Tech Support Forum - View Single Post - BSOD, IE and WoW closing randomly/bogus_driver, etc.

Dyclon55 · 08-14-2008, 05:56 PM

Combo Fix log:

ComboFix 08-08-14.01 - Ian 2008-08-14 19:36:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.607 [GMT -4:00]
Running from: C:\Documents and Settings\Ian\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ian\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Ian\Application Data\macromedia\Flash Player\#SharedObjects\T4WTGUKF\interclick.com
C:\Documents and Settings\Ian\Application Data\macromedia\Flash Player\#SharedObjects\T4WTGUKF\interclick.com\ud.sol
C:\Documents and Settings\Ian\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Ian\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Ian\Application Data\rhctphj0ecog
C:\Documents and Settings\Joe Keith\Application Data\macromedia\Flash Player\#SharedObjects\4UXSTWW6\interclick.com
C:\Documents and Settings\Joe Keith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Joe Keith\Application Data\rhctphj0ecog
C:\Documents and Settings\LocalService\Application Data\wsnpoem
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\NetworkService\Application Data\wsnpoem
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\Wyatt Keith\Application Data\macromedia\Flash Player\#SharedObjects\NQ3XJTSR\interclick.com
C:\Documents and Settings\Wyatt Keith\Application Data\macromedia\Flash Player\#SharedObjects\NQ3XJTSR\interclick.com\ud.sol
C:\Documents and Settings\Wyatt Keith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Wyatt Keith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\system32\blphcpphj0ecog.scr
C:\WINDOWS\system32\ctfmonb.bmp
C:\WINDOWS\system32\phcpphj0ecog.bmp
C:\WINDOWS\system32\pphcpphj0ecog.exe
C:\WINDOWS\system32\shell31.dll
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\audio.dll.cla
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\wiaservb.log
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TCPSR
-------\Service_tcpsr

((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.

