Panda worked, kaspersky would not - something about Java 1.5 or higher. I verified Java and it's up to date?
1. CMD PATH results:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Owner>path
PATH=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Prog
ram Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adobe
\AGL;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Pinnacle\Shared Files;
C:\Program Files\Pinnacle\Shared Files\Filter
C:\Documents and Settings\Owner>
_________________________________________________________
2. ComboFix / CFScript results below. Errors occurred - <.....attrib.exe not a valid Win32 application....>, then <...cannot find attrib.cfexe...>:
ComboFix 08-08-15.04 - Owner 2008-08-19 21:46:37.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1652 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))
.
2008-08-19 21:44 . 2008-08-19 21:45 <DIR> d-------- C:\327882R2FWJFW
2008-08-15 19:05 . 2008-08-15 19:10 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-15 17:57 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-03 12:09 . 2008-08-03 12:09 <DIR> d-------- C:\Program Files\Western Digital
2008-08-03 03:09 . 2008-04-14 05:42 2,843,136 --a------ C:\WINDOWS\system32\SET326.tmp
2008-08-03 03:08 . 2008-04-14 05:42 713,216 --a------ C:\WINDOWS\system32\SET196.tmp
2008-08-03 03:03 . 2004-08-04 03:56 4,256,768 --a------ C:\WINDOWS\system32\dllcache\wmm2res.dll
2008-08-03 03:02 . 2007-10-25 23:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-08-02 20:24 . 2008-08-02 20:24 <DIR> d-------- C:\Program Files\Panda Security
2008-08-02 20:24 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-02 18:52 . 2008-08-02 18:52 <DIR> d-------- C:\WINDOWS\system32\dll
2008-08-02 17:59 . 2008-04-14 05:41 1,082,368 --a------ C:\WINDOWS\system32\SET38F.tmp
2008-08-02 17:58 . 2008-04-14 05:42 2,843,136 --a------ C:\WINDOWS\system32\SET2E5.tmp
2008-08-02 17:57 . 2008-04-14 05:42 713,216 --a------ C:\WINDOWS\system32\SET1D5.tmp
2008-08-02 17:51 . 2004-08-04 02:00 71,040 --------- C:\WINDOWS\system32\drivers\_003977_.tmp.dll
2008-08-02 16:22 . 2008-08-03 03:46 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-02 14:34 . 2008-08-02 15:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-08-02 14:05 . 2008-08-02 14:05 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-07-27 19:37 . 2008-07-27 19:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-27 19:37 . 2008-08-03 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-27 12:25 . 2008-08-16 08:15 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-27 12:22 . 2008-08-15 17:02 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-27 12:22 . 2008-07-27 12:22 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-27 12:22 . 2008-07-27 12:22 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-27 12:22 . 2008-07-27 12:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-27 12:21 . 2008-07-27 12:21 <DIR> d-------- C:\Program Files\AVG
2008-07-27 12:21 . 2008-07-27 12:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-24 23:04 . 2008-07-24 23:04 <DIR> d-------- C:\Deckard
2008-07-24 22:14 . 2004-02-12 20:59 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-24 20:22 . 2008-07-24 20:23 <DIR> d-------- C:\Webstar Cable Modem Drivers
2008-07-23 23:38 . 2008-07-23 23:38 <DIR> d-------- C:\Program Files\PerformanceTest
2008-07-23 22:31 . 2008-07-23 22:31 <DIR> d-------- C:\Program Files\WinImage
2008-07-21 23:06 . 2008-07-22 00:54 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-20 21:39 . 2008-07-20 21:39 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-07-20 21:08 . 2008-07-20 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-07-20 21:05 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-07-20 21:05 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-07-20 21:05 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-07-20 21:05 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-07-20 21:05 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-07-20 21:05 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-07-20 21:05 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-07-20 20:58 . 2008-07-20 20:58 <DIR> d-------- C:\WINDOWS\Logs
2008-07-20 17:31 . 2008-07-20 17:31 331 --a------ C:\WINDOWS\doom3.ini
2008-07-20 14:04 . 2008-07-20 14:04 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 00:47 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-05 02:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-08-03 17:19 --------- d-----w C:\Program Files\Java
