DFW,
I will try to reply with logs and answers to questions and such in the order that I did them.
ComboFix Log:ComboFix 08-08-29.01 - Alex 2008-08-29 16:32:02.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2965 [GMT -4:00]
Running from: C:\Documents and Settings\Alex\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alex\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\McAfee
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Agent.ini
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\catalog.z
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Compiled.xml
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\AUENGINEMETA\AUEngineContentDetection.McS
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\ENCPTCNT6000\EceptCntDet.mcs
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\MPEMSBCK1000\MPEMSBCKDet.McS
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\MPEPRDCK1000\MPEPRDCKDet.McS
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\MPESVRUP1000\MPESVRUPDet.McS
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\MPEVIRCK1000\MPEVIRCKDet.McS
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\PATCHTMP1000\PatchTmpDet.McS
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\PATCHTMP2000\PatchTmpDet.McS
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\PUPDAT__1000\PUPDet.mcs
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\SPAMSAFE1000\SK_det.mcs
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VIRUSCAN8600\VSE850Det.McS
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000\SiteStat.xml
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000\V2datdet.mcs
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANENG1000\V2EngDet.mcs
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_A-L-E-X.log
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_A-L-E-X.xml
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_A-L-E-X_backup.log
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\FrameworkLog.xsl
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\PrdMgr_A-L-E-X.log
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\FrameworkManifest.xml
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\InstallMain.McS
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\McScript.bak
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\McScript.log
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Precompiled.xml
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Server.xml
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\serverDefault.xml
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\SiteList.xml
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\SiteMapList.xml
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\SiteStat.xml
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\SrPubKey.bin
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Task\{A14CD6FC-3BA8-4703-87BF-E3247CE382F5}.ini
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Task\TaskInternalData\{A14CD6FC-3BA8-4703-87BF-E3247CE382F5}.ini
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\UpdateHistory.ini
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\UpdateMain.McS
C:\Program Files\McAfee
C:\Program Files\McAfee\Common Framework\
0409\AgentRes.dll
C:\Program Files\McAfee\Common Framework\
0409\AgentRes64.dll
C:\Program Files\McAfee\Common Framework\
0409\CmaUIRes.dll
C:\Program Files\McAfee\Common Framework\
0409\ScrptRes.dll
C:\Program Files\McAfee\Common Framework\
0409\UpdRes.dll
C:\Program Files\McAfee\Common Framework\Agent.dll
C:\Program Files\McAfee\Common Framework\Agent64.dll
C:\Program Files\McAfee\Common Framework\AgentPlugin.dll
C:\Program Files\McAfee\Common Framework\applib.dll
C:\Program Files\McAfee\Common Framework\applib64.dll
C:\Program Files\McAfee\Common Framework\Cleanup.exe