2008-08-14 13:44 . 2008-08-14 15:43 <DIR> d-------- C:\Documents and Settings\Wyatt Keith\Application Data\Ventrilo
2008-08-14 03:28 . 2008-06-23 12:57 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-14 03:28 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-14 03:28 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-14 03:28 . 2008-06-23 12:57 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-14 03:28 . 2008-06-23 12:57 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-14 03:28 . 2008-06-23 12:57 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-14 03:28 . 2008-06-23 12:57 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-14 03:28 . 2008-06-23 12:57 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-14 03:28 . 2008-06-23 05:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-14 00:06 . 2008-08-14 00:06 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-14 00:06 . 2008-08-14 00:06 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-14 00:06 . 2008-08-14 00:06 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-14 00:06 . 2008-08-14 00:06 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-14 00:02 . 2008-08-14 00:08 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-13 23:43 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-13 23:42 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-13 23:41 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-08-13 23:41 . 2008-04-13 20:11 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-08-13 23:41 . 2008-04-13 20:11 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-08-13 23:41 . 2008-04-13 20:11 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-08-13 23:41 . 2008-04-13 20:11 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-08-13 23:41 . 2008-04-13 20:11 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-08-13 23:41 . 2008-04-13 20:11 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-08-13 23:41 . 2008-04-13 20:11 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-08-13 16:55 . 2008-08-13 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-08-13 16:38 . 2008-08-13 16:55 <DIR> d-------- C:\Documents and Settings\Ian\Application Data\Uniblue
2008-08-13 16:37 . 2008-08-13 16:55 <DIR> d-------- C:\Program Files\Uniblue
2008-08-13 16:26 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 16:26 . 2008-05-01 10:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 03:29 . 2008-08-13 03:29 <DIR> d-------- C:\Program Files\AIM Search
2008-08-13 03:29 . 2008-08-13 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-08-13 03:28 . 2008-08-13 03:29 <DIR> d-------- C:\Program Files\AIM6
2008-08-13 01:40 . 2008-08-13 03:10 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-08-13 01:38 . 2008-08-13 01:38 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-08-12 18:14 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-12 18:13 . 2008-08-12 18:13 <DIR> d-------- C:\Program Files\Panda Security
2008-08-12 18:04 . 2008-08-12 18:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-12 17:49 . 2008-08-12 17:49 <DIR> d-------- C:\ie-spyad_zo
2008-08-12 17:43 . 2008-08-12 20:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-12 17:42 . 2008-08-12 17:46 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-11 13:46 . 2008-08-11 13:46 <DIR> d-------- C:\Documents and Settings\Joe Keith\Application Data\MSNInstaller
2008-08-11 13:41 . 2008-08-11 13:41 2 --a------ C:\WINDOWS\msoffice.ini
2008-08-09 14:41 . 2008-08-09 14:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-09 01:10 . 2008-08-09 01:10 <DIR> d---s---- C:\WINDOWS\system32\config\systemprofile\Temporary Internet Files
2008-08-09 01:10 . 2008-08-09 01:10 <DIR> d---s---- C:\WINDOWS\system32\config\systemprofile\History
2008-08-09 01:09 . 2008-08-09 11:40 10,000 --a------ C:\WINDOWS\system32\jdsfg8w3jedf.dll
2008-08-09 01:09 . 2008-08-09 01:09 0 --a------ C:\WINDOWS\system32\lich.dat
2008-08-04 00:24 . 2008-08-04 00:24 <DIR> d-------- C:\Program Files\iPod
2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll
2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat
2008-07-23 05:03 . 2008-07-23 05:03 <DIR> d-------- C:\Documents and Settings\Ian\Application Data\alot
2008-07-21 18:34 . 2008-07-21 18:34 121,872 --a------ C:\WINDOWS\system32\drivers\kl1.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 23:40 565,280 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-14 23:40 27,452 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-14 23:40 142,844 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-14 23:40 10,639,136 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-14 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-13 23:37 --------- d-----w C:\Program Files\Microsoft Games
2008-08-13 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-13 07:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-08-13 05:34 --------- d-----w C:\Program Files\World of Warcraft
2008-08-13 00:54 147,456 ----a-w C:\Program Files\mDNSResponder
2008-08-12 21:23 --------- d-----w C:\Program Files\WildTangent
2008-08-11 17:48 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-11 17:42 --------- d-----w C:\Documents and Settings\Wyatt Keith\Application Data\AOL
2008-08-11 17:42 --------- d-----w C:\Documents and Settings\Joe Keith\Application Data\AOL
2008-08-11 15:39 --------- d-----w C:\Documents and Settings\Joe Keith\Application Data\Ventrilo
2008-08-11 15:38 --------- d-----w C:\Program Files\DivX
2008-08-11 06:41 --------- d-----w C:\Program Files\RGB
2008-08-09 21:28 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-09 18:52 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-09 18:52 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-04 04:24 --------- d-----w C:\Program Files\iTunes
2008-07-26 20:58 --------- d-----w C:\Documents and Settings\Joe Keith\Application Data\alot
2008-07-25 21:39 --------- d-----w C:\Documents and Settings\Ian\Application Data\Apple Computer
2008-07-14 21:31 --------- d-----w C:\Program Files\QuickTime
2008-07-13 01:20 144 ----a-w C:\domains.dat
2008-06-26 06:28 --------- d-----w C:\Documents and Settings\Ian\Application Data\TeamViewer
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-09-15 16:02 51,418,424 ----a-w C:\Program Files\iTunesSetup.exe
2007-07-26 01:45 811,436 ----a-w C:\Program Files\WoW-2.1.3.6898-to-0.2.0.6932-enUS-downloader.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 04:00 7585792]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 01:58 458752]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 19:02 40960]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 20:20 206088]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 15:09:32 73728]

