When I attempted to install the Windows XP Recovery Console, I got an warning message that the windows version on my disk is older than what's installed on my computer, and I wasn't sure if I should proceed, so I haven't installed that yet. I am unable to download it from Microsoft because of the malware issues I'm here trying to correct. Please advise.
Here is the ComboFix log:ComboFix 09-01-21.04 - Mom 2009-01-29 17:13:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.70 [GMT -6:00]
Running from: c:\documents and settings\Mom\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: CA Personal Firewall *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system\oeminfo.ini
G:\autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
.
2009-01-29 14:46 . 2009-01-29 14:46 <DIR> d-------- c:\windows\LastGood
2009-01-26 19:41 . 2009-01-27 21:45 <DIR> d-------- c:\program files\Exterminate It!
2009-01-25 17:10 . 2009-01-25 17:10 <DIR> d-------- c:\program files\Avira
2009-01-25 17:10 . 2009-01-25 17:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-25 16:56 . 2009-01-25 16:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-11 16:31 . 2009-01-11 16:31 <DIR> d-------- c:\program files\Apple Software Update
2009-01-11 16:31 . 2009-01-11 16:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-05 16:33 . 2009-01-05 16:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-29 22:31 --------- d-----w c:\documents and settings\Mom\Application Data\mjusbsp
2009-01-29 20:43 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2009-01-29 20:43 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2009-01-29 20:43 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2009-01-29 20:43 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2009-01-29 20:43 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2009-01-29 20:43 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2009-01-29 20:43 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2009-01-29 20:43 104,982 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2009-01-27 02:12 --------- d-----w c:\documents and settings\Mom\Application Data\Registry Defender
2009-01-25 16:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-25 16:40 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-16 03:14 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-16 03:09 --------- d-----w c:\program files\CCleaner
2009-01-14 22:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 22:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-26 19:29 --------- d-----w c:\program files\Java
2008-12-26 00:44 --------- d-----w c:\documents and settings\Mom\Application Data\LimeWire
2008-12-23 19:20 222,816 ----a-w c:\documents and settings\Mom\Application Data\GDIPFONTCACHEV1.DAT
2008-12-02 02:54 --------- d-----w c:\documents and settings\Mom\Application Data\Malwarebytes
2008-12-02 02:54 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-01 00:24 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-01 00:23 --------- d-----w c:\documents and settings\Mom\Application Data\SystemRequirementsLab
2008-11-27 13:40 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-11-27 13:40 249,856 ------w c:\windows\Setup1.exe
2003-11-16 17:06 3,662,787 ----a-w c:\program files\spybotsd12.exe
2003-10-23 04:04 31,280 ----a-w c:\documents and settings\The Boy\Application Data\GDIPFONTCACHEV1.DAT
2002-03-08 02:39 4,278 -c--a-w c:\windows\inf\SETA.tmp
2002-03-08 02:39 4,278 -c--a-w c:\windows\inf\SET10.tmp
2009-01-27 21:16 27,976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-01-27 21:16 126,360 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-01-27 21:16 98,712 ----a-w c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Mom\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"Road Runner PhotoShow Media Manager"="c:\progra~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-06-22 357616]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 172032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"tgcmd"="c:\program files\support.com\bin\tgcmd.exe" [2005-10-18 1921024]
"HP Metrics"="c:\program files\HP\Personal Printing Solutions Product Research\HP Product Research.exe" [2003-06-24 360448]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 177416]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]
"SoundMan"="SOUNDMAN.EXE" [2002-09-26 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"ledpointer"="CNYHKey.exe" [2003-07-22 c:\windows\CNYHKey.exe]
"CHotkey"="mHotkey.exe" [2003-09-23 c:\windows\mHotkey.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [2000-06-19 22528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2008-05-16 86016]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 12:30 79368 c:\windows\system32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\
0sprestrt\
0sprestrt
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InetCntrl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QOELOADER
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Old_Data\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Java\\j2re1.4.1_02\\bin\\javaw.exe"=
"c:\\Program Files\\EA Games\\Need For Speed Underground\\Speed.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Nexon\\MapleStory\\Patcher.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\StubInstaller.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\update.exe"=
"c:\\Documents and Settings\\Mom\\Application Data\\mjusbsp\\magicJack.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-06-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-06-24 115216]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2007-05-03 8576]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-06-24 88816]
R4 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-06-24 134648]
R4 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-06-24 66576]
R4 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R4 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R4 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
S1 as6eio;as6eio;c:\windows\system32\drivers\as6eio.SYS --> c:\windows\system32\drivers\as6eio.SYS [?]