C:\Program Files\McAfee\Common Framework\ClientUI.dll
C:\Program Files\McAfee\Common Framework\cmalib.dll
C:\Program Files\McAfee\Common Framework\cmalib64.dll
C:\Program Files\McAfee\Common Framework\CmdAgent.exe
C:\Program Files\McAfee\Common Framework\ComponentFrameworkCallback64.dll
C:\Program Files\McAfee\Common Framework\ComponentPolicyEnforcement64.dll
C:\Program Files\McAfee\Common Framework\ComponentSubSystem.dll
C:\Program Files\McAfee\Common Framework\ComponentSubSystem64.dll
C:\Program Files\McAfee\Common Framework\ComponentUserInterface.dll
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\Common Framework\FrmInst.exe
C:\Program Files\McAfee\Common Framework\FrmPlugin.dll
C:\Program Files\McAfee\Common Framework\GenEvtInf.dll
C:\Program Files\McAfee\Common Framework\GenEvtInf64.dll
C:\Program Files\McAfee\Common Framework\InternetManager.dll
C:\Program Files\McAfee\Common Framework\InternetManager64.dll
C:\Program Files\McAfee\Common Framework\JrMac.dll
C:\Program Files\McAfee\Common Framework\ListenServer.dll
C:\Program Files\McAfee\Common Framework\Logging.dll
C:\Program Files\McAfee\Common Framework\Logging64.dll
C:\Program Files\McAfee\Common Framework\Management.dll
C:\Program Files\McAfee\Common Framework\Management64.dll
C:\Program Files\McAfee\Common Framework\McScanCheck.exe
C:\Program Files\McAfee\Common Framework\McScript.exe
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\McAfee\Common Framework\mcurial.dll
C:\Program Files\McAfee\Common Framework\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
C:\Program Files\McAfee\Common Framework\Microsoft.VC80.CRT\msvcm80.dll
C:\Program Files\McAfee\Common Framework\Microsoft.VC80.CRT\msvcp80.dll
C:\Program Files\McAfee\Common Framework\Microsoft.VC80.CRT\msvcr80.dll
C:\Program Files\McAfee\Common Framework\msvcp71.dll
C:\Program Files\McAfee\Common Framework\msvcr71.dll
C:\Program Files\McAfee\Common Framework\naCmnLib64.dll
C:\Program Files\McAfee\Common Framework\naCmnLib71.dll
C:\Program Files\McAfee\Common Framework\nagshr32.dll
C:\Program Files\McAfee\Common Framework\naicrt32.dll
C:\Program Files\McAfee\Common Framework\nailog.dll
C:\Program Files\McAfee\Common Framework\nailog64.dll
C:\Program Files\McAfee\Common Framework\naInet.dll
C:\Program Files\McAfee\Common Framework\naInet64.dll
C:\Program Files\McAfee\Common Framework\naisign.dll
C:\Program Files\McAfee\Common Framework\naitcpp.dll
C:\Program Files\McAfee\Common Framework\naPolicyManager.dll
C:\Program Files\McAfee\Common Framework\naPolicyManager64.dll
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr64.exe
C:\Program Files\McAfee\Common Framework\naSPIPE.dll
C:\Program Files\McAfee\Common Framework\naSPIPE64.dll
C:\Program Files\McAfee\Common Framework\naXML64.dll
C:\Program Files\McAfee\Common Framework\naXML71.dll
C:\Program Files\McAfee\Common Framework\nmcomn32.dll
C:\Program Files\McAfee\Common Framework\patchw32.dll
C:\Program Files\McAfee\Common Framework\PcrPlug.dll
C:\Program Files\McAfee\Common Framework\PoEvtInf.dll
C:\Program Files\McAfee\Common Framework\Scheduler.dll
C:\Program Files\McAfee\Common Framework\Scheduler64.dll
C:\Program Files\McAfee\Common Framework\ScriptSubSys.dll
C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory.dll
C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory64.dll
C:\Program Files\McAfee\Common Framework\TCHelper.dll
C:\Program Files\McAfee\Common Framework\TCSubSys.dll
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\unicows.dll
C:\Program Files\McAfee\Common Framework\UpdateSubSys.dll
C:\Program Files\McAfee\Common Framework\UpdPlug.dll
C:\Program Files\McAfee\Common Framework\UserSpace.dll
C:\Program Files\McAfee\Common Framework\XMLWrap.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.
