Here is the Combo Fix:
ComboFix 08-01-23.2 - USER 2008-01-23 11:14:19.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.171 [GMT -5:00]
Running from: C:\Documents and Settings\USER\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\USER\Application Data\macromedia\Flash Player\#SharedObjects\SJMPA9PC\www.broadcaster.com
C:\Documents and Settings\USER\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\USER\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\crosof~1
C:\Program Files\Common Files\crosof~1\??crosoft\
C:\Program Files\outerinfo
C:\WINDOWS\system32\dqn.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\qpqru.ini
C:\WINDOWS\SYSTEM32\qpqru.ini2
.
((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.
2008-01-23 11:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 11:07 . 2008-01-23 11:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-21 10:25 . 2008-01-21 10:25 <DIR> d-------- C:\VundoFix Backups
2008-01-20 11:23 . 2008-01-20 11:23 <DIR> d-------- C:\Program Files\Network Associates
2008-01-19 21:04 . 2008-01-19 21:04 <DIR> d-------- C:\Program Files\InCode Solutions
2008-01-19 19:02 . 2008-01-19 19:02 <DIR> d-------- C:\WINDOWS\SYSTEM32\àppPatch
2008-01-19 19:02 . 2008-01-19 19:02 <DIR> d-------- C:\Temp\gTiis19
2008-01-19 19:01 . 2008-01-19 19:02 <DIR> d-------- C:\WINDOWS\SYSTEM32\nGpxx01
2008-01-19 19:01 . 2008-01-19 19:01 <DIR> d-------- C:\Temp\cXzz9
2008-01-19 19:01 . 2008-01-19 19:01 <DIR> d-------- C:\Temp
2008-01-18 12:23 . 2008-01-18 12:50 9,662 --a------ C:\WINDOWS\EPISME00.SWB
2008-01-18 12:18 . 2004-11-24 23:07 79,679 --a------ C:\WINDOWS\SYSTEM32\E_FLMAEA.DLL
2008-01-18 12:18 . 2003-05-20 21:27 64,000 --a------ C:\WINDOWS\SYSTEM32\E_FBCBAEA.DLL
2008-01-18 12:18 . 2000-06-06 20:01 34,304 --a------ C:\WINDOWS\SYSTEM32\E_FBCHAEA.DLL
2008-01-18 12:18 . 2001-08-17 14:03 24,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2008-01-18 12:18 . 2001-08-17 14:03 24,960 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbccgp.sys
2008-01-18 12:18 . 2001-08-17 14:00 24,832 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
2008-01-18 12:18 . 2001-08-17 14:00 24,832 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbprint.sys
2008-01-18 12:18 . 2001-08-17 13:53 13,824 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2008-01-18 12:18 . 2001-08-17 13:53 13,824 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbscan.sys
2008-01-18 12:17 . 2005-02-25 00:00 46,080 --a------ C:\WINDOWS\SYSTEM32\escimgd.dll
2008-01-18 12:17 . 2005-02-25 00:00 29,696 --a------ C:\WINDOWS\SYSTEM32\escwiad.dll
2008-01-18 12:17 . 2005-02-25 00:00 22,016 --a------ C:\WINDOWS\SYSTEM32\esccmd.dll
2008-01-18 11:32 . 2008-01-18 11:32 <DIR> d-------- C:\Program Files\MGI
2008-01-18 11:32 . 1998-08-15 16:07 2 --a------ C:\WINDOWS\PhotoSuite.ini
2008-01-17 15:44 . 2008-01-17 15:44 <DIR> d-------- C:\Program Files\Coupons
2008-01-17 15:44 . 2008-01-17 15:44 193,880 -rah----- C:\WINDOWS\SYSTEM32\cpnprt2.cid
2008-01-10 15:43 . 2008-01-10 15:43 <DIR> d-------- C:\Program Files\eMule
2008-01-05 15:25 . 2002-08-25 11:00 449,888 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\Cap7134.sys
2008-01-05 15:25 . 2002-01-31 16:50 90,112 -ra------ C:\WINDOWS\SYSTEM32\34dialog.dll
2008-01-05 15:25 . 2002-01-31 16:50 73,728 -ra------ C:\WINDOWS\SYSTEM32\34dd.dll
2008-01-05 15:25 . 2002-06-19 11:00 32,768 -ra------ C:\WINDOWS\SYSTEM32\Prop7134.dll
2008-01-05 14:13 . 2002-11-14 14:42 218,624 --a------ C:\WINDOWS\SYSTEM32\srrstr.dll
2008-01-05 14:13 . 2002-11-14 14:42 218,624 --a------ C:\WINDOWS\SYSTEM32\dllcache\srrstr.dll
2008-01-05 14:11 . 2008-01-05 14:11 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-05 14:08 . 2008-01-05 14:08 <DIR> d--h----- C:\WINDOWS\$xpsp1hfm$
2008-01-05 14:08 . 2004-01-10 00:11 26,112 --a------ C:\WINDOWS\SYSTEM32\xpsp1hfm.exe
2008-01-04 22:53 . 2008-01-04 22:53 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2008-01-04 22:52 . 2004-07-01 17:08 361,984 --a------ C:\WINDOWS\SYSTEM32\dllcache\qmgr.dll
