Thanks so much for the help! Ok, ran ComboFix, it didn't have to end any processes while it was running, and it didn't reboot at any point, if that's important. Here's the fresh HijackThis log and the ComboFix log after.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:16 AM, on 7/9/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.sok.org/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -
http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cabO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.nvidia.com/content/DriverDow ... eqlab2.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8541 bytes
***********************************************************
ComboFix-
ComboFix 08-07-08.7 - Jeff 2008-07-09 7:27:10.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2075 [GMT -5:00]
Running from: C:\Users\Jeff\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.
2008-07-07 19:54 . 2008-07-07 19:54 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-07 15:31 . 2008-07-07 15:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-06 01:10 . 2008-07-06 01:10 <DIR> d-------- C:\Windows\Sun
2008-07-06 00:43 . 2008-07-08 06:10 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-07-06 00:43 . 2008-07-06 00:43 <DIR> d-------- C:\Users\All Users\avg8
2008-07-06 00:43 . 2008-07-06 00:43 <DIR> d-------- C:\ProgramData\avg8
2008-07-06 00:43 . 2008-07-06 00:43 <DIR> d-------- C:\Program Files\AVG
2008-07-06 00:43 . 2008-07-06 00:52 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-07-06 00:43 . 2008-07-06 00:52 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-07-06 00:43 . 2008-07-06 00:43 10,520 --a------ C:\Windows\System32\avgrsstx.dll.old
2008-07-06 00:43 . 2008-07-06 00:52 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-07-05 21:40 . 2008-07-05 22:20 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-05 21:40 . 2008-07-05 22:20 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-05 21:40 . 2008-07-05 21:40 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-05 17:41 . 2008-07-05 17:45 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-07-05 17:41 . 2008-07-05 17:45 <DIR> d-------- C:\ProgramData\Lavasoft
2008-07-05 17:41 . 2008-07-05 17:41 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-05 17:35 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-07-05 17:34 . 2008-07-05 17:34 <DIR> d-------- C:\Program Files\Panda Security
2008-06-23 18:50 . 2008-06-28 15:45 <DIR> d-------- C:\Users\Jeff\AppData\Roaming\SPORE Creature Creator
2008-06-23 18:48 . 2008-06-23 18:48 <DIR> d-------- C:\Users\All Users\Electronic Arts
2008-06-23 18:48 . 2008-06-23 18:48 <DIR> d-------- C:\ProgramData\Electronic Arts
2008-06-23 18:47 . 2008-06-23 18:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-06-23 18:47 . 2008-06-23 18:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-06-23 18:47 . 2008-06-23 18:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-06-23 18:47 . 2008-06-23 18:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-06-23 18:47 . 2008-06-23 18:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-06-23 18:47 . 2008-06-23 18:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-06-23 18:47 . 2008-06-23 18:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-06-23 18:47 . 2008-06-23 18:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-06-23 18:47 . 2008-06-23 18:47 3,874 --a------ C:\Windows\System32\ealregsnapshot1.reg
2008-06-23 18:41 . 2008-06-23 18:41 <DIR> d-------- C:\Program Files\EA
2008-06-20 00:48 . 2008-06-20 00:48 <DIR> d-------- C:\Users\All Users\Steam
2008-06-20 00:48 . 2008-06-20 00:48 <DIR> d-------- C:\ProgramData\Steam
2008-06-14 08:48 . 2008-04-22 23:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 08:48 . 2008-04-22 23:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 08:48 . 2008-04-22 23:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 08:48 . 2008-04-22 23:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-10 16:17 . 2008-04-24 21:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-10 16:17 . 2008-04-26 03:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-10 16:17 . 2008-04-24 23:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-10 16:17 . 2008-05-09 20:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 05:43 --------- d-----w C:\ProgramData\Grisoft
2008-07-06 03:49 --------- d-----w C:\Program Files\Java
2008-07-05 22:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 14:14 --------- d-----w C:\Program Files\Steam
2008-06-29 14:18 --------- d-----w C:\Program Files\Call of Duty
2008-06-25 01:42 --------- d-----w C:\Users\Jeff\AppData\Roaming\Roxio
2008-06-23 23:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-23 23:48 --------- d-----w C:\Program Files\Electronic Arts
2008-06-23 23:28 --------- d-----w C:\Users\Jeff\AppData\Roaming\IGN_DLM
2008-06-21 00:20 --------- d-----w C:\Program Files\World of Warcraft
2008-06-20 05:48 --------- d-----w C:\ProgramData\PopCap Games
2008-06-18 05:41 --------- d-----w C:\Users\Jeff\AppData\Roaming\Hoyle Card Games
2008-06-11 08:11 --------- d-----w C:\Program Files\Common Files\Steam
2008-06-11 08:09 --------- d-----w C:\Program Files\Windows Mail
2008-06-03 03:55 --------- d-----w C:\Program Files\Sony
2008-06-03 02:33 --------- d-----w C:\ProgramData\Napster
2008-06-03 02:33 --------- d-----w C:\Program Files\Napster
2008-06-02 10:08 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-05-27 01:58 --------- d-----w C:\ProgramData\NVIDIA
2008-05-22 05:53 174 --sha-w C:\Program Files\desktop.ini
2008-05-22 05:47 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-22 05:47 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-22 05:47 --------- d-----w C:\Program Files\Windows Journal
2008-05-22 05:47 --------- d-----w C:\Program Files\Windows Defender
2008-05-22 05:47 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-22 05:47 --------- d-----w C:\Program Files\Windows Calendar
2008-05-22 05:32 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-22 05:32 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-22 05:09 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-05-22 05:09 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-05-22 04:54 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-22 03:30 --------- d-----w C:\ProgramData\Media Center Programs
2008-05-22 02:22 --------- d-----w C:\Program Files\Funcom
2008-05-22 02:05 --------- d-----w C:\ProgramData\Funcom
2008-05-21 03:01 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-05-21 02:56 --------- d-----w C:\Program Files\The Adventure Company