C:\Documents and Settings\Wyatt Keith\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 15:09:32 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cks00.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ian^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\Ian\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Joe Keith^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\Joe Keith\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 16:35 67112 C:\PROGRA~1\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-08-06 11:21 50472 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-06 00:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 19:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 19:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-18 04:00 7585792 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-18 04:00 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-06-19 14:33 163840 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
--------- 2005-10-11 13:23 1187840 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 16:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-04-01 01:01 761946 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2008-07-23 14:05 1927448 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
--a------ 2008-05-02 15:15 1424648 C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-06-01 20:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
--a------ 2008-04-13 20:11 177152 C:\WINDOWS\system32\mqrt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-18 04:00 1617920 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"Vongo Service"=2 (0x2)
"PnkBstrA"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-enUS-downloader.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\regsvr32.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2009\\avp.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]
S0 Cks00;Cks00;C:\WINDOWS\system32\Drivers\Cks00.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-13 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [2008-05-02 15:15]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
ShellIconOverlayIdentifiers-{EA3775F2-28BE-11D3-9C8D-00105A24ED29} - (no file)
MSConfigStartUp-AOL Fast Start - C:\Program Files\America Online 9.0\AOL.EXE
MSConfigStartUp-AppleSyncNotifier - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-kdfzf - C:\WINDOWS\system32\kdfzf.exe
MSConfigStartUp-ctfmona - C:\WINDOWS\system32\ctfmona.exe
MSConfigStartUp-iexplorer - C:\WINDOWS\iexplorer.exe
MSConfigStartUp-Jnskdfmf9eldfd - C:\DOCUME~1\Ian\LOCALS~1\Temp\csrssc.exe
MSConfigStartUp-McAfeeUpdaterUI - C:\Program Files\McAfee\Common Framework\UdaterUI.exe
MSConfigStartUp-ShStatEXE - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\x762f1f9.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 19:42:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????\??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-08-14 19:45:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-14 23:45:45

Pre-Run: 23,766,757,376 bytes free
Post-Run: 23,993,536,512 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

315 --- E O F --- 2008-08-13 23:24:03

Add-Remove program text:

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Search --> C:\Program Files\AIM Search\uninstaller.exe AIM Search
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157) -->
Hotfix for Windows Media Player 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287) --> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP QuickPlay 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0031 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13BCF6CB-2F54-4962-9B11-32F07048ACF3}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Kaspersky Anti-Virus 2009 --> MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009 --> MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs --> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs --> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB09F05F-85C6-4205-B28D-5BF071D276C3}\setup.exe" -l0x9
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838) --> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648) --> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759) --> "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974) --> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066) --> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954) --> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838) --> "C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839) --> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TourSetup --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpyEraser --> "C:\Program Files\Uniblue\SpyEraser\unins000.exe"
Update for Windows Media Player 10 (KB910393) --> "C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800) --> "C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251) --> "C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2) --> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978) --> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{85DD724B-15E5-4572-81BF-CF9031D83848}
Vongo --> MsiExec.exe /I{DB7E00C9-6DEF-489A-8112-D8F81614F45A}
Windows Genuine Advantage Notifications (KB905474) -->
Windows Genuine Advantage Validation Tool (KB892130) -->
Windows Genuine Advantage Validation Tool (KB892130) -->
Windows Internet Explorer 7 --> "C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11 --> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11 --> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\Setup.exe" -l0x9 -removeonly
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

New Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:37 PM, on 8/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5246 bytes