2008-08-03 17:15 --------- d-----w C:\Program Files\iConcepts Photo Frame
2008-08-03 16:23 --------- d-----w C:\Program Files\Canon Creative
2008-08-03 16:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 05:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-03 05:38 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-03 00:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-03 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-03 00:02 --------- d-----w C:\Program Files\CopyToDVD
2008-08-02 23:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Corel
2008-08-02 23:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-08-02 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Borland
2008-08-02 23:42 --------- d-----w C:\Program Files\ItsDeductibleEX
2008-08-02 18:19 --------- d-----w C:\Program Files\MSN Encarta Plus
2008-08-02 18:15 --------- d-----w C:\Program Files\Downloads
2008-08-02 17:32 --------- d-----w C:\Program Files\Bonjour
2008-07-20 21:30 --------- d-----w C:\Program Files\Doom 3
2008-07-15 23:42 --------- d-----w C:\Program Files\HP
2008-07-14 16:32 --------- d-----w C:\Program Files\Quick Screen Capture
2008-07-12 22:01 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-12 21:54 --------- d-----w C:\Program Files\Windows Messaging
2008-07-12 21:54 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-12 16:41 --------- d-----w C:\Program Files\iTunes
2008-07-12 16:41 --------- d-----w C:\Program Files\iPod
2008-07-12 16:38 --------- d-----w C:\Program Files\QuickTime
2008-07-01 17:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\CopyToDvd
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-28 19:51 88 --sh--r C:\Documents and Settings\All Users\Application Data\A814ACFD49.sys
2008-05-28 19:51 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-04-23 19:08 353,840 ----a-w C:\Program Files\RealPlayer11GOLD.exe
2007-01-14 23:36 105,143,305 -c--a-w C:\Program Files\SonicDVDitProv6_SST.exe
2007-01-14 23:29 721,507 ----a-w C:\Program Files\RNPatch72.exe
2006-09-03 22:38 345,068,035 ----a-w C:\Program Files\Photoshop_CS2.exe
2005-03-18 13:47 3,409 -c--a-w C:\Program Files\scan.dat
2005-03-17 22:34 512 ----a-w C:\Program Files\data2.cab
2005-03-17 22:34 29,760 -c--a-w C:\Program Files\layout.bin
2005-03-17 22:34 236,953 -c--a-w C:\Program Files\data1.hdr
2005-03-17 22:33 397 -c--a-w C:\Program Files\setup.ini
2005-03-17 22:33 342,212 ----a-w C:\Program Files\setup.boot
2005-03-17 22:33 299,375 -c--a-w C:\Program Files\setup.inx
2005-03-17 22:33 2,349,117 -c--a-w C:\Program Files\data1.cab
2005-03-17 17:33 46,648 -c--a-w C:\Program Files\fditxf.1ph
2005-03-17 17:33 34,585 -c--a-w C:\Program Files\comfed.1ph
2005-03-17 17:33 27,320 -c--a-w C:\Program Files\fdiimb.1ph
2005-03-17 17:33 12,538 -c--a-w C:\Program Files\fdiofx.1ph
2005-02-21 20:15 28,672 ----a-w C:\Documents and Settings\Owner\atwbxdet.dll
2004-10-25 15:11 80,161 -c--a-w C:\Program Files\bustax.thp
2004-10-25 15:06 60,591 -c--a-w C:\Program Files\bustax.scd
2004-10-25 13:55 54,232 -c--a-w C:\Program Files\tax.thp
2004-10-25 13:55 13,248 -c--a-w C:\Program Files\tax.scd
2004-10-07 13:58 49,142 ----a-w C:\Program Files\license.txt
2004-09-17 19:59 114,688 ----a-w C:\Program Files\autorun.exe
2004-09-17 18:04 7,406 -c--a-w C:\Program Files\ttax.ico
2004-09-17 18:03 142 -c--a-w C:\Program Files\autorun.ini
2004-07-17 13:57 63,499 ----a-w C:\Documents and Settings\Owner\setup.exe
2004-01-30 14:32 20,480 -c--a-w C:\Program Files\cdrun.exe
2003-02-27 21:16 420,432 -c--a-w C:\Program Files\engine32.cab
2002-12-02 20:33 107,512 -c--a-w C:\Program Files\Setup.exe
2002-05-01 21:01 695 -c--a-w C:\Program Files\os.dat
2004-12-30 15:51 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot_2008-08-17_16.04.35.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-20 00:47:18 1,502 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{2E82A502-7BDC-41FF-966F-167CA6353DF2}.bin
- 2008-08-15 00:43:35 65,044 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-17 22:52:55 65,044 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-15 00:43:36 410,574 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-17 22:52:55 410,574 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 23:13 98304]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 10:14 188416]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-27 12:21 1232152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.14.lnk]
