Thanks for the help. It is appreciated.
Joe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:24 PM, on 4/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\MOMAND~1\AppData\Local\Temp\xXpMDusP.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\MOMAND~1\AppData\Local\Temp\pmnKCrrp.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - file:///E:/win/setup/iaieplay.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 11446 bytes
ComboFix 08-04-14.2 - Mom and Dad 2008-04-15 7:22:24.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1240 [GMT -7:00]
Running from: C:\Users\Mom and Dad\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
2008-04-11 19:05 . 2008-04-11 19:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-10 03:02 . 2008-04-10 03:02 197 --a------ C:\Windows\System32\MRT.INI
2008-04-09 17:16 . 2008-04-09 17:16 <DIR> d-------- C:\Users\All Users\xixuxcdk
2008-04-09 17:16 . 2008-04-09 17:16 <DIR> d-------- C:\Users\All Users\kdveettg
2008-04-09 17:16 . 2008-04-09 17:16 <DIR> d-------- C:\ProgramData\xixuxcdk
2008-04-09 17:16 . 2008-04-09 17:16 <DIR> d-------- C:\ProgramData\kdveettg
2008-04-09 13:16 . 2008-02-14 16:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 13:16 . 2008-02-18 22:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 13:16 . 2008-02-28 23:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 13:16 . 2008-02-28 23:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 13:16 . 2008-02-28 23:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 13:16 . 2008-02-28 23:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 13:16 . 2008-02-28 23:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 13:16 . 2008-02-28 23:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-09 13:16 . 2008-02-28 23:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-03-30 18:44 . 2008-03-30 19:12 <DIR> d-------- C:\Users\Mom and Dad\AppData\Roaming\My Battle for Middle-earth Files
2008-03-30 18:25 . 2008-03-30 18:25 <DIR> d-------- C:\Program Files\EA GAMES
2008-03-25 18:17 . 2008-03-25 18:17 0 --a------ C:\Windows\I531_109.INI
2008-03-25 17:45 . 2008-03-25 17:45 <DIR> d-------- C:\Users\All Users\Citrix
2008-03-25 17:45 . 2008-03-25 17:45 <DIR> d-------- C:\ProgramData\Citrix
2008-03-25 17:44 . 2008-03-25 17:44 <DIR> d-------- C:\Program Files\Citrix
2008-03-25 17:44 . 2008-03-25 17:44 60,968 --a------ C:\Users\Mom and Dad\GoToAssistDownloadHelper.exe
2008-03-15 07:53 . 2008-03-15 07:54 <DIR> d-------- C:\Program Files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 16:33 --------- d-----w C:\Program Files\Common Files\Real
2008-04-14 03:25 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-14 02:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-14 02:21 --------- d-----w C:\Program Files\BAE
2008-04-14 02:20 --------- d-----w C:\Program Files\Windows Mail
2008-04-14 02:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-14 02:20 --------- d-----w C:\Program Files\Picasa2
2008-04-14 02:20 --------- d-----w C:\Program Files\Microsoft Works
2008-04-14 02:20 --------- d-----w C:\Program Files\Google
2008-04-12 14:28 --------- d-----w C:\Program Files\Warcraft III
2008-04-07 02:09 --------- d-----w C:\ProgramData\Symantec
2008-04-05 00:28 --------- d-----w C:\Program Files\World of Warcraft
2008-03-26 00:58 --------- d-----w C:\ProgramData\NVIDIA
2008-03-17 03:20 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-12 15:02 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-03-11 03:52 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-03-11 03:52 --------- d-----w C:\Program Files\Real
2008-03-10 23:11 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-09 06:06 --------- d-----w C:\ProgramData\AOL
2008-03-09 06:03 --------- d-----w C:\ProgramData\PopCap Games
2008-03-09 05:56 --------- d---a-w C:\ProgramData\TEMP
2008-03-09 04:56 --------- d-----w C:\Users\Mom and Dad\AppData\Roaming\iWin
2008-03-07 20:40 13,035 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-03-07 20:40 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-03-07 20:39 39,984 ----a-w C:\Windows\system32\drivers\symids.sys
2008-03-07 20:39 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-03-07 20:39 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-03-07 20:39 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-03-07 20:39 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-03-07 20:39 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-03-07 04:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-07 04:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-07 04:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-03-04 03:12 302 ----a-w C:\Users\Ozzey\AppData\Roaming\wklnhst.dat
2008-03-04 02:05 --------- d-----w C:\Users\Ozzey\AppData\Roaming\Template
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-26 06:06 --------- d-----w C:\ProgramData\Dell
2008-02-25 15:24 --------- d-----w C:\Program Files\QuickTime
