Thread: [SOLVED] HJT and COmboFix Logs
View Single Post
Old 06-11-2008, 05:34 PM   #5 (permalink)
Ru-Shin
Registered User
 
Join Date: Jun 2008
Location: Alabama
Posts: 10
OS: Windows XP


Send a message via Skype™ to Ru-Shin
[SOLVED] HJT and COmboFix Logs
First off, thanks to Amateur for helping me before. It was greatly appreciated. Here's the HJT Log and the ComboFix Log you requested. I hope to get a response soon!

~Ru



Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-11 18:26:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:44 PM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Marty Casey Toolbar - {4E7BD74F-2B8D-469E-BEDC-CC39F0D3F960} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL
O2 - BHO: MyPoints Toolbar - {4E7BD74F-2B8D-469E-C1EA-F165BB85A330} - C:\PROGRA~1\mypoints\mypoints.dll (file missing)
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: MyPoints Toolbar - {4E7BD74F-2B8D-469E-C1EA-F165BB85A330} - C:\PROGRA~1\mypoints\mypoints.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Marty Casey Toolbar - {4E7BD74F-2B8D-469E-BEDC-CC39F0D3F960} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [wa7pcw] "C:\PROGRA~1\COMMON~1\WINANT~1\wa7pcw.exe" -c
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [wa7pcw] "C:\PROGRA~1\COMMON~1\WINANT~1\wa7pcw.exe" -c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://mypoints.worldwinner.com/game...amesLoader.cab
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.ma...ointsSetup.exe
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49.../blockwerx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} (Setup Class) - http://www.consumerinput.com.edgesui...le/dcainst.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23E3A619-1A6D-4F86-B261-27A2695D0220}: NameServer = 85.255.116.53,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{76FAC0DA-7DE3-4025-82BE-DB4E30A41508}: NameServer = 85.255.116.53,85.255.112.116
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8292 bytes

-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-11 18:27:22 0 d-------- C:\Program Files\Trend Micro
2008-06-11 17:58:06 68096 --a------ C:\WINDOWS\zip.exe
2008-06-11 17:58:06 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-11 17:58:06 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-11 17:58:06 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-11 17:58:06 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-11 17:58:06 98816 --a------ C:\WINDOWS\sed.exe
2008-06-11 17:58:06 80412 --a------ C:\WINDOWS\grep.exe
2008-06-11 17:58:06 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-02 16:59:54 0 d-------- C:\Documents and Settings\Donna\Application Data\AVGTOOLBAR
2008-06-02 15:19:09 0 d--h----- C:\$AVG8.VAULT$
2008-06-02 15:11:02 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-02 15:11:01 0 d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-06-02 15:10:30 0 d-------- C:\Program Files\AVG
2008-06-02 15:10:28 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-02 14:36:20 20480 --a------ C:\WINDOWS\system32\SysRestore.dll <Not Verified; Ascentive LLC; prjSysRestore>
2008-06-02 14:36:20 208896 --a------ C:\WINDOWS\system32\ConTest.dll <Not Verified; Ascentive; ConnectionTester>
2008-06-02 14:36:07 0 d-------- C:\Program Files\Ascentive


-- Find3M Report ---------------------------------------------------------------

2008-06-06 17:12:28 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-06-06 16:07:13 0 d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-06-06 13:07:03 1874 --a------ C:\WINDOWS\mozver.dat
2008-06-06 13:03:56 0 d-------- C:\Program Files\Yahoo!
2008-06-06 12:58:43 0 dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo!
2008-06-06 12:55:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-06 12:55:13 0 d-------- C:\Program Files\MySpace
2008-06-06 12:54:37 0 d-------- C:\Program Files\Java
2008-06-06 12:54:36 0 d-------- C:\Program Files\Common Files
2008-06-06 12:44:36 0 d-------- C:\Program Files\InterActual
2008-06-06 12:43:26 0 d-------- C:\Program Files\CyberLink
2008-06-06 12:43:17 0 d-------- C:\Program Files\DivX
2008-06-06 12:42:23 0 d-------- C:\Program Files\Windows NT
2008-06-05 15:44:28 0 d-------- C:\Program Files\LimeWire
2008-06-05 15:42:40 0 d-------- C:\Program Files\Incomplete
2008-06-05 15:23:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-06-05 13:23:46 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-02 15:58:40 0 d-------- C:\Program Files\AIM6