08-14-2008, 05:56 PM	#5 (permalink)
Dyclon55 Registered User Join Date: Aug 2008 Posts: 14 OS: Xp, SP2	Re: BSOD, IE and WoW closing randomly/bogus_driver, etc. Combo Fix log: ComboFix 08-08-14.01 - Ian 2008-08-14 19:36:24.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.607 [GMT -4:00] Running from: C:\Documents and Settings\Ian\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Ian\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk C:\Documents and Settings\Ian\Application Data\macromedia\Flash Player\#SharedObjects\T4WTGUKF\interclick.com C:\Documents and Settings\Ian\Application Data\macromedia\Flash Player\#SharedObjects\T4WTGUKF\interclick.com\ud.sol C:\Documents and Settings\Ian\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Ian\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Ian\Application Data\rhctphj0ecog C:\Documents and Settings\Joe Keith\Application Data\macromedia\Flash Player\#SharedObjects\4UXSTWW6\interclick.com C:\Documents and Settings\Joe Keith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Joe Keith\Application Data\rhctphj0ecog C:\Documents and Settings\LocalService\Application Data\wsnpoem C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll C:\Documents and Settings\NetworkService\Application Data\wsnpoem C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll C:\Documents and Settings\Wyatt Keith\Application Data\macromedia\Flash Player\#SharedObjects\NQ3XJTSR\interclick.com C:\Documents and Settings\Wyatt Keith\Application Data\macromedia\Flash Player\#SharedObjects\NQ3XJTSR\interclick.com\ud.sol C:\Documents and Settings\Wyatt Keith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Wyatt Keith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\WINDOWS\iexplorer.exe C:\WINDOWS\system32\blphcpphj0ecog.scr C:\WINDOWS\system32\ctfmonb.bmp C:\WINDOWS\system32\phcpphj0ecog.bmp C:\WINDOWS\system32\pphcpphj0ecog.exe C:\WINDOWS\system32\shell31.dll C:\WINDOWS\system32\wsnpoem C:\WINDOWS\system32\wsnpoem\audio.dll C:\WINDOWS\system32\wsnpoem\audio.dll.cla C:\WINDOWS\system32\wsnpoem\video.dll C:\WINDOWS\wiaservb.log D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TCPSR -------\Service_tcpsr ((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 ))))))))))))))))))))))))))))))) . 2008-08-14 13:44 . 2008-08-14 15:43 <DIR> d-------- C:\Documents and Settings\Wyatt Keith\Application Data\Ventrilo 2008-08-14 03:28 . 2008-06-23 12:57 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-08-14 03:28 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-08-14 03:28 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-08-14 03:28 . 2008-06-23 12:57 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-08-14 03:28 . 2008-06-23 12:57 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-08-14 03:28 . 2008-06-23 12:57 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-08-14 03:28 . 2008-06-23 12:57 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-08-14 03:28 . 2008-06-23 12:57 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-08-14 03:28 . 2008-06-23 05:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-08-14 00:06 . 2008-08-14 00:06 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-14 00:06 . 2008-08-14 00:06 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-14 00:06 . 2008-08-14 00:06 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-14 00:06 . 2008-08-14 00:06 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-14 00:02 . 2008-08-14 00:08 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-13 23:43 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll 2008-08-13 23:42 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2008-08-13 23:41 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll 2008-08-13 23:41 . 2008-04-13 20:11 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll 2008-08-13 23:41 . 2008-04-13 20:11 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll 2008-08-13 23:41 . 2008-04-13 20:11 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll 2008-08-13 23:41 . 2008-04-13 20:11 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll 2008-08-13 23:41 . 2008-04-13 20:11 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll 2008-08-13 23:41 . 2008-04-13 20:11 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll 2008-08-13 23:41 . 2008-04-13 20:11 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll 2008-08-13 16:55 . 2008-08-13 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2008-08-13 16:38 . 2008-08-13 16:55 <DIR> d-------- C:\Documents and Settings\Ian\Application Data\Uniblue 2008-08-13 16:37 . 2008-08-13 16:55 <DIR> d-------- C:\Program Files\Uniblue 2008-08-13 16:26 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 16:26 . 2008-05-01 10:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-13 03:29 . 2008-08-13 03:29 <DIR> d-------- C:\Program Files\AIM Search 2008-08-13 03:29 . 2008-08-13 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore 2008-08-13 03:28 . 2008-08-13 03:29 <DIR> d-------- C:\Program Files\AIM6 2008-08-13 01:40 . 2008-08-13 03:10 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-08-13 01:38 . 2008-08-13 01:38 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-08-12 18:14 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-08-12 18:13 . 2008-08-12 18:13 <DIR> d-------- C:\Program Files\Panda Security 2008-08-12 18:04 . 2008-08-12 18:04 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-12 17:49 . 2008-08-12 17:49 <DIR> d-------- C:\ie-spyad_zo 2008-08-12 17:43 . 2008-08-12 20:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-12 17:42 . 2008-08-12 17:46 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-08-11 13:46 . 2008-08-11 13:46 <DIR> d-------- C:\Documents and Settings\Joe Keith\Application Data\MSNInstaller 2008-08-11 13:41 . 