2008-02-21 16:40 --------- d-----w C:\Program Files\Mattel Interactive
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 16:07 --------- d--h--w C:\Users\Ozzey\AppData\Roaming\GTek
2008-02-18 23:37 --------- d-----w C:\Users\Mom and Dad\AppData\Roaming\Intuit
2008-02-18 23:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 23:23 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-02-18 23:20 --------- d-----w C:\Program Files\TurboTax
2008-02-18 22:51 --------- d-----w C:\Program Files\ItsDeductible2006
2008-02-18 22:49 --------- d-----w C:\ProgramData\Intuit
2008-02-18 22:49 --------- d-----w C:\Program Files\Common Files\Intuit
2008-02-18 22:48 --------- d-----w C:\Users\Mom and Dad\AppData\Roaming\InstallShield
2008-02-15 05:36 691,545 ----a-w C:\Windows\unins000.exe
2008-02-14 05:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 05:08 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 05:08 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 05:07 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 05:07 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 05:07 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 05:07 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 05:07 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 05:07 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 05:07 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 05:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 05:07 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 05:07 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-01-18 16:01 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-11-07 06:57 214 ----a-w C:\Users\Mom and Dad\AppData\Roaming\wklnhst.dat
2007-09-08 04:14 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 14:18 443968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-30 15:03 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-15 06:32 4390912 C:\Windows\RtHDVCpl.exe]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 07:14 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-10 23:00 90112]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 09:37 81920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 03:20 17920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-30 07:47 1862144]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 19:27 291760]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 08:19 20480]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 19:05 116328]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19 69632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-17 01:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-17 01:07 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-17 01:07 81920]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-11 11:31:50 323646]
MiniMavis.lnk - C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe [2007-10-23 20:23:42 2392064]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-11 11:32:22 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9FD98B5A-97BB-400A-B928-A43961B6EA08}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F9F777BB-B15D-4CFE-9EA3-28316E794882}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2672F31B-612B-4C77-881E-51016934477D}"= UDP:C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:The Battle for Middle-earth (tm)
"{96BA00AC-40C3-44E3-BF87-06EB7E383251}"= TCP:C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:The Battle for Middle-earth (tm)
"{3D13F489-78A7-42EF-AE77-B0882A60F597}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{2E60C09B-7A7E-4CF9-A998-D866BF75CC46}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{74831709-51E1-4920-9808-429278A18BCF}"= UDP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{A37151D1-C3E1-45B4-A29F-05789DBAAE5D}"= TCP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{8417241E-9196-421F-B222-F4DAB40F31F8}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{646232F6-DBAB-49D4-A1DF-0B9196447A1F}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{F63B1F1A-98B5-43B0-B2EE-BA79BC8E4D11}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{C6C9636B-0133-4A59-88CD-D8711F314EB1}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{51C981C0-C0F5-4235-A522-7601FB34D818}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:
"{A0D11BCD-0DFD-4896-B52D-5F195A46DB63}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:
"{ED1094A3-5853-451A-B83D-203007A2A0C8}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{F2942955-01FD-4753-9D06-A8953B62D371}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{5C96D0DF-4196-4DB5-AB1F-306408366245}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxddjswx.exe:
"{A9E9713D-01AA-4794-8A3F-A42260E949C8}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxddjswx.exe:
