\system32\iifdc.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cdfii.bak1
C:\WINDOWS\system32\cdfii.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cdfii.ini
C:\WINDOWS\system32\cdfii.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifdc.dll
C:\WINDOWS\system32\iifdc.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 8:56:59 AM 4/18/2007
Listing files found while scanning....
C:\WINDOWS\system32\behkj.bak1
C:\WINDOWS\system32\behkj.ini
C:\WINDOWS\system32\jkheb.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\behkj.bak1
C:\WINDOWS\system32\behkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\behkj.ini
C:\WINDOWS\system32\behkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifebca.dll
C:\WINDOWS\system32\iifebca.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\jkheb.dll
C:\WINDOWS\system32\jkheb.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 9:32:35 AM 4/18/2007
Listing files found while scanning....
C:\WINDOWS\system32\bbabc.bak1
C:\WINDOWS\system32\bbabc.ini
C:\WINDOWS\system32\cbabb.dll
C:\WINDOWS\system32\mnadodns.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\bbabc.bak1
C:\WINDOWS\system32\bbabc.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bbabc.ini
C:\WINDOWS\system32\bbabc.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbabb.dll
C:\WINDOWS\system32\cbabb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifebca.dll
C:\WINDOWS\system32\iifebca.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mnadodns.dll
C:\WINDOWS\system32\mnadodns.dll Has been deleted!
Performing Repairs to the registry.
Done!
//////////
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:54:25 AM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\windows defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
e:\avg\spyware\guard.exe
E:\diskeeper\DkService.exe
E:\Common Framework\FrameworkService.exe
E:\mcafee\Mcshield.exe
E:\mcafee\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
e:\toshiba\tme3\Tmesbs32.exe
e:\toshiba\tme3\Tmesrv31.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TFNF5.exe
E:\toshiba\tme3\TMERzCtl.EXE
e:\toshiba\tme3\TMEEJME.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
E:\toshiba\tme3\TMESBS32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TPSMain.exe
E:\mcafee\SHSTAT.EXE
E:\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\AGRSMMSG.exe
E:\windows defender\MSASCui.exe
E:\avg\spyware\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
E:\palmOne\Hotsync.exe
E:\launchy\Launchy.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
E:\texter\texter.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
E:\hijackthis\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A4F9D2D-CE42-424D-B43E-4B8DB3E1CDD3} - C:\WINDOWS\system32\cbabb.dll (file missing)
O2 - BHO: (no name) - {209B0D08-56E9-49BE-B4DD-A1DDF295F471} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\spybot\SDHelper.dll
O2 - BHO: (no name) - {6148028B-D532-4417-8C0B-5A4A0B745393} - C:\WINDOWS\system32\iifebca.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {9772CB6D-C750-423F-90FD-B20F76B16B54} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\adobe\acrobat\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D4BFB257-D51A-42D1-A6EE-1EF55A93F884} - C:\WINDOWS\system32\jkheb.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\adobe\acrobat\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\System32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TMESRV.EXE] e:\toshiba\tme3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] e:\toshiba\tme3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESBS.EXE] e:\toshiba\tme3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ShStatEXE] "E:\mcafee\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "E:\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Windows Defender] "E:\windows defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "e:\avg\spyware\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: hotsync.lnk = E:\palmOne\Hotsync.exe
O4 - Startup: Launchy.lnk = E:\launchy\Launchy.exe
O4 - Startup: PC Health.lnk = E:\toshiba\toshiba management console\TOSHealthLocalS.vbs
O4 - Startup: Texter.lnk = E:\texter\texter.exe
O4 - Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - User Startup: hotsync.lnk = E:\palmOne\Hotsync.exe
O4 - User Startup: Launchy.lnk = E:\launchy\Launchy.exe
O4 - User Startup: PC Health.lnk = E:\toshiba\toshiba management console\TOSHealthLocalS.vbs
O4 - User Startup: Texter.lnk = E:\texter\texter.exe
O4 - User Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: hotsync.lnk = E:\palmOne\Hotsync.exe
O4 - Global Startup: Launchy.lnk = E:\launchy\Launchy.exe
O4 - Global Startup: PC Health.lnk = E:\toshiba\toshiba management console\TOSHealthLocalS.vbs
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 3209803735
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gmgdomain.local
O17 - HKLM\Software\..\Telephony: DomainName = gmgdomain.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gmgdomain.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - e:\avg\spyware\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - E:\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - E:\mcafee\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - E:\mcafee\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - e:\toshiba\tme3\Tmesbs32.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - e:\toshiba\tme3\Tmesrv31.exe
--
End of file - 10399 bytes
//////
To view the AVG log, i uploaded it to a site, it seems unusually large to me:
http://www.blacksoxfan.com/files/avg.txt