2008-08-20 00:27 . 2008-08-23 19:18 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-20 00:26 . 2008-08-29 15:17 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-20 00:26 . 2008-08-20 00:26 <DIR> d-------- C:\Program Files\AVG
2008-08-20 00:26 . 2008-08-20 00:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-20 00:26 . 2008-08-29 15:18 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-20 00:26 . 2008-08-20 00:26 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-15 00:59 . 2008-08-15 01:52 24 --a------ C:\Documents and Settings\Alex\jagex_runescape_preferences.dat
2008-08-12 08:30 . 2001-08-17 12:12 16,074 --a------ C:\WINDOWS\system32\drivers\FA312nd5.sys
2008-08-12 08:30 . 2001-08-17 12:12 16,074 --a--c--- C:\WINDOWS\system32\dllcache\fa312nd5.sys
2008-08-02 01:55 . 2008-08-02 01:55 <DIR> d-------- C:\Program Files\iTunes
2008-08-02 01:54 . 2008-08-02 01:54 <DIR> d-------- C:\Program Files\Bonjour
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 19:34 --------- d-----w C:\Program Files\World of Warcraft
2008-08-27 19:10 --------- d-----w C:\Program Files\Viewpoint
2008-08-15 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-02 05:55 --------- d-----w C:\Program Files\iPod
2008-07-24 02:56 --------- d-----w C:\Program Files\Diablo II
2008-07-23 00:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-20 00:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-20 00:39 --------- d-----w C:\Program Files\RivaTuner v2.09
2008-07-20 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-07-20 00:26 --------- d-----w C:\Program Files\ATI Technologies
2008-07-20 00:02 --------- d-----w C:\Documents and Settings\Alex\Application Data\U3
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-13 20:30 --------- d-----w C:\Program Files\Apple Software Update
2008-07-13 05:13 --------- d-----w C:\Program Files\QuickTime
2008-07-10 02:31 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-07 20:06 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:28 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:12 667,136 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:36 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:22 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-03 01:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-09-27 02:16 87,608 ----a-w C:\Documents and Settings\Alex\Application Data\ezpinst.exe
2007-09-27 02:16 47,360 ----a-w C:\Documents and Settings\Alex\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((( snapshot@2008-08-27_15.53.58.04 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 09:34 868352]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 15:18 1235736]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]
[HKLM\~\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Alex\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Alex\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk
backup=C:\WINDOWS\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-01-21 12:17 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Documents and Settings\\Alex\\My Documents\\Downloads\\Downthemall Destination\\WoW-enGB-Installer-downloader.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Dungeon Siege II\\DungeonSiege2.exe"=
"C:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Octoshape Streaming Services\\Alex\\OctoshapeClient.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 15:18]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 15:18]
R3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 12:12]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc640c72-2912-11dc-b257-001bfc01650d}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-07-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-08-29 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-29 16:32:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\DOCUME~1\Alex\LOCALS~1\Temp\RGI12.tmp
scan completed successfully
hidden files: 1
**************************************************************************
.
Completion time: 2008-08-29 16:33:18
ComboFix-quarantined-files.txt 2008-08-29 20:33:16
ComboFix2.txt 2008-08-27 19:54:13
Pre-Run: 181,240,926,208 bytes free
Post-Run: 181,216,194,560 bytes free
288 --- E O F --- 2008-08-29 19:15:03
Updates:-Removed all five programs listed.
-Rebooted
-Deleted the following folders from my program files: Viewpoint
and Spybot S+D, there was no Ad-Aware folder.
-Downloaded and installed the following programs: Java, Spybot S+D (which I updated, backed my registry, immunized,
and scanned after installing, the scan came up clean), and Malwarebytes' Anti-Malware.
-Went with your advice and did not get Ad-Aware again.
-Updated and scanned with Malwarebytes'
Scan Log:Malwarebytes' Anti-Malware 1.25
Database version: 1096
Windows 5.1.2600 Service Pack 2
6:32:55 PM 8/29/2008
mbam-log-08-29-2008 (18-32-55).txt
Scan type: Full Scan (C:\|I:\|)
Objects scanned: 93291
Time elapsed: 32 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\PIF (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Alex\My Documents\Downloads\Downloaded Programs\Macromedia Studio MX 2004\Director MX\Keygen\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5539369C-C3CE-46CD-BDBA-E390C3E41224}\RP313\A0035432.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
I:\Torrents\Sony Vegas 7 + DVD Architect 4\Vegas 7.0a\Sony Vegas v7.0a Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Torrents\Sony Vegas 7 + DVD Architect 4\DVD Architect 4.0.125\Sony DVD Architect v4.0 Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
New HJT Log:Logfile of HijackThis v1.99.1
Scan saved at 6:43:47 PM, on 8/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
And that's about it. Can't wait for your next reply!
-
Unfortunatesoul