"{38A29112-580C-4915-8163-8C43C7F460FE}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{CD2F7D17-DBD5-4A18-A7FD-43F490D1CF43}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{6D62AB23-5988-44BB-8A83-DEF481E8FE98}"= UDP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{B9B09BE8-66A7-4795-8CBC-D7B1208EDC5E}"= TCP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{04360B4B-4715-48DA-A753-A0BB1CC6FAB8}"= Disabled:UDP:135:TCP Port 135
"{AF40582E-F9F8-4D22-9300-495EE78B6FF1}"= Disabled:UDP:5000:TCP Port 5000
"{399091ED-22D7-4EBA-BD4D-B4DCEAE44966}"= Disabled:UDP:5001:TCP Port 5001
"{6E2D7DD3-4295-478D-9EBA-18CB417AB0FA}"= Disabled:UDP:5002:TCP Port 5002
"{F7268DA8-599D-4C88-954B-ADED5FAC958A}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:
"{1CE9937D-9584-481F-9E8E-0FA7A218ACF0}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:
"{6CEEA929-E93F-4C03-B9DB-10EF31E916A7}"= Disabled:UDP:5003:TCP Port 5003
"{0C4DCA74-CADF-4077-8DF0-81769EF32CE3}"= Disabled:UDP:5004:TCP Port 5004
"{2343E450-9C4B-492B-A6F2-FD3DEDB96909}"= Disabled:UDP:5005:TCP Port 5005
"{7AD4D3F3-4249-4F91-9381-20684808089B}"= Disabled:UDP:5006:TCP Port 5006
"{3FF029FD-8EA7-4928-A27E-1E19966BFAD0}"= Disabled:UDP:5007:TCP Port 5007
"{A9E3BCC4-18D6-491C-9102-045422B7824A}"= Disabled:UDP:5008:TCP Port 5008
"{6ED15F2D-91CE-42F6-AEA0-0B142325E7B0}"= Disabled:UDP:5009:TCP Port 5009
"{AD17CBAE-EF3C-4D04-B83D-FD758F6F51B8}"= Disabled:UDP:5010:TCP Port 5010
"{977B4691-7270-47A6-8803-9F1B083493A9}"= Disabled:UDP:5011:TCP Port 5011
"{E73A60E6-AF42-460B-8D3F-91736BF00A4C}"= Disabled:UDP:5012:TCP Port 5012
"{3025F9CE-C612-4C09-95B2-213AE943DBED}"= Disabled:UDP:5013:TCP Port 5013
"{491A12F0-ED30-480A-B2F1-1CCA192C3C97}"= Disabled:UDP:5014:TCP Port 5014
"{298D07DD-DBFA-47EA-A177-B37A12C36BFB}"= Disabled:UDP:5015:TCP Port 5015
"{62375CCE-C0D9-4C00-86A7-A401D1527613}"= Disabled:UDP:5016:TCP Port 5016
"{7E0D466B-C74E-409C-8A13-707C484E75FA}"= Disabled:UDP:5017:TCP Port 5017
"{4C804FB5-FAA5-4B1B-A884-A14F3E008653}"= Disabled:UDP:5018:TCP Port 5018
"{DB9934E0-AE62-4951-946E-345ECE0B691C}"= Disabled:UDP:5019:TCP Port 5019
"{65960E22-8384-46F5-8130-B2491F04879F}"= Disabled:UDP:5020:TCP Port 5020
"{64316F8A-BA58-4BBF-9D0B-1165D30A0F17}"= UDP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{7F3EC77F-FAB8-4A40-8611-5BD657EF0CC7}"= TCP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{877B2EE3-F8FE-476E-9ED5-9DFDFAA82F59}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2863CE41-DF11-47C0-9EBC-CCD9FD00A5B2}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8CFE7A64-6AE2-4EE2-BDF8-4E5191BDCE55}"= UDP:C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:TurboTax
"{64EFBD9F-EA37-4FC9-B79C-6DCD848694E2}"= TCP:C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:TurboTax
"{9276DE8B-759C-4103-8B68-EED4DCDB06E0}"= UDP:C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{2BAAD01A-9BB4-46A1-8894-26BF92DB1E20}"= TCP:C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:TurboTax Update Manager
"TCP Query User{1B980DA3-337B-492B-85FD-E42B2ADDDB17}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{A6ADC4AF-DF50-40B3-AC13-6EA610B197CD}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"TCP Query User{F4D58C5C-5ED7-458B-B555-FD867B623483}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{74639D21-6703-43BB-82B2-E85B981E9361}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"{63B9D7CE-6D2B-483C-B0C9-284FB6477E71}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{F4BE3D9A-EA81-46DE-9234-2C944883A6F7}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{B64DD169-9720-4E2D-ADE9-E3FD78B3AE14}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{8FCFB2EF-F9E2-410B-85BB-59509280DD40}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 AFS;AFS;C:\Windows\system32\drivers\AFS.sys [2008-01-28 19:44]
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [2008-02-13 09:18]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe [2007-05-25 09:41]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 00:30]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 09:41]
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service []
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 00:36]
S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-03-23 04:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a872652-5702-11dc-a663-806e6f6e6963}]
\shell\AutoRun\command - E:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a872653-5702-11dc-a663-806e6f6e6963}]
\shell\AutoRun\command - F:\autoplay.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 06:06:40 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mom and Dad.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-15 07:27:49
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
-> ?:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
.
Completion time: 2008-04-15 7:28:54
ComboFix-quarantined-files.txt 2008-04-15 14:28:41
Pre-Run: 221,907,300,352 bytes free
Post-Run: 222,598,471,680 bytes free
.
2008-04-10 10:05:07 --- E O F ---