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-BEDC-CC39F0D3F960}]
02/14/2008 06:58 AM 1719296 --a------ C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C1EA-F165BB85A330}]
C:\PROGRA~1\mypoints\mypoints.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
06/02/2008 03:10 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-C1EA-F165BB85A330}"= C:\PROGRA~1\mypoints\mypoints.dll [ ]
"{4E7BD74F-2B8D-469E-BEDC-CC39F0D3F960}"= C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL [02/14/2008 06:58 AM 1719296]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [06/02/2008 03:10 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C1EA-F165BB85A330}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-BEDC-CC39F0D3F960}]
[HKEY_CLASSES_ROOT\prodegetoolbar663.PRODEGETOOLBAR663]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" []
"wa7pcw"="C:\PROGRA~1\COMMON~1\WINANT~1\wa7pcw.exe" []
"S3Trayp"="S3trayp.exe" [06/11/2007 03:15 AM C:\WINDOWS\system32\S3Trayp.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [10/30/2006 03:44 PM]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [11/16/2006 12:05 PM]
"RTHDCPL"="RTHDCPL.EXE" [12/18/2006 10:12 PM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 05:04 AM C:\WINDOWS\SkyTel.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/02/2008 03:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wa7pcw"="C:\PROGRA~1\COMMON~1\WINANT~1\wa7pcw.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 02:00 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/5/2008 1:24:07 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
~"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
C:\Program Files\outlook\outlook.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
C:\Program Files\Ascentive\Performance Center\APCMain.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
C:\Program Files\Digital Media Reader\readericon45G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirus Pro 2007]
C:\Program Files\WinAntiVirus Pro 2007\WinAv.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
~"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cdc2481-9a57-11da-8810-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81bb78bc-0676-11dd-8c72-001bfc20cc6a}]
AutoRun\command- J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d33fa3a5-a3c0-11da-8d87-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480




-- End of Deckard's System Scanner: finished at 2008-06-11 18:28:12 ------------

ComboFix 08-06-10.5 - Owner 2008-06-11 17:59:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.130 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\DriveCleaner
C:\Documents and Settings\All Users\Application Data\DriveCleaner\Data\Abbr
C:\Documents and Settings\All Users\Application Data\DriveCleaner\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\DriveCleaner\Data\CustomerEmail
C:\Documents and Settings\All Users\Application Data\DriveCleaner\Data\CustomerName
C:\Documents and Settings\All Users\Application Data\DriveCleaner\Data\OID
C:\Documents and Settings\All Users\Application Data\DriveCleaner\Data\PCID
C:\Documents and Settings\All Users\Application Data\DriveCleaner\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\DriveCleaner\Data\Suspicious
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\CustomerEmail
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\CustomerName
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\OID
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\PCID
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Suspicious
C:\Documents and Settings\Donna\Application Data\DriveCleaner
C:\Documents and Settings\Donna\Application Data\DriveCleaner\activator_info.txt
C:\Documents and Settings\Donna\Application Data\DriveCleaner\Logs\Activate.log
C:\Documents and Settings\Donna\Application Data\DriveCleaner\Logs\update.log
C:\Documents and Settings\Donna\Application Data\FunWebProducts
C:\Documents and Settings\Donna\Application Data\FunWebProducts\Data\Donna\avatar.dat
C:\Documents and Settings\Donna\Application Data\FunWebProducts\Data\Donna\register.dat
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007\activator_info.txt
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007\avtasks.dat
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007\history.db
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007\Logs\Activate.log
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007\Logs\trfilter.log
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007\Logs\update.log
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
C:\Documents and Settings\Donna\Application Data\WinAntiVirus Pro 2007\PGE.dat
C:\Documents and Settings\Donna\err.log
C:\Documents and Settings\Donna\ResErrors.log
C:\Documents and Settings\Guest\Application Data\DriveCleaner
C:\Documents and Settings\Guest\Application Data\DriveCleaner\Logs\update.log
C:\Documents and Settings\Guest\Application Data\WinAntiVirus Pro 2007
C:\Documents and Settings\Guest\Application Data\WinAntiVirus Pro 2007\avtasks.dat
C:\Documents and Settings\Guest\Application Data\WinAntiVirus Pro 2007\history.db
C:\Documents and Settings\Guest\Application Data\WinAntiVirus Pro 2007\Logs\trfilter.log
C:\Documents and Settings\Guest\Application Data\WinAntiVirus Pro 2007\Logs\update.log
C:\Documents and Settings\Guest\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\Documents and Settings\Guest\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
C:\Documents and Settings\Guest\Application Data\WinAntiVirus Pro 2007\PGE.dat
C:\Documents and Settings\Guest\err.log
C:\Documents and Settings\Guest\ResErrors.log
C:\Documents and Settings\Owner\Application Data\DriveCleaner Free
C:\Documents and Settings\Owner\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\Owner\Application Data\DriveCleaner
C:\Documents and Settings\Owner\Application Data\DriveCleaner\Logs\Activate.log
C:\Documents and Settings\Owner\Application Data\DriveCleaner\Logs\update.log
C:\Documents and Settings\Owner\err.log
C:\Documents and Settings\Owner\ResErrors.log
C:\Documents and Settings\Owner\Start Menu\XP Antivirus 2008
C:\Documents and Settings\Owner\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk
C:\Documents and Settings\Owner\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk
C:\Program Files\outlook
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com

