Ok, here you go.
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Photoshop CS2
Adobe Reader 7.0.5
AIM 6
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AVG 8.0
AVI ReComp 1.4.4
AviSynth 2.5
Blaze Media Pro
Camtasia Studio 5
Canon iP1800 series
Canon iP1800 series User Registration
Canon My Printer
Canon Utilities Easy-LayoutPrint
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
DivX
Easy Internet Sign-up
Google Gmail Notifier
Google Updater
HijackThis 2.0.2
HP Help and Support
HP Imaging Device Functions 6.0
HP Quick Launch Buttons 6.10 A2
HP QuickPlay 2.3
HP Rhapsody
HP Update
HP User Guides 0035
HP Wireless Assistant 2.00 G2
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Internet Speed Monitor
iTunes
J2SE Runtime Environment 5.0 Update 6
K-Lite Codec Pack 3.8.0 Basic
Macromedia Shockwave Player
Magic Video Converter Trial Version (English) 8.0.2.18
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft IntelliPoint 6.2
Microsoft IntelliType Pro 6.1
Microsoft Office Enterprise 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
Mpeg2Decoder 1.3
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Nero 7 Ultra Edition
Netscape Browser (remove only)
NetWaiting
Nokia Connectivity Cable Driver
Nokia PC Suite
OpenOffice.org Installer 1.0
PC Connectivity Solution
QuickTime
Replay AV 8
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic Update Manager
Spyware Doctor 5.0
Synaptics Pointing Device Driver
TBS WMP Plug-in
Video Edit Magic 4
Virtual DJ - Atomix Productions
VobSub v2.23 (Remove Only)
WinAVI Video Converter
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Connect
WinRAR archiver
Wireless Home Network Setup
Xvid 1.1.3 final uninstall
Yahoo! Messenger
---------------------------------------------------------------------------------------
ComboFix 09-01-02.01 - David Burks 2009-01-04 11:47:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1108 [GMT -5:00]
Running from: c:\program files\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\David Burks\Application Data\GetModule
c:\documents and settings\David Burks\Application Data\GetModule\dicik.gz
c:\documents and settings\David Burks\Application Data\GetModule\kwdik.gz
c:\documents and settings\David Burks\Application Data\GetModule\ofadik.gz
c:\documents and settings\David Burks\Temporary Internet Files\fbk.sts
c:\program files\GrandPack
c:\program files\GrandPack\qdrloader.exe
c:\program files\GrandPack\Uninstall.exe
c:\program files\Mozilla Firefox\components\nsglobaladsolution.dll
c:\windows\system32\ajfjhmyt.ini
c:\windows\system32\BLTsrXyb.ini
c:\windows\system32\BLTsrXyb.ini2
c:\windows\system32\bocxfduf.ini
c:\windows\system32\digeste.dll
c:\windows\system32\efcDVPJd.dll
c:\windows\system32\gogxnckw.dll
c:\windows\system32\gtfgifsm.ini
c:\windows\system32\hdwyre.dll
c:\windows\system32\HOrsCJjl.ini
c:\windows\system32\HOrsCJjl.ini2
c:\windows\system32\igvbatmv.dll
c:\windows\system32\iSAaIRqr.ini
c:\windows\system32\iSAaIRqr.ini2
c:\windows\system32\iwkceovi.ini
c:\windows\system32\jkqyoras.ini
c:\windows\system32\kpsfbehw.ini
c:\windows\system32\ljJaAQHA.dll
c:\windows\system32\ljJCsrOH.dll
c:\windows\system32\lobrqc.dll
c:\windows\system32\lvcofp.dll
c:\windows\system32\lwpwhoeo.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\Memman.vxd
c:\windows\system32\nilxva.dll
c:\windows\system32\odvnnolx.dll
c:\windows\system32\ofiflqny.dll
c:\windows\system32\olwquqcs.ini
c:\windows\system32\plxmovme.ini
c:\windows\system32\prudnieu.ini
c:\windows\system32\qddsdrik.ini
c:\windows\system32\QsuFeMoq.ini
c:\windows\system32\QsuFeMoq.ini2
c:\windows\system32\rtfxqwvf.ini
c:\windows\system32\saroyqkj.dll
c:\windows\system32\skinboxer43.dll
c:\windows\system32\srnihyml.ini
c:\windows\system32\syyfyufw.ini
c:\windows\system32\vmtabvgi.ini
c:\windows\system32\wvjlkqbq.ini
c:\windows\system32\xxmyteog.dll
c:\windows\system32\xxsnrr.dll
c:\windows\Tasks\hhrqejua.job
c:\windows\wiaserviv.log
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.
