I haven't had any proof or activity that there is active malware on my machine, however I believe it may still be dormant and in hiding still. I'm a big fan of EasyClean (ToniArts) and removed a large amount of invalid registry keys. As far as computer stability goes, I've been seeing a few 'freezes' here and there. When I start my world of warcraft application, and attempt to log in, it freezes immediately on that screen. The sound buffer is still running, but something's causing a graphical glitch or something, possibly another program interfering with the outgoing packets. Otherwise, system responds normally from boot to shut down. I have been disabling my AVG anti virus and adopting Microsoft's to be me resident guard dog.
ComboFix 10-01-04.01 - Larry 01/09/2010 23:54:38.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3070.2110 [GMT -5:00]
Running from: c:\users\Larry\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-05 08:46 . 2010-01-05 18:06 -------- d-----w- c:\users\Larry\AppData\Roaming\Wireshark
2010-01-05 07:12 . 2010-01-05 07:13 -------- d-----w- c:\program files\Wireshark
2010-01-05 05:35 . 2010-01-05 05:35 -------- d-----w- c:\program files\Windows Portable Devices
2010-01-05 05:19 . 2010-01-05 05:44 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-01-05 05:08 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-01-05 05:08 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-01-05 05:08 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-01-05 05:06 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-01-05 05:06 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-01-05 05:06 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-01-05 05:06 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-01-05 05:06 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-01-05 05:06 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-01-05 05:06 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-01-05 05:06 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-01-05 05:06 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-01-05 05:06 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-01-05 05:06 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-01-05 05:06 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-01-05 05:05 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-01-05 05:05 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-01-05 05:05 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-01-04 07:10 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-01-04 07:10 . 2010-01-04 07:10 -------- d-----w- c:\program files\Alwil Software
2010-01-04 06:39 . 2010-01-04 06:40 -------- d-----w- c:\windows\system32\ca-ES
2010-01-04 06:39 . 2010-01-04 06:40 -------- d-----w- c:\windows\system32\eu-ES
2010-01-04 06:39 . 2010-01-04 06:40 -------- d-----w- c:\windows\system32\vi-VN
2010-01-04 06:09 . 2010-01-04 06:09 -------- d-----w- c:\windows\system32\EventProviders
2010-01-04 05:10 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-01-04 04:47 . 2010-01-04 04:47 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-01-04 03:38 . 2009-12-01 15:53 220536 ----a-w- C:\sigcheck.exe
2010-01-04 02:46 . 2009-04-11 06:28 1077248 ----a-w- c:\windows\system32\vssapi.dll
2010-01-04 02:45 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-01-03 17:48 . 2010-01-03 17:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-03 17:47 . 2010-01-03 17:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-01-03 13:12 . 2010-01-02 16:36 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-01-03 13:12 . 2010-01-02 16:36 4043032 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-01-03 13:12 . 2010-01-02 16:36 2033432 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-01-03 13:12 . 2010-01-02 16:36 3967256 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-01-03 13:12 . 2010-01-02 16:36 2352920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2010-01-03 13:12 . 2010-01-02 16:36 916248 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2010-01-03 07:33 . 2010-01-03 07:33 -------- d-----w- c:\program files\ToniArts
2010-01-03 07:20 . 2009-11-03 01:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2010-01-03 06:47 . 2010-01-03 06:47 -------- d-----w- C:\PerfLogs
2010-01-03 05:33 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-03 05:08 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-03 05:08 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-01-03 05:08 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-03 04:43 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-01-03 04:35 . 2008-01-19 07:29 705536 ----a-w- c:\windows\system32\imagesp1.dll
2010-01-03 04:35 . 2008-01-19 07:36 116736 ----a-w- c:\windows\system32\sstpsvc.dll
2010-01-03 04:35 . 2008-01-19 07:36 175104 ----a-w- c:\windows\system32\winrscmd.dll
2010-01-03 04:33 . 2008-01-19 07:37 1642496 ----a-w- c:\windows\system32\WMPEncEn.dll
2010-01-03 04:32 . 2008-01-19 07:36 80896 ----a-w- c:\windows\system32\wbem\WMIPICMP.dll
2010-01-03 04:31 . 2008-01-19 07:34 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll
2010-01-03 04:31 . 2008-01-19 07:36 357888 ----a-w- c:\windows\system32\wbemcomn.dll
2010-01-03 04:31 . 2008-01-19 07:36 129536 ----a-w- c:\windows\system32\sqmapi.dll
2010-01-03 04:31 . 2008-01-19 07:36 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2010-01-03 04:31 . 2008-01-19 07:35 35328 ----a-w- c:\windows\system32\mspatcha.dll
2010-01-03 04:31 . 2008-01-19 07:34 305152 ----a-w- c:\windows\system32\msdelta.dll
2010-01-03 04:31 . 2008-01-19 07:34 258560 ----a-w- c:\windows\system32\dpx.dll
