Here are my log files..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:46 PM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\OEM05Mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Keith Brandon\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/ig/dell?hl=en&cli ... bd=4080126R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
http://www.google.com/ig/dell?hl=en&cli ... bd=4080126R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 6 Suite\FpLaunch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {C04BC04E-1F31-4C85-801C-ACE5B1E84251} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [OEM05Mon.exe] C:\WINDOWS\OEM05Mon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: BootSys - {66dde256-dcc4-4840-b3c5-2ee7cafcb93d} - C:\WINDOWS\Installer\{66dde256-dcc4-4840-b3c5-2ee7cafcb93d}\BootSys.dll (file missing)
O21 - SSODL: zip - {cbc4608b-48f3-42ef-9126-39667410edfa} - C:\WINDOWS\Installer\{cbc4608b-48f3-42ef-9126-39667410edfa}\zip.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 10397 bytes
SDFix: Version 1.153 Run by KBrandon on Thu 03/06/2008 at 07:19 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Rebooting
Checking Files :
Trojan Files Found:
C:\Program Files\tmp118750.exe - Deleted
C:\Program Files\tmp127000.exe - Deleted
C:\Program Files\tmp128580453.exe - Deleted
C:\Program Files\tmp173968.exe - Deleted
C:\Program Files\tmp23781.exe - Deleted
C:\Program Files\tmp24921.exe - Deleted
C:\Program Files\tmp26187.exe - Deleted
C:\Program Files\tmp26234.exe - Deleted
C:\Program Files\tmp26312.exe - Deleted
C:\Program Files\tmp28109.exe - Deleted
C:\Program Files\tmp28828.exe - Deleted
C:\Program Files\tmp332847781.exe - Deleted
C:\Program Files\tmp34890.exe - Deleted
C:\Program Files\tmp44352390.exe - Deleted
C:\Program Files\tmp61515.exe - Deleted
C:\Program Files\tmp65797906.exe - Deleted
C:\Program Files\tmp79171.exe - Deleted
C:\Program Files\antiviirus.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-06 19:24:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 5 Feb 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 26 Nov 2001 27,136 A..H. --- "C:\Compact\98 D Drive Folders\Tarp Data for ring roll\~WRL0002.tmp"
Mon 26 Nov 2001 22,528 A..H. --- "C:\Compact\98 D Drive Folders\Tarp Data for ring roll\~WRL0479.tmp"
Mon 26 Nov 2001 21,504 A..H. --- "C:\Compact\98 D Drive Folders\Tarp Data for ring roll\~WRL0651.tmp"
Tue 6 Nov 2001 97,280 A..H. --- "C:\Compact\98 D Drive Folders\Tarp Data for ring roll\~WRL0899.tmp"
Sun 4 Nov 2001 28,672 A..H. --- "C:\Compact\98 D Drive Folders\Tarp Data for ring roll\~WRL3527.tmp"
Sun 10 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp"
Finished!ComboFix 08-03-06.2 - Keith Brandon 2008-03-06 19:59:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1548 [GMT -6:00]
Running from: C:\Documents and Settings\Keith Brandon\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\vfnlx32n.dll
.
((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.
2008-03-06 19:18 . 2008-03-06 19:18 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-06 19:14 . 2008-03-06 19:26 <DIR> d-------- C:\SDFix
2008-03-03 17:13 . 2008-03-03 17:22 <DIR> d-------- C:\Program Files\RegCleaner
2008-03-02 08:11 . 2008-01-25 22:02 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Roxio
2008-03-02 08:11 . 2008-01-25 21:46 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\InstallShield
2008-03-02 08:11 . 2008-01-25 21:33 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Creative
2008-02-29 23:57 . 2008-02-29 23:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-29 23:57 . 2008-03-01 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-29 23:33 . 2008-03-01 00:24 <DIR> d-------- C:\Program Files\Netcom3 Cleaner
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-29 22:52 . 2008-02-29 22:52 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-29 22:52 . 2008-02-29 22:52 <DIR> d-------- C:\Program Files\CCleaner
2008-02-29 22:42 . 2008-02-29 22:59 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-29 22:12 . 2008-02-29 22:12 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-29 22:12 . 2008-02-29 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-29 21:44 . 2008-02-29 21:59 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-02-29 21:17 . 2008-02-29 21:17 72 --a------ C:\WINDOWS\sbwin.ini
2008-02-28 18:58 . 2008-03-06 19:03 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-02-28 18:58 . 2008-02-28 18:58 <DIR> d-------- C:\Program Files\AVG
2008-02-28 18:58 . 2008-02-28 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-02-28 18:58 . 2008-02-28 18:58 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-02-28 18:58 . 2008-02-28 18:58 74,376 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-02-28 18:58 . 2008-02-28 18:58 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-02-28 18:58 . 2008-02-28 18:58 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-02-18 18:24 . 2008-02-18 18:26 <DIR> d-------- C:\Documents and Settings\Keith Brandon\Application Data\EBookSys
2008-02-18 18:23 . 2008-02-18 18:23 <DIR> d-------- C:\Program Files\E-Book Systems
2008-02-17 19:09 . 2008-02-17 19:09 <DIR> d-------- C:\Program Files\Ventrilo
2008-02-17 19:09 . 2008-02-17 19:09 <DIR> d-------- C:\Documents and Settings\Keith Brandon\Application Data\Ventrilo
2008-02-17 19:08 . 2008-02-29 22:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-14 16:26 . 2008-02-14 16:40 <DIR> d-------- C:\WINDOWS\.mpr_file_store_32
2008-02-09 10:45 . 2008-02-09 10:45 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-02-09 10:45 . 2008-02-09 10:45 <DIR> d-------- C:\Documents and Settings\Keith Brandon\Application Data\Intuit