2008-08-11 13:41 2 --a------ C:\WINDOWS\msoffice.ini 2008-08-09 14:41 . 2008-08-09 14:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-08-09 01:10 . 2008-08-09 01:10 <DIR> d---s---- C:\WINDOWS\system32\config\systemprofile\Temporary Internet Files 2008-08-09 01:10 . 2008-08-09 01:10 <DIR> d---s---- C:\WINDOWS\system32\config\systemprofile\History 2008-08-09 01:09 . 2008-08-09 11:40 10,000 --a------ C:\WINDOWS\system32\jdsfg8w3jedf.dll 2008-08-09 01:09 . 2008-08-09 01:09 0 --a------ C:\WINDOWS\system32\lich.dat 2008-08-04 00:24 . 2008-08-04 00:24 <DIR> d-------- C:\Program Files\iPod 2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll 2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat 2008-07-23 05:03 . 2008-07-23 05:03 <DIR> d-------- C:\Documents and Settings\Ian\Application Data\alot 2008-07-21 18:34 . 2008-07-21 18:34 121,872 --a------ C:\WINDOWS\system32\drivers\kl1.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-14 23:40 565,280 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-08-14 23:40 27,452 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-08-14 23:40 142,844 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-14 23:40 10,639,136 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-14 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-08-13 23:37 --------- d-----w C:\Program Files\Microsoft Games 2008-08-13 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-08-13 07:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-08-13 05:34 --------- d-----w C:\Program Files\World of Warcraft 2008-08-13 00:54 147,456 ----a-w C:\Program Files\mDNSResponder 2008-08-12 21:23 --------- d-----w C:\Program Files\WildTangent 2008-08-11 17:48 --------- d-----w C:\Program Files\Common Files\AOL 2008-08-11 17:42 --------- d-----w C:\Documents and Settings\Wyatt Keith\Application Data\AOL 2008-08-11 17:42 --------- d-----w C:\Documents and Settings\Joe Keith\Application Data\AOL 2008-08-11 15:39 --------- d-----w C:\Documents and Settings\Joe Keith\Application Data\Ventrilo 2008-08-11 15:38 --------- d-----w C:\Program Files\DivX 2008-08-11 06:41 --------- d-----w C:\Program Files\RGB 2008-08-09 21:28 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-08-09 18:52 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-08-09 18:52 --------- d-----w C:\Program Files\Kaspersky Lab 2008-08-04 04:24 --------- d-----w C:\Program Files\iTunes 2008-07-26 20:58 --------- d-----w C:\Documents and Settings\Joe Keith\Application Data\alot 2008-07-25 21:39 --------- d-----w C:\Documents and Settings\Ian\Application Data\Apple Computer 2008-07-14 21:31 --------- d-----w C:\Program Files\QuickTime 2008-07-13 01:20 144 ----a-w C:\domains.dat 2008-06-26 06:28 --------- d-----w C:\Documents and Settings\Ian\Application Data\TeamViewer 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2007-09-15 16:02 51,418,424 ----a-w C:\Program Files\iTunesSetup.exe 2007-07-26 01:45 811,436 ----a-w C:\Program Files\WoW-2.1.3.6898-to-0.2.0.6932-enUS-downloader.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 04:00 7585792] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 01:58 458752] "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 19:02 40960] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 20:20 206088] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 15:09:32 73728] C:\Documents and Settings\Wyatt Keith\Start Menu\Programs\Startup\ Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 15:09:32 73728] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cks00.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Ian^Start Menu^Programs^StartUp^Vongo Tray.lnk] path=C:\Documents and Settings\Ian\Start Menu\Programs\StartUp\Vongo Tray.lnk backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Joe Keith^Start Menu^Programs^StartUp^Vongo Tray.lnk] path=C:\Documents and Settings\Joe Keith\Start Menu\Programs\StartUp\Vongo Tray.lnk backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] --a------ 2006-08-01 16:35 67112 C:\PROGRA~1\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] --a------ 2008-08-06 11:21 50472 C:\Program Files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-08-06 00:56 64512 C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-02-16 23:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 19:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 19:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-08-18 04:00 7585792 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-08-18 04:00 86016 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] --a------ 2006-06-19 14:33 163840 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard] --------- 2005-10-11 13:23 1187840 C:\WINDOWS\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-11-09 16:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-04-01 01:01 761946 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] --a------ 2008-07-23 14:05 1927448 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser] --a------ 2008-05-02 15:15 1424648 C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --a------ 2006-06-01 20:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert] --a------ 2008-04-13 20:11 177152 C:\WINDOWS\system32\mqrt.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-08-18 04:00 1617920 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=2 (0x2) "Vongo Service"=2 (0x2) "PnkBstrA"=2 (0x2) "AOL ACS"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\mqsvc.exe"= "C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe"= "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-enUS-downloader.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\kav\\kav7\\setup.