2008-01-04 22:52 . 2004-07-01 17:08 331,776 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2008-01-04 22:52 . 2004-06-30 18:59 158,720 --------- C:\WINDOWS\SYSTEM32\xpob2res.dll
2008-01-04 22:52 . 2004-07-01 17:08 17,408 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2008-01-04 22:52 . 2004-07-01 17:08 17,408 --a------ C:\WINDOWS\SYSTEM32\dllcache\qmgrprxy.dll
2008-01-04 22:52 . 2004-07-01 17:08 7,680 --------- C:\WINDOWS\SYSTEM32\dllcache\bitsprx2.dll
2008-01-04 22:52 . 2004-07-01 17:08 7,680 --------- C:\WINDOWS\SYSTEM32\bitsprx2.dll
2008-01-04 22:52 . 2004-07-01 17:08 7,168 --------- C:\WINDOWS\SYSTEM32\dllcache\bitsprx3.dll
2008-01-04 22:52 . 2004-07-01 17:08 7,168 --------- C:\WINDOWS\SYSTEM32\bitsprx3.dll
2008-01-04 22:50 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2008-01-04 22:50 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2008-01-04 22:50 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl
2008-01-04 22:50 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2008-01-04 22:50 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll.mui
2008-01-04 22:50 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2008-01-04 22:50 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl.mui
2008-01-04 22:50 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll.mui
2008-01-04 22:50 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll.mui
2008-01-03 14:56 . 2008-01-03 14:56 <DIR> d-------- C:\Program Files\GPLGS
2008-01-03 14:55 . 2007-07-12 22:33 87,552 --a------ C:\WINDOWS\SYSTEM32\cpwmon2k.dll
2008-01-03 13:21 . 2008-01-03 13:21 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-02 18:52 . 2008-01-02 18:52 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-01-02 18:52 . 2007-07-27 03:26 37,768 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\OLD200.tmp
2008-01-02 18:52 . 2001-08-17 14:03 30,208 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wceusbsh.sys
2008-01-02 18:52 . 2001-08-17 14:03 30,208 --a------ C:\WINDOWS\SYSTEM32\dllcache\wceusbsh.sys
2008-01-01 20:46 . 2008-01-01 20:46 <DIR> d-------- C:\Program Files\Viewpoint
2008-01-01 20:45 . 2008-01-01 20:45 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-01-01 20:45 . 2008-01-01 20:47 425 --ah----- C:\IPH.PH
2008-01-01 12:26 . 2008-01-01 12:26 <DIR> d--hs---- C:\Recycled
2008-01-01 11:30 . 2008-01-01 11:30 45,056 --ahs---- C:\Thumbs.db
2007-12-31 16:15 . 2007-12-31 16:16 <DIR> d-------- C:\Program Files\XXCLONE
2007-12-31 11:09 . 2002-01-31 16:50 90,112 --------- C:\WINDOWS\SYSTEM32\34COM.dll
2007-12-31 09:41 . 2001-04-09 23:11 79,998 --a------ C:\WINDOWS\SYSTEM32\atmenuxx.hlp
2007-12-31 09:41 . 2007-12-31 09:48 10,842 --ah----- C:\WINDOWS\SYSTEM32\ATMenuxx.GID
2007-12-31 09:38 . 2007-12-31 09:38 <DIR> d-------- C:\ATI
2007-12-30 17:11 . 2007-12-30 17:11 <DIR> d-------- C:\EPSONREG
2007-12-30 17:11 . 2007-12-30 17:11 196 --a------ C:\WINDOWS\PowerReg.dat
2007-12-30 17:09 . 2001-03-04 21:15 61,598 --a------ C:\WINDOWS\SYSTEM32\E_SL2354.DLL
2007-12-30 17:09 . 2000-06-06 20:01 34,304 --a------ C:\WINDOWS\SYSTEM32\EBPCHP.DLL
2007-12-30 17:09 . 2000-06-25 21:20 32,768 --a------ C:\WINDOWS\SYSTEM32\ECBTEG.DLL
2007-12-30 17:08 . 2007-12-30 17:08 23 --a------ C:\WINDOWS\EPS820.ini
2007-12-30 14:51 . 2001-08-17 14:03 21,760 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbstor.sys
2007-12-30 14:24 . 2007-12-30 14:24 <DIR> d---s---- C:\WINDOWS\SYSTEM32\Microsoft
2007-12-30 14:23 . 2007-12-30 14:23 20,480 --a------ C:\WINDOWS\REGCARDS.OLD
2007-12-30 14:19 . 2007-12-30 14:19 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2007-12-30 14:14 . 2001-08-18 07:00 684,081 --a------ C:\WINDOWS\SYSTEM32\dllcache\pintlgnt.ime
2007-12-30 14:13 . 2001-08-18 07:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\dllcache\msir3jp.lex
2007-12-30 14:12 . 2001-08-18 07:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll
2007-12-30 14:11 . 2001-08-18 07:00 10,096,640 --a------ C:\WINDOWS\SYSTEM32\dllcache\hwxcht.dll