2008-12-29 03:39 . 2009-01-03 13:20 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-29 03:28 . 2009-01-03 11:44 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-29 03:28 . 2008-12-29 03:28 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-29 03:28 . 2008-12-29 03:28 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-29 03:28 . 2008-12-29 03:28 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
2008-12-29 03:28 . 2008-12-29 03:28 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-29 03:27 . 2008-12-29 03:27 <DIR> d-------- c:\program files\AVG
2008-12-29 03:27 . 2008-12-29 03:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-29 03:27 . 2008-12-29 03:27 50,968 --a------ c:\windows\system32\avgfwdx.dll
2008-12-29 03:27 . 2008-12-29 03:27 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2008-12-29 00:11 . 2008-12-29 00:11 812,692 --a------ c:\windows\system32\rn.tmp
2008-12-28 23:45 . 2008-12-28 23:45 22,016 --a------ c:\documents and settings\David Burks\j.exe
2008-12-28 17:08 . 2008-12-28 17:08 <DIR> d-------- c:\program files\Trend Micro
2008-12-27 23:45 . 2008-12-27 23:45 <DIR> d-------- c:\documents and settings\David Burks\Application Data\Twain
2008-12-27 23:40 . 2008-12-28 16:08 <DIR> d-------- c:\program files\Webtools
2008-12-25 01:24 . 2009-01-01 02:35 <DIR> d-------- c:\windows\system32\CatRoot2
2008-12-25 01:21 . 2006-10-27 14:08 <DIR> d-------- c:\program files\Dial-a-fix-v0.60.0.24
2008-12-25 01:12 . 2008-12-25 01:12 335,992 --a------ c:\program files\Dial-a-fix-v0.60.0.24.zip
2008-12-18 05:01 . 1999-03-05 21:26 777,216 --a------ c:\documents and settings\David Burks\Application Data\PHOTOED.EXE
2008-12-18 05:01 . 1998-12-09 02:53 183,808 --a------ c:\documents and settings\David Burks\Application Data\TEXTURIZ.DLL
2008-12-18 05:01 . 1998-12-09 02:53 115,712 --a------ c:\documents and settings\David Burks\Application Data\STAINEDG.DLL
2008-12-18 05:01 . 1998-12-09 02:53 110,080 --a------ c:\documents and settings\David Burks\Application Data\WATERCOL.DLL
2008-12-18 05:01 . 1998-12-09 02:53 104,448 --a------ c:\documents and settings\David Burks\Application Data\CHALKCHA.DLL
2008-12-18 05:01 . 1998-12-09 02:53 98,816 --a------ c:\documents and settings\David Burks\Application Data\NOTEPAPE.DLL
2008-12-18 05:01 . 1998-12-09 02:53 97,792 --a------ c:\documents and settings\David Burks\Application Data\STAMP.DLL
2008-12-18 05:01 . 1998-12-09 02:53 97,792 --a------ c:\documents and settings\David Burks\Application Data\GRAPHICP.DLL
2008-12-18 05:01 . 1998-12-09 02:53 97,792 --a------ c:\documents and settings\David Burks\Application Data\EMBOSS.DLL
2008-12-18 05:00 . 2008-12-18 05:00 844,877 --a------ c:\documents and settings\David Burks\Application Data\microphotoed.exe
2008-12-18 03:21 . 2008-12-18 03:21 <DIR> d-------- c:\windows\PrimoPDF4
2008-12-18 03:21 . 2008-12-18 03:21 <DIR> d-------- c:\program files\activePDF
2008-12-18 03:21 . 2006-12-11 16:12 176,235 --a------ c:\windows\system32\Primomonnt.dll
2008-12-18 03:08 . 2008-12-18 03:09 11,121,848 --a------ c:\documents and settings\David Burks\Application Data\FreewarePrimoSetup.exe
2008-12-17 14:29 . 2008-12-17 14:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-12-17 14:23 . 2008-12-17 14:23 473,120 --a------ c:\documents and settings\David Burks\Application Data\OGAPluginInstall.exe
2008-12-14 02:06 . 2008-12-14 02:06 <DIR> d--h----- c:\windows\PIF
2008-12-14 00:49 . 2008-12-14 00:49 <DIR> d-------- c:\program files\Lavasoft
2008-12-14 00:49 . 2008-12-14 00:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-14 00:48 . 2008-12-14 00:48 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-14 00:46 . 2008-12-14 00:47 23,804,784 --a------ c:\program files\aaw2008.exe
2008-12-13 00:24 . 2008-12-13 00:24 <DIR> d-------- c:\program files\CCleaner
2008-12-13 00:23 . 2008-12-13 00:23 2,972,904 --a------ c:\program files\ccsetup214.exe
2008-12-12 17:28 . 2008-12-29 03:56 <DIR> d-------- c:\program files\Extra Antivir
2008-12-12 17:28 . 2008-12-12 17:28 <DIR> d-------- c:\documents and settings\David Burks\Application Data\SecurityCenter