.
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-11 09:21 . 2008-04-14 06:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 18:55 . 2008-06-06 18:55 <DIR> d-------- C:\Deckard
2008-06-02 16:59 . 2008-06-02 19:01 <DIR> d-------- C:\Documents and Settings\Donna\Application Data\AVGTOOLBAR
2008-06-02 15:19 . 2008-06-06 15:42 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-02 15:11 . 2008-06-11 09:19 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-02 15:11 . 2008-06-05 16:57 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-06-02 15:11 . 2008-06-02 15:11 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-02 15:11 . 2008-06-02 15:11 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-02 15:11 . 2008-06-02 15:11 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-02 15:10 . 2008-06-02 15:10 <DIR> d-------- C:\Program Files\AVG
2008-06-02 15:10 . 2008-06-02 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-02 14:36 . 2008-06-06 12:55 <DIR> d-------- C:\Program Files\Ascentive
2008-06-02 14:36 . 2008-04-29 13:14 208,896 --a------ C:\WINDOWS\system32\ConTest.dll
2008-06-02 14:36 . 2007-07-03 11:48 20,480 --a------ C:\WINDOWS\system32\SysRestore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 22:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2008-06-06 21:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\skypePM
2008-06-06 18:03 --------- d-----w C:\Program Files\Yahoo!
2008-06-06 17:58 --------- d--h--r C:\Documents and Settings\Owner\Application Data\yahoo!
2008-06-06 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-06-06 17:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-06 17:55 --------- d-----w C:\Program Files\MySpace
2008-06-06 17:54 --------- d-----w C:\Program Files\Java
2008-06-06 17:44 --------- d-----w C:\Program Files\InterActual
2008-06-06 17:43 --------- d-----w C:\Program Files\DivX
2008-06-06 17:43 --------- d-----w C:\Program Files\CyberLink
2008-06-06 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-06-05 20:44 --------- d-----w C:\Program Files\LimeWire
2008-06-05 20:42 --------- d-----w C:\Program Files\Incomplete
2008-06-05 18:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-02 20:58 --------- d-----w C:\Program Files\AIM6
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-23 01:17 --------- d-----w C:\Documents and Settings\Donna\Application Data\CyberLink
2008-04-14 11:01 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 00:51 116 ----a-w C:\Documents and Settings\Donna\Application Data\wklnhst.dat
2008-02-13 01:53 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-BEDC-CC39F0D3F960}]
2008-02-14 06:58 1719296 --a------ C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C1EA-F165BB85A330}]
C:\PROGRA~1\mypoints\mypoints.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4E7BD74F-2B8D-469E-C1EA-F165BB85A330}"= "C:\PROGRA~1\mypoints\mypoints.dll" [ ]
"{4E7BD74F-2B8D-469E-BEDC-CC39F0D3F960}"= "C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL" [2008-02-14 06:58 1719296]

[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c1ea-f165bb85a330}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-bedc-cc39f0d3f960}]
[HKEY_CLASSES_ROOT\prodegetoolbar663.PRODEGETOOLBAR663]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-C1EA-F165BB85A330}"= C:\PROGRA~1\mypoints\mypoints.dll [ ]
"{4E7BD74F-2B8D-469E-BEDC-CC39F0D3F960}"= C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL [2008-02-14 06:58 1719296]

[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c1ea-f165bb85a330}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-bedc-cc39f0d3f960}]
[HKEY_CLASSES_ROOT\prodegetoolbar663.PRODEGETOOLBAR663]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wa7pcw"="C:\PROGRA~1\COMMON~1\WINANT~1\wa7pcw.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [ ]
"wa7pcw"="C:\PROGRA~1\COMMON~1\WINANT~1\wa7pcw.exe" [ ]
"S3Trayp"="S3trayp.exe" [2007-06-11 03:15 176128 C:\WINDOWS\system32\S3Trayp.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 15:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-16 12:05 1953792]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-18 22:12 16062464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 05:04 2879488 C:\WINDOWS\SkyTel.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-02 15:10 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-05 13:24:07 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
~C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 23:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-09-18 11:32 7204864 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-09-18 11:32 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-09-18 11:32 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
C:\Program Files\outlook\outlook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
--a------ 2008-04-29 13:14 3239936 C:\Program Files\Ascentive\Performance Center\APCMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
--a------ 2005-08-27 08:09 139264 C:\Program Files\Digital Media Reader\readericon45G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirus Pro 2007]
C:\Program Files\WinAntiVirus Pro 2007\WinAv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
~C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\Open Canvas.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 06:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 06:39]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-02 15:11]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-02 15:10]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-02 15:10]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-02 15:11]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-07-23 06:54]
S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]
S3 s3chipid;s3chipid;C:\DOCUME~1\Owner\LOCALS~1\Temp\s3chipid.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cdc2481-9a57-11da-8810-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81bb78bc-0676-11dd-8c72-001bfc20cc6a}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d33fa3a5-a3c0-11da-8d87-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-08 00:35:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-05 20:00:03 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (SPARKY-Donna).job"
- c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 18:05:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-11 18:10:57
ComboFix-quarantined-files.txt 2008-06-11 23:10:29

Pre-Run: 81,592,266,752 bytes free
Post-Run: 82,122,924,032 bytes free

273 --- E O F --- 2008-06-11 19:30:11


Note: I'm not entirely sure I did this right, but hopefully it's correct. Let me know if I need to redo it or anything.
Ru-Shin is offline