2008-05-16 16:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-14 08:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-30 22:27 442,368 ----a-w C:\Windows\System32\nvuninst.exe
2008-04-29 10:49 237,568 ----a-w C:\Windows\System32\UCI32M29.dll
2008-04-18 02:11 319,456 ----a-w C:\Windows\DIFxAPI.dll
2007-12-17 02:42 22,328 ----a-w C:\Users\Jeff\AppData\Roaming\PnkBstrK.sys
2008-02-01 01:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-01 01:32 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-01 01:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-11-06 21:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007110620071107\index.dat
2007-11-06 21:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
2007-11-06 21:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
2007-11-06 21:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-16 01:33 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 08:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 11:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 05:59 118784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-02 22:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-02 22:46 92704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-06 00:52 1232152]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=C:\Windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector]
--a------ 2007-03-02 16:55 1441792 C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D2C8A134-F14A-4252-AF2C-AFFF75DB3EE1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E8892AB9-A2ED-4BBB-8CBC-6383DF734454}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D5A61B3D-E4FA-4F08-A9DE-0EFCE5F5D648}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0559A56E-7BEA-4872-8BB7-516DC2BF1FBF}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9DDF7F5D-188B-465F-819C-9545F8735E30}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EDCB6D80-D148-4376-B117-AF6DDD4926A2}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{65B4BA42-510F-40DA-A186-32E513C5CB6E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5A73E01D-683E-46E2-AD8E-5D77C690A298}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A355F881-DD5D-4C7D-9741-7CA68619C1AC}"= UDP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{1B03997D-22EA-450F-89EC-76E8AE897CB1}"= TCP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{C6F03BD2-ABEC-415B-8FD3-BA8B0CA60E14}"= UDP:C:\Program Files\Download Manager\DLM.exe:Download Manager
"{897CF5FA-56CE-452D-BD69-4B0BEDF609C7}"= TCP:C:\Program Files\Download Manager\DLM.exe:Download Manager
"TCP Query User{1CC80724-6511-420B-8E93-FF9D1FBA689D}C:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:C:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{EEA1D215-6126-4B61-B6D0-EA4C20311337}C:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:C:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"TCP Query User{1AAAE81A-8F51-4C16-94E3-DBE8222BB945}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{B7C4B9D8-410A-47EE-A002-DC95DE700F61}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{B4F8D90A-BF70-46E7-B431-1B0FC3FA4EB6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DBB2A4DC-4E92-41A8-83BD-23B7F28491A6}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"UDP Query User{D9254D72-752B-4EE9-81D1-961DEBE780CD}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"{6AFB0ED8-C7D0-439E-AE08-DE8E6BA2870A}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{3BDA546C-7E23-4A93-99BE-50B8831470F6}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{CFD3BC4B-036A-46C3-B1FB-3C6B396D3E67}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{7A5910B8-F006-4C07-B976-26C02631F2EA}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{743E698B-2DEA-47D2-A7D0-6E9A7A84E670}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0E94EF5B-E5E1-4EB9-9F28-6D479CCA1D5C}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{4EF3FB35-CEEF-469E-80B8-B7B70CD8845D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{95B517D0-50AA-4026-891F-C859E9ABA946}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{33505A07-4F8D-43F1-AB93-AB3406366FEA}C:\\program files\\secondlife\\secondlife.exe"= UDP:C:\program files\secondlife\secondlife.exe:Second Life
"UDP Query User{C6C7B01E-F935-4DD5-A7D9-946046F62D7E}C:\\program files\\secondlife\\secondlife.exe"= TCP:C:\program files\secondlife\secondlife.exe:Second Life
"TCP Query User{872A1C1A-AB14-4B8F-B709-4705A13B9CAF}C:\\program files\\world of warcraft\\wow-2.3.3.7799-to-2.4.0.8089-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.3.3.7799-to-2.4.0.8089-enus-downloader.exe:Blizzard Downloader
"UDP Query User{00FEAD2D-C0E7-4516-92FC-F6D0E9C4F969}C:\\program files\\world of warcraft\\wow-2.3.3.7799-to-2.4.0.8089-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.3.3.7799-to-2.4.0.8089-enus-downloader.exe:Blizzard Downloader
"{FC57FAE2-81B4-41C4-969F-E9A2344FB9C2}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3B6E877A-2C2B-417A-AAE1-D6688D316A38}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1A8BA8F2-27A6-4750-9264-3523319761FD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{36A16C03-2E04-4806-A78E-825E9C91E36D}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{342E9A65-8F13-44CA-ACA4-C16FC5766A2D}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{4D83BDBD-1F70-4E91-834F-9C10B4577157}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{AE35306A-C503-4F0D-B05C-7790C84DED39}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-06 00:52]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-06 00:52]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 00:52]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-07-06 00:52]
R3 UsbFltr;WayTech USB Filter Driver1;C:\Windows\system32\Drivers\UsbFltr.sys [2007-04-09 09:50]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 17:25]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-10 10:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9380925-df3c-11dc-9f3a-001bb954c3d0}]
\shell\AutoRun\command - K:\autorun.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-15 03:24:24 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-08 01:00:01 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Jeff.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-09 07:31:14
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Windows\TEMP\TMP0000005256E1B1F29473DFA2 524288 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
Completion time: 2008-07-09 7:33:12
ComboFix-quarantined-files.txt 2008-07-09 12:32:19
Pre-Run: 110,674,497,536 bytes free
Post-Run: 111,858,655,232 bytes free
228 --- E O F --- 2008-07-06 23:02:42