2008-12-12 17:28 . 2008-12-12 17:28 <DIR> d-------- c:\documents and settings\David Burks\Application Data\s_6002_fHx8fHx8fDEyNDE3NDY5OTh8_
2008-12-12 04:20 . 2001-08-17 22:36 93,696 --a------ c:\windows\system32\hpgt42.dll
2008-12-12 04:20 . 2001-08-17 22:36 93,696 --a------ c:\windows\system32\dllcache\hpgt42.dll
2008-12-12 04:20 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2008-12-12 04:20 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\dllcache\wiafbdrv.dll
2008-12-12 04:20 . 2001-08-17 22:36 32,768 --a------ c:\windows\system32\hpgtmcro.dll
2008-12-12 04:20 . 2001-08-17 22:36 32,768 --a------ c:\windows\system32\dllcache\hpgtmcro.dll
2008-12-12 04:20 . 2001-08-17 22:36 31,232 --a------ c:\windows\system32\hpgt42tk.dll
2008-12-12 04:20 . 2001-08-17 22:36 31,232 --a------ c:\windows\system32\dllcache\hpgt42tk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 16:50 --------- d-----w c:\documents and settings\David Burks\Application Data\uTorrent
2009-01-04 05:52 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-29 10:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-29 09:24 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-14 07:23 --------- d-----w c:\program files\keygen
2008-12-11 10:37 --------- d-----w c:\program files\Spyware Doctor
2008-12-02 08:24 --------- d-----w c:\program files\Replay AV 8
2008-11-17 01:39 --------- d-----w c:\program files\URUSoft
2008-11-17 01:39 --------- d-----w c:\program files\DVDlabPro2
2008-11-13 17:42 --------- d-----w c:\documents and settings\David Burks\Application Data\gtk-2.0
2008-11-13 04:16 --------- d-----w c:\documents and settings\David Burks\Application Data\avidemux
2008-11-12 23:05 12,546,913 ----a-w c:\program files\avidemux_2.4.3_win32.exe
2008-11-12 05:18 608,805 ----a-w c:\program files\DVDSubEdit1.5.zip
2008-11-10 06:19 83,536 ----a-w c:\windows\system32\drivers\iksyssec.sys
2008-11-10 06:19 59,984 ----a-w c:\windows\system32\drivers\iksysflt.sys
2008-11-10 06:19 52,304 ----a-w c:\windows\system32\drivers\ikfilesec.sys
2008-11-10 06:19 39,248 ----a-w c:\windows\system32\drivers\ikfileflt.sys
2008-11-10 06:19 26,064 ----a-w c:\windows\system32\drivers\kcom.sys
2008-11-10 06:16 --------- d-----w c:\documents and settings\David Burks\Application Data\PC Tools
2008-11-08 10:00 --------- d-----w c:\documents and settings\David Burks\Application Data\AVI ReComp
2008-11-08 08:40 --------- d-----w c:\program files\Xvid
2008-11-08 08:40 --------- d-----w c:\program files\AVI ReComp
2008-11-08 08:39 --------- d-----w c:\program files\AviSynth 2.5
2008-11-08 08:33 10,252,213 ----a-w c:\program files\AVI_ReComp_1.4.4_Setup.exe
2008-11-07 04:53 1,851,544 ----a-w c:\program files\install_flash_player2.exe
2008-11-07 04:52 208,144 ----a-w c:\program files\uninstall_flash_player.exe
2008-10-08 00:59 5,697,032 ----a-w c:\program files\wmvfirefoxpluginsetup_3.1f.exe
2008-09-10 01:11 1,020,112 ----a-w c:\program files\Google Updater.exe
2008-09-09 21:22 1,073,152 ----a-w c:\program files\DVDSubEdit.exe
2008-08-19 08:25 584,851 ----a-w c:\program files\mpeg2decoder.exe
2008-08-05 04:02 13,832,192 ----a-w c:\program files\BMP.exe
2008-07-18 07:05 16,577,776 ----a-w c:\program files\setup_blazemp.exe
2008-03-02 05:02 7,106,392 ----a-w c:\program files\ITP32Eng.exe
2008-03-02 04:46 14,810,696 ----a-w c:\program files\IP32Eng6.20.182.0.exe
2008-03-02 04:42 15,846,984 ----a-w c:\program files\IP64Eng6.20.182.0.exe
2008-02-24 09:15 2,536,456 ----a-w c:\program files\klcodec-380b.exe
2008-02-05 19:17 437,392 ----a-w c:\program files\msgr8us.exe
2008-02-01 07:24 391,083 ----a-w c:\program files\vsfilter.2.37_nt.exe
2008-01-29 22:02 55,472 ----a-w c:\program files\GmailConfig.exe
2008-01-20 01:47 23,405,072 ----a-w c:\program files\AdbeRdr811_en_US.exe
2008-01-01 03:28 1,491,592 ----a-w c:\program files\install_flash_player.exe
2007-09-25 07:14 299,288 ----a-w c:\program files\GmailInstaller.exe
2007-01-13 16:12 1,630,614 ----a-w c:\program files\DVD Lab Pro 2.2 CRACK.exe
2006-12-13 22:44 23,654,120 ----a-w c:\program files\dvdlabpro22.exe