2010-01-03 04:28 . 2009-11-21 06:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-03 04:27 . 2009-11-21 06:40 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-03 04:27 . 2009-11-21 06:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-03 04:27 . 2009-11-21 04:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-03 04:13 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-03 04:13 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2010-01-03 04:13 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-03 04:13 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-01-03 04:13 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-01-03 04:13 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-01-03 04:11 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-01-03 04:11 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-03 04:11 . 2009-04-11 06:28 1696768 ----a-w- c:\windows\system32\gameux.dll
2010-01-03 04:11 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-03 04:11 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2010-01-03 04:11 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2010-01-03 04:11 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-01-03 04:11 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-01-03 04:11 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2010-01-03 04:10 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-01-03 04:10 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2010-01-03 04:10 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-01-03 04:10 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-01-03 04:10 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-01-03 04:10 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-01-03 04:10 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-01-03 04:10 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-01-03 04:10 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2010-01-03 04:10 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-01-03 04:10 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-01-03 04:08 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2010-01-03 04:08 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-01-03 04:08 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2010-01-03 04:07 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-01-03 04:07 . 2008-01-19 07:35 31232 ----a-w- c:\windows\system32\msvidc32.dll
2010-01-03 04:07 . 2008-01-19 07:35 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-01-03 04:07 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-01-03 04:07 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-01-03 04:07 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-01-03 04:07 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-03 03:58 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-01-03 03:55 . 2010-01-03 03:55 -------- d-----w- C:\Download
2010-01-03 03:55 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2010-01-03 03:53 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-03 03:53 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-03 03:53 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-01-03 03:53 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-01-03 03:51 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-01-03 03:18 . 2010-01-03 03:18 37888 ----a-w- c:\windows\system32\printcom.dll
2010-01-03 03:18 . 2010-01-03 03:18 -------- d-----w- c:\program files\MSXML 4.0
2010-01-03 02:57 . 2010-01-03 02:57 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-01-03 02:57 . 2010-01-03 02:57 44768 ----a-w- c:\windows\system32\wups2.dll
2010-01-03 02:57 . 2010-01-03 02:57 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-01-03 02:57 . 2010-01-03 02:57 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-01-03 02:56 . 2010-01-03 02:56 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-01-03 02:56 . 2010-01-03 02:56 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-01-03 02:56 . 2010-01-03 02:56 35552 ----a-w- c:\windows\system32\wups.dll
2010-01-03 02:56 . 2010-01-03 02:56 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-01-03 02:55 . 2010-01-03 02:55 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-01-03 01:01 . 2010-01-03 01:01 -------- d-----w- c:\program files\Trojan Remover
2010-01-03 01:00 . 2009-11-25 18:01 1230080 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2010-01-02 20:52 . 2010-01-02 20:52 -------- d-----w- c:\users\Larry\AppData\Local\AVG Security Toolbar
2010-01-02 16:37 . 2010-01-02 20:49 -------- d-----w- C:\$AVG
2010-01-02 16:36 . 2010-01-03 01:00 -------- d-----w- c:\programdata\AVG Security Toolbar
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 04:51 . 2008-10-29 16:04 -------- d-----w- c:\users\Larry\AppData\Roaming\U3
2010-01-10 02:29 . 2010-01-10 02:29 3584 ----a-r- c:\users\Larry\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-01-10 02:29 . 2010-01-10 02:29 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-01-10 02:28 . 2010-01-10 02:28 -------- d-----w- c:\program files\MSECACHE
2010-01-08 01:20 . 2010-01-08 01:20 -------- d-----w- c:\program files\Microsoft LifeChat
2010-01-06 04:20 . 2010-01-06 04:19 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-05 07:13 . 2009-06-16 04:20 -------- d-----w- c:\program files\WinPcap
2010-01-05 06:10 . 2009-03-04 16:08 -------- d-----w- c:\program files\Common Files\Apple
2010-01-05 05:35 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-05 05:35 . 2010-01-05 05:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-01-04 16:53 . 2008-10-25 05:47 112800 ----a-w- c:\users\Larry\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-04 08:12 . 2008-11-12 01:02 -------- d-----w- c:\programdata\Microsoft Help