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\regsvr32.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2009\\avp.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29] R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06] S0 Cks00;Cks00;C:\WINDOWS\system32\Drivers\Cks00.sys [] . Contents of the 'Scheduled Tasks' folder 2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-08-13 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [2008-05-02 15:15] . - - - - ORPHANS REMOVED - - - - URLSearchHooks-HookURL - (no file) URLSearchHooks-Rank - (no file) ShellIconOverlayIdentifiers-{EA3775F2-28BE-11D3-9C8D-00105A24ED29} - (no file) MSConfigStartUp-AOL Fast Start - C:\Program Files\America Online 9.0\AOL.EXE MSConfigStartUp-AppleSyncNotifier - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe MSConfigStartUp-kdfzf - C:\WINDOWS\system32\kdfzf.exe MSConfigStartUp-ctfmona - C:\WINDOWS\system32\ctfmona.exe MSConfigStartUp-iexplorer - C:\WINDOWS\iexplorer.exe MSConfigStartUp-Jnskdfmf9eldfd - C:\DOCUME~1\Ian\LOCALS~1\Temp\csrssc.exe MSConfigStartUp-McAfeeUpdaterUI - C:\Program Files\McAfee\Common Framework\UdaterUI.exe MSConfigStartUp-ShStatEXE - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\x762f1f9.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query= FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-14 19:42:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????\??????Y?@?????<?@ scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe . ************************************************************************ . Completion time: 2008-08-14 19:45:50 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-14 23:45:45 Pre-Run: 23,766,757,376 bytes free Post-Run: 23,993,536,512 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 315 --- E O F --- 2008-08-13 23:24:03 Add-Remove program text: --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe" Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002} AIM 6 --> C:\Program Files\AIM6\uninst.exe AIM Search --> C:\Program Files\AIM Search\uninstaller.exe AIM Search AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM= Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 10 (KB903157) --> Hotfix for Windows Media Player 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287) --> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Quick Launch Buttons 6.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst HP QuickPlay 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134} HP User Guides 0031 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13BCF6CB-2F54-4962-9B11-32F07048ACF3}\Setup.exe" -l0x9 -removeonly HP Wireless Assistant 2.00 G2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe iTunes --> MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E} J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Kaspersky Anti-Virus 2009 --> MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A} Kaspersky Anti-Virus 2009 --> MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A} Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46} Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B} Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs --> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs --> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13} muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB09F05F-85C6-4205-B28D-5BF071D276C3}\setup.exe" -l0x9 NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726} Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks\|RealPlayer\|6.0 Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838) --> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648) --> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950759) --> "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974) --> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066) --> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954) --> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953838) --> "C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839) --> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E} SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C} SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe TourSetup --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708} Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe" Uniblue SpyEraser --> "C:\Program Files\Uniblue\SpyEraser\unins000.exe" Update for Windows Media Player 10 (KB910393) --> "C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe" Update for Windows Media Player 10 (KB913800) --> "C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe" Update for Windows Media Player 10 (KB926251) --> "C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2) --> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978) --> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update Rollup 2 for Windows XP Media Center Edition 2005 --> Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Ventrilo Server --> MsiExec.exe /I{85DD724B-15E5-4572-81BF-CF9031D83848} Vongo --> MsiExec.exe /I{DB7E00C9-6DEF-489A-8112-D8F81614F45A} Windows Genuine Advantage Notifications (KB905474) --> Windows Genuine Advantage Validation Tool (KB892130) --> Windows Genuine Advantage Validation Tool (KB892130) --> Windows Internet Explorer 7 --> "C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format 11 runtime --> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11 --> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11 --> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\Setup.exe" -l0x9 -removeonly World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe New Hijackthis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:55:37 PM, on 8/14/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5246 bytes