2007-12-30 14:10 . 2001-08-17 22:36 2,134,528 --a------ C:\WINDOWS\SYSTEM32\dllcache\EXCH_smtpsnap.dll
2007-12-30 14:09 . 2007-12-30 14:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\xircom
2007-12-30 14:09 . 2001-08-18 07:00 264,704 --a------ C:\WINDOWS\SYSTEM32\dllcache\certwiz.ocx
2007-12-30 14:09 . 2001-08-18 07:00 249,344 --a------ C:\WINDOWS\SYSTEM32\dllcache\adsiis51.dll
2007-12-30 14:09 . 2001-08-18 07:00 94,720 --a------ C:\WINDOWS\SYSTEM32\dllcache\certmap.ocx
2007-12-30 14:09 . 2001-08-18 07:00 34,816 --a------ C:\WINDOWS\SYSTEM32\dllcache\admwprox.dll
2007-12-30 14:09 . 2001-05-22 21:15 20,540 --a------ C:\WINDOWS\SYSTEM32\dllcache\author.dll
2007-12-30 14:09 . 2001-05-22 21:15 20,540 --a------ C:\WINDOWS\SYSTEM32\dllcache\admin.dll
2007-12-30 14:09 . 2001-05-22 21:15 16,439 --a------ C:\WINDOWS\SYSTEM32\dllcache\author.exe
2007-12-30 14:09 . 2001-05-22 21:15 16,439 --a------ C:\WINDOWS\SYSTEM32\dllcache\admin.exe
2007-12-30 14:08 . 2007-12-30 14:08 5,050 --a------ C:\WINDOWS\LnkStub.dat
2007-12-30 13:51 . 2008-01-04 10:22 299,552 --a------ C:\WINDOWS\WMSysPrx.prx
2007-12-30 13:51 . 2007-12-30 14:26 25,065 --a------ C:\WINDOWS\SYSTEM32\wmpscheme.xml
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 14:00 --------- d-----w C:\Program Files\epson
2007-12-15 20:06 --------- d-----w C:\Program Files\Web Album Generator
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-11-29 22:30 129,784 ------w C:\WINDOWS\SYSTEM32\pxafs.dll
2007-11-29 22:30 120,056 ------w C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-11-29 22:30 118,520 ------w C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2007-11-28 19:38 --------- d-----w C:\Program Files\FLV Player
2005-02-09 03:32 198,514 ----a-w C:\Program Files\Common Files\ISO1.nri
2003-10-08 18:10 266 --sh--w C:\Program Files\desktop.ini
2003-10-08 18:10 11,079 ---h--w C:\Program Files\folder.htt
2005-02-17 16:17 10,022 --sha-w C:\WINDOWS\SYSTEM\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{536518E2-F6D4-45A6-AF8B-9F7FF06BB22E}]
C:\WINDOWS\System32\urqpq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2001-08-18 12:00 8322560 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe" [2001-08-18 12:00 3072 C:\WINDOWS\SYSTEM32\systray.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-19 20:21 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-30 14:56 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoClose"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
--a------ 2001-10-10 15:59 270336 C:\WINDOWS\SYSTEM32\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
--------- 2001-10-16 13:10 258118 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\System32\urqpq.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinRemote]
C:\Program Files\InterVideo\WinDVR\WinRemote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSCHEDULER]
C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-20 16:30 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE" -quiet
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\SIMPLE~1\PHOTOS~1\DATA\XTRAS\MSSYSMGR.EXE
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"NBJ"="C:\PROGRAM FILES\AHEAD\NERO BACKITUP\NBJ.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EPSON Stylus Photo 820 Series"=C:\WINDOWS\SYSTEM\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O5 "LPT1:" /M "Stylus Photo 820"
"TV Card Remote Control Applet"=C:\WINDOWS\713XRMT.EXE
"ICH Synth"=eusexe.exe
"SBMX"=C:\WINDOWS\SYSTEM32\SBMX.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WINSCHEDULER"=C:\PROGRA~1\INTERV~1\WINDVR\WINSCH~1.EXE
"WinRemote"="C:\Program Files\InterVideo\WinDVR\WinRemote.exe"
"EPSON Stylus CX4200 Series"=C:\WINDOWS\SYSTEM\E_S6I2E1.EXE /P26 "EPSON Stylus CX4200 Series" /O7 "EPUSB1:" /M "Stylus CX4200"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"mdac_runonce"=C:\WINDOWS\SYSTEM32\RUNONCE.EXE
"AVG7_CC"=C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
"AVG7_EMC"=C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