2010-01-04 08:08 . 2008-11-12 01:06 -------- d-----w- c:\program files\Microsoft Works
2010-01-04 06:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-01-04 06:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-01-04 06:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-01-04 06:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-01-04 06:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-04 06:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-01-04 06:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-01-04 06:38 . 2010-01-04 06:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-01-04 05:50 . 2008-10-27 05:38 -------- d-----w- c:\program files\Vuze
2010-01-03 07:33 . 2008-10-25 05:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 06:36 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-01-03 06:36 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-01-03 03:37 . 2009-05-14 03:07 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-02 16:37 . 2008-10-25 14:33 -------- d-----w- c:\program files\AVG
2010-01-02 16:37 . 2009-01-31 03:18 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-02 16:37 . 2008-10-25 14:33 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-02 16:37 . 2008-10-25 14:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-02 16:36 . 2008-10-25 14:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-02 15:41 . 2009-11-30 20:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-21 19:54 . 2008-12-21 06:34 -------- d-----w- c:\users\Larry\AppData\Roaming\LimeWire
2009-12-18 01:20 . 2008-10-27 05:39 -------- d-----w- c:\users\Larry\AppData\Roaming\Azureus
2009-11-30 20:51 . 2009-11-30 20:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-27 23:44 . 2009-11-27 23:44 -------- d-----w- c:\users\Guest\AppData\Roaming\Logitech
2009-11-27 23:44 . 2009-11-27 23:44 112800 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-23 02:00 . 2009-11-23 02:00 439816 ----a-w- c:\users\Larry\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-11-21 09:30 . 2009-11-21 09:30 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-21 00:51 . 2009-09-30 22:05 -------- d-----w- c:\program files\iPod
2009-10-20 18:20 . 2009-10-20 18:20 96784 ----a-w- c:\windows\system32\Packet.dll
2009-10-20 18:19 . 2009-10-20 18:19 281104 ----a-w- c:\windows\system32\wpcap.dll
2009-10-20 18:19 . 2009-10-20 18:19 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2009-10-20 18:19 . 2009-10-20 18:19 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2009-10-19 19:08 . 2008-11-23 17:10 175 ----a-w- c:\users\Larry\AppData\Roaming\Azureus\restart.bat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-03-25 14131200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 92704]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-03 2033432]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-30 1389904]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-18 1070984]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-25 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Larry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 06:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-04-04 19:41 970752 ----a-w- c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 20:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 00:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 09:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-12-21 03:12 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e2,d6,77,21,09,8d,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3759937382-3024296757-1267975415-1000]
"EnableNotificationsRef"=dword:00000001
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/25/2008 9:33 AM 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [1/30/2009 10:18 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/2/2010 11:36 AM 285392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [11/30/2009 3:16 PM 1153368]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [6/18/2009 6:48 PM 42480]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [10/25/2008 12:52 AM 250880]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/2/2010 11:33 PM 21504]
S3 JRHSUR;JRHSUR;c:\users\Larry\AppData\Local\Temp\JRHSUR.exe --> c:\users\Larry\AppData\Local\Temp\JRHSUR.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [10/20/2009 1:19 PM 50704]
S3 PORTMON;PORTMON;c:\users\Larry\Downloads\SysinternalsSuite(2)\PORTMSYS.SYS [1/5/2010 2:46 AM 28656]
S3 RDID1009;EDIROL UM-1;c:\windows\System32\drivers\Rdwm1009.sys [10/31/2008 12:18 PM 56832]
S3 UZJBTLAINQG;UZJBTLAINQG;c:\users\Larry\AppData\Local\Temp\UZJBTLAINQG.exe --> c:\users\Larry\AppData\Local\Temp\UZJBTLAINQG.exe [?]
S3 WFHP;WFHP;c:\users\Larry\AppData\Local\Temp\WFHP.exe --> c:\users\Larry\AppData\Local\Temp\WFHP.exe [?]
S3 XRF;XRF;c:\users\Larry\AppData\Local\Temp\XRF.exe --> c:\users\Larry\AppData\Local\Temp\XRF.exe [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - uwlyypod
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\4m6tlgh3.default\
FF - prefs.js: browser.startup.homepage - cnn.com
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\4m6tlgh3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-10 00:00
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3952)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2010-01-10 00:02:03
ComboFix-quarantined-files.txt 2010-01-10 05:02
ComboFix2.txt 2010-01-05 09:08
Pre-Run: 175,387,049,984 bytes free
Post-Run: 175,342,911,488 bytes free
- - End Of File - - 4639E5960C1E19AFE869BDD1228996E6