S4 mrtRate;mrtRate;c:\windows\system32\drivers\MRTRATE.SYS [2003-08-23 36404]
.
Contents of the 'Scheduled Tasks' folder
2009-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-01-17 c:\windows\Tasks\EasyShare Registration Task.job
- c:\docume~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.30.2.sxt _RegistrationOffer@16 []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKLM-Run-PCPitstop Optimize Registration Reminder - c:\program files\PCPitstop\Optimize\Reminder.exe
HKLM-Run-MUser - (no file)
Notify-WOW - (no file)
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/ig?hl=enuSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
hxxp://ms101.mysearch.com/sa/srchlft.htmluInternet Settings,ProxyOverride = localhost
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: download.com
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
DPF: ppctlcab -
hxxp://www.pestscan.com/scanner/ppctlcab.cabDPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} -
hxxp://sms.napster.com/client/plugin/npdownload.cabDPF: {D772BBC7-1F7A-40BD-BD0A-889F43341CA4} -
hxxps://www.send2fax.com/microsoft-offi ... ontrol.cabDPF: {FD9D0FC7-D96B-11D3-B9D5-00A0CC349308} -
hxxp://www.masterynet.net/masterynet/mtplayer.cabFF - ProfilePath - c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\1sqloxkx.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/ig?hl=en&source=iglkFF - component: c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\1sqloxkx.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\1sqloxkx.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-29 17:21:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\UmxWnp.Dll
.
Completion time: 2009-01-29 17:25:58
ComboFix-quarantined-files.txt 2009-01-29 23:25:53
Pre-Run: 130,759,708,672 bytes free
Post-Run: 131,471,802,368 bytes free
210 --- E O F --- 2009-01-27 20:14:35
Here is the HijackThis log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:31 PM, on 1/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Mom\Application Data\mjusbsp\magicJack.exe
C:\Documents and Settings\Mom\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ms101.mysearch.com/sa/srchlft.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [HP Metrics] C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe a
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Mom\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.download.com
O16 - DPF: ppctlcab -
http://www.pestscan.com/scanner/ppctlcab.cabO16 - DPF: Yahoo! Klondike Solitaire -
http://presence.games.yahoo.com/yog/y/ks12_x.cabO16 - DPF: Yahoo! Poker -
http://download.games.yahoo.com/games/c ... /pt3_x.cabO16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/c ... pote_x.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b28578.cabO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://www.activation.rr.com/install/do ... gctlcm.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?LinkID=39204O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) -
http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cabO16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) -
http://www.pestscan.com/scanner/axscanner.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by102fd.bay102.hotmail.msn.com/r ... nPUpld.cabO16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -
http://files.ea.com/downloads/rtpatch/v2/EARTPX.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 6442861500O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} -
http://mediaplayer.walmart.com/installer/install.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b28578.cabO16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} (Napster download control v2.0) -
http://sms.napster.com/client/plugin/npdownload.cabO16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) -
http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec.com/techsupp/asa/ctrl/SymAData.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {D772BBC7-1F7A-40BD-BD0A-889F43341CA4} (CmdInsReg Class) -
https://www.send2fax.com/microsoft-offi ... ontrol.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322O16 - DPF: {FD9D0FC7-D96B-11D3-B9D5-00A0CC349308} (mtplayer) -
http://www.masterynet.net/masterynet/mtplayer.cabO23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
--
End of file - 10776 bytes
I'm sure you'll notice that both AVG and Avira show up on the logs. I am no longer running AVG, but have been unable to completely delete it from my computer. I know there are instructions out there on how to kick it out manually, but I haven't got to it. Actually it was the inability of AVG to update automatically that first clued me into there being a problem on my computer, I just didn't realize right away that it was a malware problem.
Thanks for your assistance
.
Lori