2008-02-09 10:44 . 2008-02-09 10:44 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-02-09 10:44 . 2008-02-09 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-02-09 10:44 . 2007-10-22 18:58 1,721,712 --------- C:\WINDOWS\system32\InetClnt.dll
2008-02-09 10:41 . 2008-02-09 10:41 <DIR> d-------- C:\Program Files\TurboTax
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 04:42 --------- d-----w C:\Program Files\Google
2008-03-01 03:17 --------- d-----w C:\Documents and Settings\Keith Brandon\Application Data\Creative
2008-03-01 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-29 01:11 --------- d-----w C:\Program Files\DIGStream
2008-02-09 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 22:38 --------- d-----w C:\Program Files\Picasa2
2008-01-30 00:20 --------- d-----w C:\Program Files\World of Warcraft
2008-01-29 23:05 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-01-29 22:25 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-26 04:02 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2008-01-26 04:02 --------- d-----w C:\Documents and Settings\Keith Brandon\Application Data\Roxio
2008-01-26 04:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Roxio
2008-01-26 04:00 --------- d-----w C:\Program Files\Microsoft Plus! Photo Story 2 LE
2008-01-26 04:00 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-01-26 04:00 --------- d-----w C:\Program Files\Dell
2008-01-26 04:00 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-01-26 03:59 --------- d-----w C:\Program Files\MUSICMATCH
2008-01-26 03:59 --------- d-----w C:\Program Files\Dell Support Center
2008-01-26 03:59 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-01-26 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-26 03:58 --------- d-----w C:\Program Files\Dell DataSafe Online
2008-01-26 03:58 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-26 03:57 --------- d-----w C:\Program Files\Microsoft Works
2008-01-26 03:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-26 03:56 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-26 03:54 --------- d-----w C:\Program Files\Roxio
2008-01-26 03:54 --------- d-----w C:\Program Files\My Company Name
2008-01-26 03:54 --------- d-----w C:\Program Files\CyberLink
2008-01-26 03:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-01-26 03:52 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-01-26 03:52 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-01-26 03:52 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-26 03:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-01-26 03:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-26 03:51 --------- d-----w C:\Program Files\Creative
2008-01-26 03:47 --------- d-----w C:\Program Files\Creative Live! Cam
2008-01-26 03:47 --------- d-----w C:\Program Files\Common Files\Reallusion
2008-01-26 03:47 --------- d-----w C:\Program Files\Common Files\Creative
2008-01-26 03:47 --------- d-----w C:\Program Files\Broadcom
2008-01-26 03:46 --------- d-----w C:\Documents and Settings\Keith Brandon\Application Data\InstallShield
2008-01-26 03:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-01-26 03:45 --------- d-----w C:\Program Files\Java
2008-01-26 03:44 --------- d-----w C:\Program Files\Common Files\Java
2008-01-26 03:43 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-26 03:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-01-26 03:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Creative
2008-01-26 03:29 7,629 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_XPS_XPS720.mrk
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-29 22:42 171448]
"SpyClean"="C:\Program Files\Netcom3 Cleaner\SpyClean.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 13:41 8523776]
"CTHelper"="CTHELPER.EXE" [2005-11-08 05:30 16384 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-01 21:00 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 16:43 118784]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 09:00 1116920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 17:23 118784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-25 21:58 1838592]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"OEM05Mon.exe"="C:\WINDOWS\OEM05Mon.exe" [2007-08-21 14:39 36864]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-02-28 18:58 1171712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"BootSys"= {66dde256-dcc4-4840-b3c5-2ee7cafcb93d} - C:\WINDOWS\Installer\{66dde256-dcc4-4840-b3c5-2ee7cafcb93d}\BootSys.dll [ ]
"zip"= {cbc4608b-48f3-42ef-9126-39667410edfa} - C:\WINDOWS\Installer\{cbc4608b-48f3-42ef-9126-39667410edfa}\zip.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-02-28 18:58]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-02-28 18:58]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 10:35]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-02-28 18:58]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-02-28 18:58]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-02-28 18:58]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-02-14 23:40]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;C:\WINDOWS\system32\Drivers\OEM05Afx.sys [2007-08-21 14:39]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM05Vfx.sys [2007-08-21 14:39]
R3 OEM05Vid;Creative Camera OEM005 Driver;C:\WINDOWS\system32\DRIVERS\OEM05Vid.sys [2007-08-21 14:39]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\WINDOWS\system32\DRIVERS\livecamv.sys [2007-01-15 17:57]
S3 Netcom3;NetCom3 Service;C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-06 20:00:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-06 20:00:50
ComboFix-quarantined-files.txt 2008-03-07 02:00:49
.
2008-02-13 05:10:03 --- E O F ---