"AVG7_AMSVR"=C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"LoadQM"=loadqm.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RegShave"=C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"SchedulingAgent"=mstask.exe
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\PROGRAM FILES\VIEWPOINT\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 ati2mpad;ati2mpad;C:\WINDOWS\System32\DRIVERS\ati2mpad.sys [2002-02-18 14:19]
R3 ess;ESS Audio Driver (WDM);C:\WINDOWS\System32\drivers\ess.sys [2001-08-17 12:19]
S2 713xTVCard;SAA7130 TV Card;C:\WINDOWS\System32\DRIVERS\SAA713x.sys [2005-03-15 12:00]
S2 Cap7134;TV Capture Card 7130;C:\WINDOWS\System32\DRIVERS\Cap7134.sys [2002-08-25 11:00]
S3 PhTVTune;TV Capture Card tv tuner;C:\WINDOWS\System32\DRIVERS\PhTVTune.sys [2002-07-16 11:00]
*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A5CAB25-2E2E-4C2D-7C0C-3F658B6D567A}]
C:\WINDOWS\svchost.exe 2
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
"2008-01-06 04:00:02 C:\WINDOWS\Tasks\Tune-up Application Start.job"
"2008-01-23 14:00:02 C:\WINDOWS\Tasks\m02[1].job"
- C:\WINDOWS\Temporary Internet Files\Content.IE5\MFAT8VY7\m02[1].mpeg
"2008-01-23 14:00:02 C:\WINDOWS\Tasks\get_video[1].job"
- C:\WINDOWS\Temporary Internet Files\Content.IE5\D5FIO1GQ\get_video[1]
"2008-01-23 14:00:02 C:\WINDOWS\Tasks\CarrieAnn_Inaba_STF338[1].job"
- C:\WINDOWS\Temporary Internet Files\Content.IE5\MFAT8VY7\CarrieAnn_Inaba_STF338[1].dat
"2008-01-23 14:00:02 C:\WINDOWS\Tasks\Slut_Wife_Amy[1].job"
- C:\WINDOWS\Temporary Internet Files\Content.IE5\YOOQ2VO6\Slut_Wife_Amy[1].wmv
"2007-12-30 19:24:34 C:\WINDOWS\Tasks\Uninstall Expiration Reminder.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-23 11:20:53
Windows 5.1.2600 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
Here is the HiJack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26, on 2008-01-23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\VIEWPOINT\Common\ViewpointService.exe
C:\WINDOWS\System32\WgaTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {536518E2-F6D4-45A6-AF8B-9F7FF06BB22E} - C:\WINDOWS\System32\urqpq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\AMV Convert Tool 3.70\AMVConverter\grab.html
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\PROGRAM FILES\HELLO\PICASACAPTURE.DLL
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\PROGRAM FILES\HELLO\PICASACAPTURE.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: @Home - {70CAD800-1548-11D8-B7B7-00D0B719E641} -
http://home.excite.com (file missing) (HKCU)
O16 - DPF: Tornado 21 -
http://download.games.yahoo.com/games/c ... 21t0_x.cabO16 - DPF: Video Poker -
http://download.games.yahoo.com/games/c ... vpt0_x.cabO16 - DPF: Yahoo! Dice -
http://download.games.yahoo.com/games/c ... dct2_x.cabO16 - DPF: Yahoo! MahJong -
http://download.games.yahoo.com/games/c ... /ot0_x.cabO16 - DPF: Yahoo! Poker -
http://download.games.yahoo.com/games/c ... /pt3_x.cabO16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/c ... potc_x.cabO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://support2.charter.com/sdccommon/d ... gctlcm.cabO16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) -
https://sunam1.sslcert11.com/smsx.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 9504987953O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) -
http://updates.lifescapeinc.com/install ... nstall.cabO16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} -
http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cabO16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} -
http://download.divx.com/player/DivXPlayerInstaller.exeO16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) -
http://chat.yahoo.com/cab/yuplapp.cabO16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) -
https://www.clickloan.com/CAB/PtClickLo ... ckLoan.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\PROGRAM FILES\VIEWPOINT\Common\ViewpointService.exe
--
End of file - 5606 bytes