backup=C:\WINDOWS\pss\Wireless Configuration Utility HW.14.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2006-04-02 21:07 389120 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 20:04 52736 c:\WINDOWS\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-23 15:11 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2007-10-22 09:58 1885464 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-08-03 06:12 577536 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-27 12:22]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-27 12:22]
R2 PD91Agent;PD91Agent;C:\Program Files\PerfectDisk2008\PD91Agent.exe [2008-04-16 13:00]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-01-02 03:12]
S2 portD;ABS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys [2003-03-19 10:28]
S3 PD91Engine;PD91Engine;C:\Program Files\PerfectDisk2008\PD91Engine.exe [2008-04-16 13:00]
S3 PD91VMDefrag;PD91VMDefrag;C:\Program Files\PerfectDisk2008\PD91VMDefrag.exe [2008-02-29 10:44]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-12-11 07:18]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 10:57]
S4 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-27 12:21]
S4 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-27 12:21]
.
Contents of the 'Scheduled Tasks' folder
2008-08-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-08-16 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [2007-12-03 10:55]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-08-20 00:15:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-08-20 0:21:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-20 04:21:15
ComboFix2.txt 2008-08-17 20:05:20
ComboFix3.txt 2008-08-15 00:47:13
ComboFix4.txt 2008-02-17 15:03:51
Pre-Run: 65,480,863,744 bytes free
Post-Run: 65,472,417,792 bytes free
224 --- E O F --- 2008-08-20 00:47:08
______________________________________________________________
3. two logs attached for Panda, one with AVG active and one with it disabled.
_____________________________________________________________
4. Kaspersky did not run - Java version error?
____________________________________________________________
5. PEEK log:
----a-w 10,752 2004-02-12 04:05:00 C:\WINDOWS\system32\clb.dll
-c--a-w 10,752 2004-02-12 04:05:00 C:\WINDOWS\system32\dllcache\clb.dll
Entries: 2 (2)
Directories: 0 Files: 2
Bytes: 21,504 Blocks: 42
-c--a-w 110,080 2005-07-26 04:20:23 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll
-c----w 110,080 2004-03-06 02:16:10 C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll
-c----w 100,864 2004-02-12 04:05:00 C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll
-c----w 110,080 2004-08-04 07:56:41 C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll
-c----w 110,080 2004-08-04 07:56:41 C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll
----a-w 110,592 2008-04-14 00:11:50 C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\clbcatex.dll
----a-w 110,080 2005-07-26 04:39:43 C:\WINDOWS\system32\clbcatex.dll
Entries: 7 (7)
Directories: 0 Files: 7
Bytes: 761,856 Blocks: 1,488
-c--a-w 498,688 2005-07-26 04:20:24 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll
-c----w 499,712 2004-03-06 02:16:11 C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll
-c----w 468,480 2004-02-12 04:05:00 C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll
-c----w 501,248 2004-08-04 07:56:41 C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll
-c----w 501,248 2004-08-04 07:56:41 C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll
----a-w 498,688 2008-04-14 00:11:50 C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\clbcatq.dll
----a-w 498,688 2005-07-26 04:39:43 C:\WINDOWS\system32\clbcatq.dll
Entries: 7 (7)
Directories: 0 Files: 7
Bytes: 3,466,752 Blocks: 6,771
Total Entries: 16 (16)
Total Directories: 0 Files: 16
Total Bytes: 4,250,112 Blocks: 8,301
________________________________________________________________
6. Fresh Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:02 AM, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
http://support2.charter.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) -
http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} -
http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.co...?1093930840796
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1124160269328
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\PerfectDisk2008\PD91Engine.exe
O23 - Service: PD91VMDefrag - Raxco Software, Inc. - C:\Program Files\PerfectDisk2008\PD91VMDefrag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 5519 bytes
_____________________________________________________________
COMPLETE