2004-03-19 18:53 1,107,022 ----a-w c:\program files\SubtitleWorkshop251.exe
2005-07-14 18:31 27,648 --sha-w c:\windows\system32\AVSredirect.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eb470c00-6209-a2ca-d429-9c424c9fda98}]
2008-12-02 11:38 674304 --a------ c:\windows\system32\nse4B3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 1197648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-29 1261336]
"MsmqIntCert"="mqrt.dll" [2007-07-06 c:\windows\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
c:\documents and settings\David Burks\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv50"= c:\progra~1\REPLAY~1\ir50_32.dll
"VIDC.SP54"= SP5X_32.DLL
"MSVideo"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\
0lsdelete
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>Ý\†Ð=ŸàÛ±Þ"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Filters\\ac3config.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-29 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-29 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-29 90632]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-29 29208]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-29 231704]
R4 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-12-29 1212184]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-29 29208]
S3 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [2008-11-10 708176]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b68a5d6-4bed-11dd-b1ac-001b77b20ad0}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL chess.exe e
\shell\Open\command - chess.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5ea741f-d7d6-11dd-b2aa-001b77b20ad0}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL chess.exe e
\Shell\Open\command - chess.exe
.
Contents of the 'Scheduled Tasks' folder
2008-03-02 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 12:01]
.
- - - - ORPHANS REMOVED - - - -
BHO-{7455C67B-A358-4C07-9336-C30368493B1F} - c:\windows\system32\rqRIaASi.dll
BHO-{77AB59B4-55A3-4737-9FD5-B93C6430BF78} - c:\windows\system32\aroecjdv.dll
BHO-{7A9384E0-438C-49ED-A192-D79DB35BD381} - c:\windows\system32\qoMeFusQ.dll
BHO-{B7CEC26D-CAE1-4D07-B002-715F655E7070} - c:\windows\system32\byXrsTLB.dll
BHO-{cbe285d8-1aad-4628-a6f7-6c5a4c8eae50} - c:\windows\system32\nilxva.dll
BHO-{EA705111-9889-4D94-9109-9B516622FE43} - c:\windows\system32\ljJCsrOH.dll
HKCU-Run-Aim6 - (no file)
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopuInternet Connection Wizard,ShellNext =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {432D6704-9F20-42E6-84AC-F018B863C1CC} = 65.32.5.111,65.32.5.112
FF - ProfilePath - c:\documents and settings\David Burks\Application Data\Mozilla\Firefox\Profiles\zkg6c450.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage -
hxxp://weather.msn.com/local.aspx?wealo ... c:USFL0438FF - prefs.js: keyword.URL -
hxxp://www10.yoog.com/search.php?q=FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\nsglobaladsolution.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
ATTENTION: FIREFOX POLICES IS IN FORCE FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL -
hxxp://www10.yoog.com/search.php?q=FF - user.js: keyword.enabled - true
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-04 11:52:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???0^??????`?@?????L?@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\mqsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\mqtgsvc.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-04 11:56:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-04 16:56:26
Pre-Run: 12,691,283,968 bytes free
Post-Run: 12,751,687,680 bytes free
345 --- E O F --- 2008-12-18 08:00:59
-------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:50 PM, on 1/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: globaladsolution - {eb470c00-6209-a2ca-d429-9c424c9fda98} - C:\WINDOWS\system32\nse4B3.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{432D6704-9F20-42E6-84AC-F018B863C1CC}: NameServer = 65.32.5.111,65.32.5.112
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 10003 bytes